Loading...
HomeMy WebLinkAboutItem No. 21 Credit Card Acceptance PolicyCity Council Agenda Report City of Lake Elsinore 130 South Main Street Lake Elsinore, CA 92530 www.lake-elsinore.org File Number: RES 2019-20 Agenda Date: 6/25/2019 Status: PassedVersion: 1 File Type: Council ResolutionIn Control: City Council / Successor Agency Agenda Number: 21) Credit Card Acceptance Policy adopt A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF LAKE ELSINORE, CALIFORNIA, ADOPTING THE CREDIT CARD ACCEPTANCE POLICY Page 1 City of Lake Elsinore Printed on 6/2/2023 REPORT TO CITY COUNCIL To:Honorable Mayor and Members of the City Council From:Grant Yates, City Manager Prepared by:Nancy Lassey, Finance Administrator Approved by:Jason Simpson, Assistant City Manager Date:June 25, 2019 Subject:Credit Card Acceptance Policy Recommendation Adopt Resolution No. 2019-___ entitled, A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF LAKE ELSINORE, CALIFORNIA,ADOPTING THE CREDIT CARD ACCEPTANCE POLICY Background and Discussion For best practices, the Government Finance Officers Association (GFOA) recommends that governments formally adopt financial policies that provide guidelines with strategic intent for financial stewardship. Financial policies should define boundaries, manage risk, clarify intent, promote governance accountability, and define shared understanding. Though the City follows internal procedure and policies for accepting credit and debit cards (payment cards)that are in line with GFOA, a formal policy has not been adopted. The City began accepting payment cards as a payment method in July 2005 during a time when checks were the favored method by customers. As technology advanced and the business environment changed, the use of payment cards has greatly increased. With the acceptance of payment cards, costs incur by way of merchant fees. For the fiscal year 2005/2006 total annual fees were roughly $15,000; whereas, today the average annual cost has increased to almost $40,000 ultimately reducing revenue. The current average cost borne to the City is 2.75% of the total amount of the payment card transaction. The California Government Code Section §6159 et seq. (Code) allows government agencies to accept payment cards and allows the government to recover costs through fees applied to the cardholder; however, to recover these costs, a policy must be presented to Council. Thus, the presented Credit Card Acceptance Policy provides direction to employees, contractors, consultant, or agents who process payment card transactions on behalf of the City. To help recover costs of processing payment card transactions, the policy initiates the Convenience Fee. Credit Card Acceptance Policy June 25, 2019 Page 2 Furthermore, the policy provides for automatic annualadjustments based on merchant cost increases or decreases. The policy supports accountability,promotes good financial stewardship, incorporates the Code, and allows the City to recover costs through fees. Fiscal Impact The fiscal impact resulting fromadoption of the Credit Card Acceptance Policy will offset costs by initiating a Convenience Fee; thus, savings to the general fund. Exhibits A: Credit Card Acceptance Policy -Resolution B: Credit Card Acceptance Policy RESOLUTIONNO.2019-____ A RESOLUTION OFTHE CITY COUNCIL OFTHE CITY OFLAKE ELSINORE, CALIFORNIA,ADOPTING THE CREDIT CARD ACCEPTANCE POLICY Whereas,Government Finance Officers Association recommends governments formally adopt financial policies that define boundaries, manage risk, clarify intent, promote governance accountability, and define shared understanding;and Whereas,aformal policy regarding acceptance of credit and debit cards as a method of payment has never been presented to Council; and Whereas,the City began accepting credit and debit cards as a payment method to customers in July 2005 and has significantly increased since then; and Whereas,payment card processing costs have increased and the average cost borne the City is 2.75%of the total amount of each payment transaction; and Whereas,California Government Code Section §6159 allows government agencies to recover payment card processing costs through fees applied to the cardholder; and Whereas,the City Council has determined that the Credit Card Acceptance Policy provides direction to those who process payment card transactions on behalf of the City and is in the best interest of the City and the communityto initiate the Convenience Fee to recover processing costs; and Whereas,the City Council acknowledges that the Credit Card Acceptance Policy provides for automatic adjustments based on merchant cost increases or decreases; and Whereas,the City Council desires to adopt the Credit Card Acceptance Policyof the City of Lake Elsinore. NOW,THEREFORE,THECITYCOUNCILOFTHECITYOFLAKEELSINORE, CALIFORNIA,DOESHEREBYRESOLVEASFOLLOWS: Section1.The attached City of Lake Elsinore Credit Card Acceptance Policy,is hereby adopted and made a part of this Resolution. Section2.ThisResolutionshalltake effectfromandafterthedateofitspassageand adoption. PassedandAdopted onthis25thdayofJune,2019. Steve Manos,Mayor City Council Resolution No. 2019-_______ Page 2 of 2 Attest: Mark Mahan Deputy City Clerk STATEOFCALIFORNIA ) COUNTYOFRIVERSIDE ) ss. CITY OFLAKEELSINORE ) I, Mark Mahan, Deputy City Clerk of the City of Lake Elsinore, California, do hereby certify that Resolution No. 2019-_____ was adopted by the City Council of the City of Lake Elsinore, California, at the Regular meeting of June 25, 2019, and that the same was adopted by the following vote: AYES: NOES: ABSENT: ABSTAIN: ______________________________ Mark Mahan Deputy City Clerk 1 CITY OF LAKE ELSINORE ADMINISTRATIVE POLICIES AND PROCEDURES: CREDIT CARD ACCEPTANCE POLICY Effective June 25, 2019 INTRODUCTION: California Government Code Section §6159 et seq. (Code), permits government agencies to accept credit cards and debit cards (payment cards) as a medium of payment for purchases and services rendered by the City of Lake Elsinore (City). Furthermore, the code provides direction as to procedures to follow and allowed fees to apply to the cardholder. The City supports the acceptance of credit cards as payment for goods and services to improve customer service, bring efficiencies to the City’s cash collection process, and increase the sales volume of certain types of transactions. In response to increasing incidents of identity theft, the major payment card companies created the Payment Card Industry Data Security Standard (PCI DSS) to help prevent theft of customer data. PCI DSS is the result of collaboration between the five major credit card brands to develop a single approach to safeguard sensitive data. The PCI standard defines a series of best practices for handling, transmitting, and storing sensitive data. PCI DSS applies to all businesses that accept payment cards to procure goods or services. Payment card companies enforce compliance with this standard. Generally, noncompliance is discovered when an organization experiences a security breach that includes cardholder data. Security breaches can result in serious consequences for the City, including release of confidential information, damage to reputation, assessment of substantial fines, possible legal liability, and the potential loss of the ability to accept payment card and eCommerce transactions. PURPOSE: The Credit Card Acceptance Policy establishes business processes and procedures for accepting payment cards that will minimize risk and provide the greatest value, security of data, and availability of services within the rules and regulations established in the PCI DSS. Additionally, these procedures are intended to ensure that payment card acceptance is appropriately integrated with the City’s financial and other systems. POLICY: Acceptable Payment Cards and Process Methods The City accepts Visa, MasterCard, Discover, and American Express credit cards as a form of payment of amounts due, which includes debit cards with Visa or MasterCard logos. The City will accept transactions through point-of-sale and eCommerce depending on the purchase or service. Each process method requires a unique set of processes that safeguard against erroneous or fraudulent transactions. City of Lake Elsinore Credit Card Acceptance Policy June 25, 2019 2 Point of Sale Transactions 1. Credit card machines, Square Devises, Connect & Go Devises, and any other payment processing devise used are to be secured and inaccessible to the public. However, a customer's payment card should be visible to the customer at all times during the transaction. 2. Prior to swiping the credit card: a. Ensure that the payment card’s expiration date has not passed. Expired payment cards must not be accepted. b. Compare the name on the payment card to the cardholder's photo identification. If the names do not match, the credit card must not be accepted. 3. Ensure that the amount charged to the payment card matches the transaction. 4. Signature must be obtained on the paper charge receipt or device. Compare signature to the cardholder’s photo identification or signature on back of card. In the event of unmatched signatures, the credit card transaction must be voided and the credit card returned to the customer. 5. If the credit card's magnetic strip cannot be read, the card number may be keyed into the credit card terminal. To reduce the risk of access to confidential credit card data, manual imprints of the card must not be made. 6. If the customer is unable to make a point-of-sale transaction for a service that is not available on the web, the customer may complete the Credit Card Customer Approval Form in which the customer fills out and signs the form. After the payment is processed, all but the last four digits of the card must be redacted or removed from the record. 7. If the authorization network (via the credit card machine or the Address Verification Service) sends a "decline" or "no match" response, the credit card must not be accepted. 8. In all circumstances of declined or unaccepted transactions, return the credit card to the customer and offer to accept another method of payment. Customers disputing the decline or non-acceptance of the credit card should be referred to their bank. Prohibited Payment Card Activities The City prohibits certain credit card activities that include, but are not limited to the following: 1. accepting payment cards for cash advances 2. discounting a good or service based on the method of payment 3. adding a surcharge or additional fee to payment card transactions not identified in this policy 4. using a paper imprinting system 5. maintaining the customers full hand written account number on file City of Lake Elsinore Credit Card Acceptance Policy June 25, 2019 3 Large Transactions Customers with transactions of $10,000 or more should be encouraged to pay by check rather than by payment card to limit merchant fees the City pays. If the payer insists on using a payment card for the transaction, the City is obligated to accept the payment card. Refunds When a good or service is purchased using a payment card and a refund is necessary, the refund should be credited back to the credit card account that was originally charged. Under no circumstances can the refund exceed the original purchase or amount of charge. Cash refunds are prohibited. In certain circumstances, a refund check may be issued with approval from the Finance Division. Approval will be based the discretion of the Finance Division and the following supplied documentation: 1. Written letter or email from the customer requesting the refund 2. Proof that the requestor is the owner of the card 3. Proof of mailing address with a utility bill or other such document 4. Original documentation of the purchase the customer requests the refund for Chargebacks The Code provides that if a transaction paid with a payment card is charged back to the City for any reason, any record of payment made by the agency processing the transaction shall be void. A receipt issued in acknowledgment shall also be void. The obligation of the cardholder or account holder shall continue as an outstanding obligation as if no payment had been made. Occasionally a customer will dispute a payment card transaction, ultimately leading to a chargeback by the payment card bank. In a disputed case, the Finance Division will contact the Department that initiated the original transaction to obtain additional information that substantiates the disagreement or agreement of the chargeback. The Finance Division’s System Administrator will follow through with a dispute or write-off depending on the findings. Payment Card Imposed Fees Per the Code, the City may impose a fee for the use of a payment card that is not to exceed the costs incurred by the agency in providing payment card services. Costs may include, but shall not be limited to, the payment of merchant fees or discounts. The governing body must approve such fees imposed by a public agency. A Convenience Fee will be charged on each payment card transaction based on a nominal percentage of the total transaction. The Cardholder will be required to agree to the convenience fee prior to completion of the sale on the terminal or website. Merchant fees incurred by the City are a percentage of total amounts of payments processed. To maintain the convenience fee at a level sufficient to cover ongoing costs, merchant fees shall City of Lake Elsinore Credit Card Acceptance Policy June 25, 2019 4 be reviewed annually. The policy allows for automatic annual adjustments of increases or decreases to the convenience fee on July 1 of each year. Third-Party Payment Processors The City currently contracts with third-party payment processers to accept credit card payments on behalf of the City. The Administrative Service Department will work with the provider to ensure that a complete and accurate recording of transactions, fees and deposit of monies takes place in a timely manner. All third-party processors are expected to comply with PCI DSS. Safeguarding of Confidential Data 1. Payment card records, including but not limited to , receipts , imprints, credit card numbers , expiration date, card type, bank information, etc. are exempt from public disclosure and shall not be disclosed by the City unless required via Court subpoena or in writing by the City Attorney. 2. If processing of credit card data is provided by a third party on the City's behalf, the service provider must be capable of maintaining the appropriate safeguards. 3. To the extent required by law, the City will attempt to notify payment card customers of any breach of security, which has placed their confidential payment card information at risk. 4. Cashiers and staff accepting payment cards on behalf of the City are subject to the PCI DSS compliancy. 5. The City prohibits the transmission of cardholder data or sensitive authentication data via email or unsealed envelopes through interoffice mail as these are not secure. Fax or sealed envelope is acceptable. 6. The City requires that all external service providers that handle payment card information be PCI DSS compliant. 7. The City restricts access to cardholder data to those with the business of “need to know.” 8. Full payment card information must not be recorded, maintained or viewable in any computer system. 9. For paper media, cardholder data shall not be stored unless approved for legitimate business purposes. When approved, paper media must be stored in a locked environment within the Finance Division Office with access restricted to those with the business of “need to know.” Applicability The policy applies to all City of Lake Elsinore employees, contractors, consultants, or agents who, in the course of doing business on behalf of the City, accept, process, transmit, or otherwise handle cardholder information in any format.