12 Miss. Code. R. 4-2.11 - Development/Hosting Options and Ultimate Responsibility for PCI-DSS and Fines and Penalties
A. Through a
contracted partnership with NIC and Mississippi Interactive (MSI), DFA now
provides payment processing services through RFP 3564, Project Number 37577,
Statement Of Work 001, Payment Processor Solution. MSI/NIC is the official
"Merchant of Record" for payments processed online through the Common Checkout
Page (CCP) and Transaction Processing Engine (TPE), reducing the PCI-DSS
compliance responsibility for the State of Mississippi by locating the software
and hardware for payment processing at NIC's PCI Compliant data center.
Agency's will be responsible for training their employees on proper handling of
credit card data should they receive it in any other manner outside of the NIC
provided solution. This includes completing SAQ A attesting that they have
outsourced all electronic processing and properly trained employees. *Please
Note: CCP and TPE are components of NIC's PCI Compliant Payment Services that
separate the state's online application from communicating directly with the
payment processor.
B.
Responsibility for PCI-DSS continues for agencies that connect their
applications to payment processors outside of TPE or CCP within in the state.
Also, in the event that an application requires the manual handling or entry of
credit card information by agency personnel, the agency is responsible for PCI
compliance at the SAQ A level for all individuals within the agency processing
those payments. For more information on PCI-DSS SAQ A, please visit:
https://www.pcisecuritystandards.org/
.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.