The New York State Department of Taxation and Finance (“DTF”) is offering a convenient method for taxpayers to pay taxes owed by accepting electronic credit card payment transactions over the Internet through DTF’s front-end processing service providers. Vendors certified by DTF to participate in this program will provide an electronic credit card authorization system that allows taxpayers to make tax payments by means of an Internet application, using American Express®, Discover®/Novus®, MasterCard®, and Visa® credit cards. Taxpayers who choose to use the automated Internet credit card payment system will be charged a per transaction convenience fee established by the vendor. Historically, this fee has been no greater than 2.49% of the amount of the payment transaction.
All vendors interested in participating in DTF’s Electronic Credit Card Payment Program must agree and adhere to the following program terms and conditions:
I. General Terms and Conditions
- A vendor must be an approved Internal Revenue Service (IRS) credit card service provider and demonstrate its willingness and ability to provide services to taxpayers and DTF consistent with the program support practices implemented for the IRS’s Credit Card Payment Program as specified in Exhibit 1 of this document. A vendor must notify DTF immediately if there are changes at the IRS that will impact the vendor’s process or the process at DTF.
- Vendors must provide DTF with a copy of their PCI certification
- Submit a copy of the quarterly perimeter scan validation within 10 business days of receipt of the certification; and
- Submit a copy of the results of the annual on-site security assessment report within 10 business days of receipt of the certification.
If a vendor fails to retain PCI compliance and/or produce documentation of compliance, the vendor may be terminated from participation in DTF’s Electronic Credit Card Payment Program.
- Vendors must immediately report to DTF all improvements and enhancements to the vendor’s infrastructure, as well as issues regarding system problems that could affect taxpayers making payments or the delivery of data files and credit card payment files to DTF’s front-end processing service provider(s). Additional reporting requirements are specified in Section II of this document.
- Vendors must agree to meet DTF’s implementation dates for payments received through the Internet. Vendors and DTF must agree to a mutually acceptable timeframe for development and testing prior to implementation. Specifically, DTF is requiring that vendors adhere to the following implementation schedule:
- Personal Income Tax Current Year Tax Return Filing Payments – January 15, 2013
- Personal Income Tax Current Year Extension Payments – January 15, 2013
- Personal Income Tax Quarterly Estimated Tax Payments Tax Year 2013 – February 21, 2013
- Vendors must work with DTF’s front-end tax processing service provider(s) to coordinate file format, annual testing, transmission timing and problem resolution requirements.
- Vendors must agree to provide customized Internet screens based on DTF’s specific data collection requirements. As part of the Internet screens, the vendors will host the most current DTF credit card disclaimer so that taxpayers can elect to view the disclaimer prior to completing their credit card transaction. A copy of DTF’s current credit card disclaimer is attached as Exhibit 2. DTF will provide any updates to the disclaimer as necessary and the new version must appear on the vendor Web site no later than ten business days from the date DTF provided the revisions.
- Vendors must act as the merchant of record and supply a merchant identification structure to support payment and transaction reconciliation.
- Vendors must transmit data files and credit card payment files to DTF’s front-end tax processing service provider(s) post-mirror balancing. The detail transaction file must balance against the future deposit based on the settlement day. If the transaction file does not balance with the deposit, the vendor will be contacted immediately and must provide a detailed explanation and a corrected file as needed.
- Taxpayers who choose to use the automated Internet credit card payment system will be charged a per transaction convenience fee established by the vendor.
- Vendors must act as the merchant of record and supply a merchant identification structure to support payment and transaction reconciliation.
- Vendors must agree to produce two separate transactions for the taxpayer’s credit card statement, one for the tax payment amount and one for the convenience fee amount. The merchant descriptor on the cardholder’s credit card statement should indicate the tax payment amount as “NYS Dept of Tax and Finance Tax Pymt”. A unique identifier, such as the confirmation number, should be included with this descriptor on the card holder’s statement to facilitate error resolution. The convenience fee must be separately stated on the statement.
- Vendors must agree to support a within-transaction taxpayer option to allow the taxpayer to initiate an IRS e-payment transaction after the completion of the DTF transaction.
- Vendors, or their financial service providers, must agree to refund fraudulent or erroneous transactions (chargebacks) to the cardholder’s bank prior to submitting an invoice to DTF requesting that the Office of the State Comptroller reimburse the vendor. Additional details are provided in Section II.
- Vendors must identify and develop a roster of individuals within their organizations responsible for resolving technical and programmatic problems. The roster must be provided to DTF prior to start of each calendar year. The roster must be maintained to ensure that accurate and up-to-date contacts’ names, telephone numbers and e-mail addresses are available.
- Vendors must agree not to disclose, distribute, provide access to, or sell any taxpayer and/or cardholder information derived from DTF’s Internet credit card payment services program to any third party. However, vendors may provide required information to MasterCard®, American Express®, Discover®/Novus®, and Visa®, the financial service provider solely for the purpose of processing retrieval and chargeback requests.
- Vendors must document existing Disaster Recovery provisions relating to participation in DTF’s Electronic Credit Card Payment Program, including any limitations thereon.
- Vendors must implement systems controls to prevent duplicate payments that could result from multiple transmissions of a settlement file or other errors resulting from the completion and transmission of identical payment transactions.
- Vendors shall provide DTF with copies of all marketing materials to be used in DTF’s Electronic Credit Card Payment Program, such as newsletters, software packaging, inserts, and ads for review. Such materials shall not be used without DTF’s prior consent. DTF’s consent shall not be unreasonably withheld.
- Vendors must agree to participate in Internet credit card transaction production processing at the same time as DTF’s, and its front-end tax processing service provider’s, user acceptance testing for Internet credit card transactions. Concurrent production processing and test processing capabilities are especially necessary to accommodate DTF’s annual systems development rollover from the current tax year to the subsequent tax year, without a cessation of production service.
- At the sole discretion of DTF, vendors may be required to be recertified on a calendar year basis in order to continue to participate in DTF’s Electronic Credit Card Payment Program. DTF reserves the right to terminate the relationship with a vendor if DTF documents in writing that the vendor has failed in multiple instances to meet one or more of the terms and conditions set forth in this document. DTF may resort to this remedy even if the vendor is in good standing for purposes of IRS’ credit card payment program.
II. Specific Terms and Conditions
- Daily and Monthly Production Reports - The daily volume and dollars report is due to DTF by 10:00 am each business day. Monthly cumulative reports will be submitted by the fifth business day of each month. The reports shall contain the following information:
Each report file shall have its own unique name which includes the application transaction date. Daily reports should include the daily as well as YTD volumes and dollars. Monthly reports should include the monthly as well as YTD volumes and dollars.
- Date of report
- Period covered
- Total number of transactions by payment type
- Dollar amount of transactions by payment type
- Volume and dollars by card type
- Incident Reporting - Any incident that results in any material outages, work stoppages, or other payment processing problems shall be reported to DTF in accordance with the terms of this paragraph 2. The incident must subsequently be documented, and notice thereof e-mailed to DTF. The credit card provider will notify DTF of all incidents within 24 hours of occurrence or awareness. The incident report is due within 5 business days of occurrence or awareness of the incident. Documentation should include a description of the incident, the cause, number of taxpayers impacted and dollars involved, duration, and actions taken to rectify the situation.
- Record retention - The vendor shall retain, and make available to DTF upon request, data on completed transactions for 72 months from the date of each transaction. The information shall include the taxpayer name, SSN, address, e-mail address, transaction type, date and time, amount of transaction, and confirmation number.
- The vendor shall have policies and procedures that include provisions for disposal of data after the Department's record retention period.
- The vendor shall have policies and procedures that include a programmatic (automatic) process to remove, at a minimum on a quarterly basis, stored cardholder data that exceeds the Department's retention requirements, or, alternatively, conduct a review, at least on a quarterly basis, to verify that stored cardholder data does not exceed the Department's retention requirements.
- Chargeback - When the vendor submits an invoice to DTF, it must include all substantiating documentation indicating that a cardholder’s payment transaction was fraudulent or erroneous. After researching the inquiry, DTF will make its determination and notify the vendor via e-mail of the findings.
The vendor shall provide weekly reports of all chargeback actions identifying the transaction type, date, dollar amount, confirmation number, action request date, and reason for action. These reports are due by close of business each Friday.
- DTF shall reimburse the vendor for unauthorized charges that are substantiated by the cardholder and submitted by the vendor as an invoice to DTF. The vendor must have completed and delivered the appropriate chargeback form and supporting documentation to DTF. DTF reserves the right to deny any chargeback request that does not conform to these requirements.
- All nonfraudulent chargeback requests must be submitted within 150 days from the date of the payment. Requests submitted to DTF 150 or more days past the transaction date will be returned and closed without action. Fraudulent chargebacks that are over 150 days old will be reviewed by DTF on a case-by-case basis.
The vendor must:
- provide 24/7 access for taxpayers to access the vendor’s Web site to complete an electronic payment transaction;
- provide DTF with the vendor’s Web/IVR availability timeframes, including normal maintenance timeframes;
- provide taxpayers with a toll-free number to contact the vendor to inquire on a payment, resolve an error, or report a problem. Live customer service assistance shall be available, at a minimum, Monday through Friday, 7:00 am to 7:00 pm, local time;
- provide frequently asked questions that have been reviewed and approved by DTF.
Credit card disclaimer
The New York State Department of Taxation and Finance (hereinafter "DTF") is committed to providing its customers with the highest levels of service. In furtherance of this commitment, DTF allows taxpayers to pay many types of tax liabilities with a credit card, using the Internet. Taxpayers should check DTF’s website for information and updates regarding the types of tax liabilities for which credit card payment is available.
DTF has made arrangements with the credit card service providers participating in the IRS’ credit card payment program to provide these services. A taxpayer making a payment by credit card may choose between three credit card processors. Taxpayers who decide to pay their tax liabilities by credit card will be asked by the credit card service provider to furnish personal identifying information, the credit card number and expiration date, the amount of the payment and payment application information. The credit card service provider will charge a convenience fee to taxpayers to cover its cost of providing this service. However, taxpayers will be informed of the amount of the fee before they confirm the credit card payment. Taxpayers who decide to proceed with the transaction will receive a confirmation number from the credit card service provider as proof of payment. Taxpayers should also note that, following authorization of the credit card payment, the credit card service provider will forward to DTF only that information necessary for DTF to properly credit the payment to the taxpayer’s account (i.e., identifying information, payment amount and application information). DTF will not receive any personal credit card information, such as credit card number or account status.
DTF provides hyperlinks to the Web sites of the credit card service providers that participate in these programs. DTF does not indicate a preference for any credit card service provider, but presents such links solely as a convenience to taxpayers. The decision to use or not to use the products or services offered by these companies is entirely up to the taxpayer. Questions regarding content, privacy policies and/or security procedures of the credit card service providers should be directed to those providers, and not to DTF.