Get documents about "Bank Operation Diagram
Description
Bank Operation Diagram document sample
Document Sample
Revised May 2007
Project Plan for Implementing
Common Payment Service
For Either
Merchant Cards
Or
Electronic Funds Transfer (ACH)
Instructions
This project plan identifies the tasks necessary to implement Common Payment Service (CPS) as part of your organization's business
solution. A separate plan is available on the SECP Website for those entities that do not utilize CPS for either ACH or Merchant Cards
Processing.
There is a project plan for implementing "Merchant Cards" as well as "ACH Implementation." (See each tab below.) Each plan is formated
such that your organization's tasks and deliverables are identified in columns C, D and E. Those tasks and deliverables for which OSC and
ITS are responsible are identified in columns F, G and H.
Prior to completion, information on OSC's Website should be reviewed. http://www.ncosc.net/SECP/EPP_Index.html
The plan is also outlined in Power Point Presentations found on OSC's SECP Website.
CORRESPONDING TASKS Date
Step AGENCY ACTIVITIES & TASKS TASK DESCRIPTION Agency/Project Deliverables By
(OSC & ITS Use Only) Completed
OSC provides updated Website information
1 Idenfify EFT Project OSC
and answers any questions asked.
1.1 Review information on OSC's SECP Website Review presentations, policies, agreements, and forms
Identify Outbound or Inbound payments, authority, and if
1.2 Idenfity potential payment applications
mandatory or voluntary participation
Identify system for payee/payor database for associated
1.3 Determine systems for database maintenance
bank account information
1.4 Determine method of ACH file transmission Identify method of creating and submitting files.
Identify work to be performed, resources needed,
1.5 Develop internal statement of work Statement of Work
security measures, timeframes, etc.
Request Pre-Project meetings for discussions. Topics
OSC
1.5a Obtain assistance from OSC and/or CPS include security requirements; source of application OSC & ITS meets with Agency
ITS
servers; involvement of ITS.
Cost-benfit analysis Includes costs of development and
1.6 Assess feasibility of implementation Cost-benefit analysis
ongoing operation maintaince.
1.7 Obtain management approval for project Consider cost-benefit analysis, staffing, and funding Project Plan
Enroll with ITS Project Portfolio Management (PPM), if
1.8 Obtain ITS Project Management Office approval
applicable
1.9 Determine if convenience fee will be levied. Consider OSC policy and obtain approval from OSBM
Other
2 Execute Enrollment Forms OSC provides all forms on Website OSC
2.1 Master Services Agreement (MSA) Review MSA. Legal should review agreement
2.2 Agency Participation Agreement (APA) Execute APA. Legal should review agrrement APA OSC approves or disapproves participation OSC
2.3 EFT Participant Setup Form Execute Participate Setup Form - by Chief Fiscal Officer Setup Form OSC processes form with DST & Wachovia OSC
OSC adds the contact to the SECP Email
OSC
Contact List
3 OSC Acts on Enrollment Forms
OSC processes agreements with DST and
3.1 Agency Participation Agreement (APA) OSC
Wachovia, & distributes
3.2 EFT Participant Setup Form OSC processes form with DST and Wachovia OSC
If OSC is Admin for Wachovia Connection,
agency users are set up, and users are notified OSC
of their UserID and initial password.
4 DST Acts on Enrollment Forms
4.1 Agency Participation Agreement (APA) DST executes APA DST
CORRESPONDING TASKS Date
Step AGENCY ACTIVITIES & TASKS TASK DESCRIPTION Agency/Project Deliverables By
(OSC & ITS Use Only) Completed
DST authorizes Wachovia to establish
4.2 EFT Participant Setup Form DST
settlement and Returns account
DST determines if it will pay fees for bank
DST
account
If inbound transactions, establishes CIT
account on CB$ and maps the ZBA account
DST
number when received from Wachovia, if State
agency
If outbound transactions, establishes Electronic
CB$ Request For Electronic Warrant template on CB$, and sets up
4.3 CB$ Electronic Warrant Template Form DST
Warrant Form corresponding repetitive wire instructions on
Wachovia Connection, if State agency.
5 Wachovia Acts on Enrollment Forms
5.1 Agency Participation Agreement (APA) Wachovia executes APA and returns to OSC Wach
Wachovia sets up transmission link with either
5.2 EFT Participant Setup Form Wach
CPS or participant
Wachovia sets up settlement bank account,
and Returns account if inbound, and advises Wach
DST and OSC of account numbers
Wachovia links account to Wachovia
Wach
Connection Administrator
Wachovia sets up invoicing Wach
Wachovia sets up statement rendering Wach
6 Establish processing environment with CPS
1. Agency must complete a Security Risk
Submit SRA and Diagram by email to
Assessment (SRA) questionnaire obtained from
osc.secp.info@ncosc.net
OSC SECP Website.
Security Risk Assement Form a) OSC forwards SRA and Network Diagram to
6.1 2. Agency must submit a detailed Network Diagram OSC
Security Risk Assessment may be separately required by Network Diagram ITS Security Office
to OSC for review by ITS Information Security
PPM. Obtain assistance from ITS Information Security
Office.
Office if necessary.
b) CPS Team reviews, provides feedback, and
CPS
discusses with Agency Project Manager (APM)
Team
to resolve outstanding issues.
c) APM submits revised Security Risk
Assessment for signature and approval by OSC Agency
and ITS.
CORRESPONDING TASKS Date
Step AGENCY ACTIVITIES & TASKS TASK DESCRIPTION Agency/Project Deliverables By
(OSC & ITS Use Only) Completed
Submit by email to CPSTechSupport@lists.ncmail.net to
obtain access to the Technical Implementation section of
a) Store the project CPS Set-up Form in the
the CPS Agency Guide, and agree on an implementation CPS
6.2 Submit CPS Set-up Form - Group 1 Data CPS Set-up Form - Group 1 Data project folder under the P-drive Agency
schedule. Submit this as early as possible - AT LEAST 1 Team
Activation tracking folder
MONTH prior to the agency's design phase. The form is
available from the SECP website under CPS Enrollment.
b) Open an iWise Ticket to track this project
(Detail="merchant activation support", CPS
Description="agency/project name - ACH Team
activation project")
c) Send CPS Technical Implementation access
CPS
information to either the PM (if State employee)
Team
or to the MIS Manager
d) Assess and discuss with Telecomms and
Computing Services:
- business volumes and cycles
CPS
- project timing requirements
Team
- access or hosting issues
Set up a meeting with the agency project if
needed to facilitate discussion.
e) Ensure all are in agreement about timelines,
CPS
testing schedules, and roll-out approach.
Team
Access issues must be resolved at this time.
The CPS Technical Implementation documents include
the sample interface code, class libraries, best practices
and program processing descriptions. These are CPS provide UserID and Password to CPS
6.3 Review CPS Technical Implementation documents
sensitive information and given only to projects confirmed Technical Implementation contact. Team
by OSC (by the assignment of a Merchant Name or
Company Name).
Define application's payment processing requirements,
6.4 Develop the CPS interface establish testing environment, and develop the interface
to CPS
This is to be done with the agency's business operations.
6.5 Establish fulfillment process and logistics
Consult NACHA Rules for payment handling regulations
Develop Test Plan and Application specific Test Develop a test plan and test script incorporating the
6.6 Test Plan, Test Script
Script various transactions that will be performed.
CORRESPONDING TASKS Date
Step AGENCY ACTIVITIES & TASKS TASK DESCRIPTION Agency/Project Deliverables By
(OSC & ITS Use Only) Completed
A bill code is used by the ITS billing system to generate
the monthly invoice to the agency for the CPS Usage Fee.
Establish payment arrangement with ITS for
6.7 Agency must decide who will bear this operational cost Bill Code Request Form ITS sets up bill code ITS
services acquired
(IT, business unit, or fiscal). Request for a bill code may
be made by contacting the ITS Service Desk.
Submit this as early as possible - NO LESS THAN 2
ACH Only
weeks before testing the CPS Interface - BY EMAIL to
a) Set-up the project in the Test Environment
CPSTechSupport@lists.ncmail.net to provide test
using test environment information provided on CPS
6.8 Submit CPS Set-up Form - Group 2 Data environment set-up information and confirm testing time in CPS Set-up Form - Group 2 Data
the form. Carry out test environment access as Team
the CPS test environment. Use the same form submitted
agreed in 6.2). CPS Team to coordinate tasks
in Step 6.2. Attach a copy of the Test Plan and Test
with TS/CS as needed.
Script developed in Step 6.6.
ACH Only
b) Provide the following to the agency project:
- any issues detected from the Test Plan and
Script CPS
- test application username Team
- test password
- test Virtual Pay Reporting account (if desired
by customer)
c) Review the production environment
CPS
information provided by the project on the form
Team
and resolve implementation issues detected.
Submit test results to CPS support. Testing is supported
by the CPS team during normal business hours. Make Support project testing of the interface as CPS
6.9 Perform CPS interface testing Test Script with test results
arrangements well in advance if the project needs support needed. Team
beyond the normal hours.
6b Perform Testing & Acceptance Tasks
a) OSC acts on the Acceptance Checklist:
- Forwards the checklist to the CPS Team and
Develop an Acceptance Checklist, incorporating Do this AT LEAST 2 WEEKS BEFORE the planned obtain feedback on CPS requirements
6b.1 tasks performed and to be performed, per this migration to production. Attach supporting documents Acceptance Checklist - Reviews the checklist and supporting OSC
project plan. and submit BY EMAIL to osc.secp.info@ncosc.net documents
- Advises the agency with comments if there
are issues that require resolution
b) If there are no issues identified by OSC or
OSC
ITS, advise the agency.
CORRESPONDING TASKS Date
Step AGENCY ACTIVITIES & TASKS TASK DESCRIPTION Agency/Project Deliverables By
(OSC & ITS Use Only) Completed
Settlement Bank Account OSC provides numbers obtained from
6b.2 Obtain approval and Production set-up numbers OSC
Numbers Wachovia
Brief the agency's IT support, business support, and fiscal
support about the proper communication protocol when
the application becomes operational. IT and business
POINTS-OF-CONTACT have to be identified.
Identify the agency personnel who may report problems
and issues to ITS and who will be in ITS's notification list if
6b.3 Conduct briefing on Contact information there are problems, changes, or issues on the Common
Payment Service. All CPS-related problems, issues and
requests must be coursed through the ITS Service Desk.
Review website Contact Information page for details.
Business-related issues and Wachovia Connection issues
must be concucted through OSC. Review OSC's SECP
Website "Contact Us" page for details.
a) Using information from the Group 2 and
AT LEAST 1 WEEK before production migration and BY
Group 3 set-up data, define the agency store CPS
6b.4 Submit CPS Set-up Form - Group 3 Data EMAIL to CPSTechSupport@lists.ncmail.net to request CPS Set-up Form - Group 3 Data
or profile in the respective CPS Production Team
agency activation in the CPS Production environment
Environment.
b) Schedule customer access to Virtual Pay
CPS
Reporting and orientation with the agency users
Team
specified on the Set-up Form.
c) Obtain firewall policy change approval by
opening an iWise ticket for TS requesting a CPS
firewall policy update for Team
- the agency production application servers
CPS
d) Add the agency's Bill Code to the CPS table
Team
e) Update the
CPS
CPSClientAgencies@lists.ncmail.net list serve
Team
with agency information provided.
f) Update the CPS Agency Database with
CPS
Settlement and Maintenance windows, and
Team
other set-up information
Coordinate migration activities and schedule with OSC
6b.5 Migrate agency application into production
and the CPS team.
CORRESPONDING TASKS Date
Step AGENCY ACTIVITIES & TASKS TASK DESCRIPTION Agency/Project Deliverables By
(OSC & ITS Use Only) Completed
Agency may determine to send a Prenote (Zero Dollar)
transaction through the ACH network. If the agency
6b.6 Perform Prenotification Transaction (optional)
elects to send the Prenote, there must be a six banking
day lag before a live transaction can be initiated.
Testers should be State employees or contractors whose
6b.7 Recruit production verification testers
use of the live application can be directed and monitored.
This process takes from 1 - 2 weeks. Production
Verification means the agency application is live and will
accept and process LIMITED live transactions from pre-
identified State employees. The purpose is to determine if
the agency's application has been set-up correctly: funds
CPS
6b.8 Perform "production verification" are either remitted are received by the payees/payors on a) Monitor the production transactions.
Team
the date anticipated, and the settlement bank account
(and Returns account if applicable) can be viewed
through Wachovia Connection. Any incorrect set-ups
have to be corrected before making the online service
open to the public.
CPS
b) Monitor the batch settlement process.
Team
c) Guide agency in their initial review of the
OSC
Wachovia Connection reports.
Report findings to OSC. OSC will work with Wachovia Make any necessary changes in account
6b.9 Resolve agency set-up issues detected OSC
Bank for any account set-up issues. mapping on Wachovia Connection.
Review results to ensure there are no agency
6b.10 Submit "production verification" final results Advise OSC and CPS of test results OSC
set-up issues remaining.
a) Brief agency points of contact on the use of
Issue public announcement / availability of service if CPS
6b.11 ITS Service Desk support from this point
needed Team
onward.
b) Close the iWise ticket for this CPS activation CPS
project. Team
Workplan Template
For Applications using the Common Payment Service (CPS)
Merchant Card
Name of Agency: Revised 5/30/2007
Implementation Plan w/ CPS
Website link for Presentation: http://www.ncosc.net/SECP/SECP_MerchantCard_Enrollment.html OSC Support Center Contact Info: 919.875.4357
ITS Service Desk Contact Info: 800.722.3946
AGENCY ACTIVITIES & TASKS OSC and ITS ACTIVITIES & TASKS
CORRESPONDING TASKS Date
Step AGENCY ACTIVITIES & TASKS TASK DESCRIPTION Agency/Project Deliverables By
(OSC & ITS Use Only) Completed
OSC provides updated Website information
1 Idenfify Merchant Card Project OSC
and answers any questions asked.
Review presentations, policies, agreements, and forms,
1.1 Review information on OSC's SECP Website
including PCI Security Standards information
1.2 Idenfity potential payment applications Identify "card-present" and "card not-present" situations
Consider POS Terminals, POS Electronic software, Web-
1.3 Determine capture methods to be used based applications, CPS Virtural Credit Card Termial
(VCCT), Gateway (CPS or third-party)
Identify method of transmitting authorizations and batch
1.4 Determine method of transmission
transactions.
Identify work to be performed, resources needed,
1.5 Develop internal statement of work Statement of Work
security measures, timeframes, etc.
Request Pre-Project meetings for discussions. Topics
include security requirements; source of application OSC
1.5a Obtain assistance from OSC and/or CPS OSC & ITS meets with Agency
servers; involvement of ITS. Determine ability to compy ITS
with PCI Security Standards.
Cost-benfit analysis Includes costs of development and
1.6 Assess feasibility of implementation Cost-benefit analysis
ongoing operation maintaince.
1.7 Obtain management approval for project Consider cost-benefit analysis, staffing, and funding Project Plan
Enroll with ITS Project Portfolio Management (PPM), if
1.8 Obtain ITS Project Management Office approval
applicable
1.9 Determine if convenience fee will be levied. Consider OSC policy and obtain approval from OSBM
Other
2 Execute Enrollment Forms OSC provides all forms on Website OSC
Review MSA. Legal should review agreement. Consider
2.1 Master Services Agreement (MSA)
the potential fines and other liabilites.
2.2 Agency Participation Agreement (APA) Execute APA. Legal should review agrrement. APA OSC approves or disapproves participation OSC
2.3 Merchant Card Participant Setup Form Execute Participate Setup Form - by Chief Fiscal Officer
Execute Outlet Setup Form for each outlet or line of
2.4 Merchant Card Outlet Setup Form APA
business (merchant number) needed - by Fiscal Officer
Prepare form designating users who will need access to
2.5 MyMerchant View Setup Form MyMverchant View online reporting with STMS - by Fiscal
Officer
Other forms, as referenced on OSC SECP Website may
be needed (Wachovia Connection, POS Terminal Order,
2.6 Other applicable forms Setup Form
PCI Security Self-Assessment Certification) - by Fiscal
Officer
3 OSC Acts on Enrollment Forms
eac94ecf-33de-466e-8a2d-f95d306eed50.xls Page 8
Workplan Template
For Applications using the Common Payment Service (CPS)
OSC processes agreements with DST and
3.1 Agency Participation Agreement (APA) OSC
STMS, & distributes
OSC processes form with DST, STMS, &
3.2 EFT Participant Setup Form OSC
Wachovia
OSC updates the participant info in the Heat
OSC
database, and email contact list
OSC processes form with STMS, and updates
3.3 Merchant Card Outlet Setup Form OSC
the Heat database with the Merchant info
OSC processes from with STMS, setting up
users and obtaining UserIDs and initial
3.4 My Merchant View Setup Form OSC
passwords. Users are notified directly of their
UserIDs and initial passwords.
If POS terminals are needed, OSC orders the
3.5 Other Applicable Forms terminals from STMS, with delivery being OSC
made directly to agency
If OSC is Admin for Wachovia Connection,
agency users are set up, and users are
OSC
notified directly of their UserID and initial
password.
Determination is made as to whether
3.6 PCI Security Certification application is to be enrolled with OSC
AmbironTrustWave
4 DST Acts on Enrollment Forms
4.1 Agency Participation Agreement (APA) DST executes APA DST
DST authorizes Wachovia to establish
4.2 Merchant Card Participant Setup Form DST
settlement account for agency
DST establishes CIT account on CB$, and
maps the ZBA account number when received DST
from Wachovia, if State agency
5 STMS Acts on Enrollment Forms
STMS executes APA and returns to OSC. Non-
5.1 Agency Participation Agreement (APA) State agencies may be subject to a credit STMS
check
STMS sets up profile for agency, assigning a
5.2 Merchant Card Participant Setup Form Chain Number tor the agency Merchant Name, STMS
and advises OSC
STMS assigns a merchant number to each
5.3 Merchant Card Outlet Setup Form outlet, mapping them to the agency's chain STMS
number. Also sets up invoicing.
STMS sets up users and provides UserIDs
5.4 MyMerchant View Setup Form and initial passwords to OSC, which then STMS
notifies each user separately, normally by Fax.
If terminals are ordered, STMS ships terminals
5.5 POS Teminal Order Form STMS
directly to agency
6 Establish processing environment with CPS
eac94ecf-33de-466e-8a2d-f95d306eed50.xls Page 9
Workplan Template
For Applications using the Common Payment Service (CPS)
1. Agency must complete a Security Risk
Assessment (SRA) questionnaire obtained from
OSC SECP Website. Submit SRA and Diagram by email to
2. In conjuction with the SRA, the agency must also osc.secp.info@ncosc.net
complete the PCI Security Self-Assessment PCI Security Questionnaire a) OSC forwards SRA and Network Diagram
6.1 OSC
Questionnaire. Security Risk Assessment may be separately required by Network Diagram to ITS
3. Agency must submit a detailed Network Diagram PPM. Obtain assistance from ITS Information Security
to OSC for review by ITS Information Security Office if necessary.
Office.
b) CPS Team reviews, provides feedback, and
CPS
discusses with Agency Project Manager (APM)
Team
to resolve outstanding issues.
c) APM submits revised Security Risk
Assessment for signature and approval by Agency
OSC and ITS.
Submit by email to CPSTechSupport@lists.ncmail.net to
obtain access to the Technical Implementation section of
a) Store the project CPS Set-up Form in the
the CPS Agency Guide, and agree on an implementation CPS
6.2 Submit CPS Set-up Form - Group 1 Data CPS Set-up Form - Group 1 Data project folder under the P-drive Agency
schedule. Submit this as early as possible - AT LEAST 1 Team
Activation tracking folder
MONTH prior to the agency's design phase. The form is
available from the SECP website under CPS Enrollment.
b) Open an iWise ticket to track this project
(Detail="merchant activation support", CPS
Description="Merchant name - Merchant Team
Activation project")
c) Send CPS Technical Implementation
CPS
access information to either the PM (if State
Team
employee) or to the MIS Manager
d) Assess and discuss with Telecomms and
Computing Services:
- business volumes and cycles
CPS
- project timing requirements
Team
- access or hosting issues
Set up a meeting with the agency project if
needed to facilitate discussion.
e) Ensure all are in agreement about timelines,
CPS
testing schedules, and roll-out approach.
Team
Access issues must be resolved at this time.
The CPS Technical Implementation documents include
the sample interface code, class libraries, and program
CPS provide UserID and Password to CPS
6.3 Review CPS Technical Implementation documents processing descriptions. These are sensitive information
Technical Implementation contact. Team
and given only to projects confirmed by OSC (by the
assignment of a Merchant Name).
Define application's payment processing requirements,
6.4 Develop the CPS interface establish testing environment, and develop the interface
to CPS. Ascertain if AVS will be used.
This is to be done with the agency's business operations.
6.5 Establish fulfillment process and logistics
Consult STMS's MSA and Operating Guide.
Develop Test Plan and Application specific Test Develop a test plan and test script incorporating the
6.6 Test Plan, Test Script
Script various transactions that will be performed.
eac94ecf-33de-466e-8a2d-f95d306eed50.xls Page 10
Workplan Template
For Applications using the Common Payment Service (CPS)
A bill code is used by the ITS billing system to generate
the monthly invoice to the agency for the CPS Usage
Establish payment arrangement with ITS for
6.7 Fee. Agency must decide who will bear this operational Bill Code Request Form ITS sets up bill code ITS
services acquired
cost (IT, business unit, or fiscal). Request for a bill code
may be made by contacting the ITS Service Desk.
Submit this as early as possible - NO LESS THAN 2 Merchant Card Only
weeks before testing the CPS Interface - BY EMAIL to a) Set-up the project as a CPS Store in the
CPSTechSupport@lists.ncmail.net to provide test Test Environment using test environment
CPS
6.8 Submit CPS Set-up Form - Group 2 Data environment set-up information and confirm testing time CPS Set-up Form - Group 2 Data information provided on the form. Carry out
Team
in the CPS test environment. Use the same form test environment access as agreed in 6.2).
submitted in step 6.2. Attach a copy of the Test Plan and CPS Team to coordinate tasks with TS/CS as
Test Script. needed.
Merchant Card Only
b) Provide the following to the agency project:
- any issues detected from the Test Plan and
Script
- test application username CPS
- test password Team
- test visa card number ($1 limit)
- test mc card number ($1 limit)
- test VCCT username & password
- point agency users to VCCT Online Help
c) Review the production environment
CPS
information provided by the project on the form
Team
and resolve implementation issues detected.
Submit test results to CPS support. Testing is supported
by the CPS team during normal business hours. Make Support project testing of the interface as CPS
6.9 Perform CPS interface testing Test Script with test results
arrangements well in advance if the project needs support needed. Team
beyond the normal hours.
6b Perform Testing & Acceptance Tasks
a) OSC acts on the Acceptance Checklist:
- Forwards the checklist to the CPS Team and
Develop an Acceptance Checklist, incorporating Do this AT LEAST 2 WEEKS BEFORE the planned obtain feedback on CPS requirements
6b.1 tasks performed and to be performed, per this migration to production. Attach supporting documents Acceptance Checklist - Reviews the checklist and supporting OSC
project plan. and submit BY EMAIL to osc.secp.info@ncosc.net documents
- Advises the agency with comments if there
are issues that require resolution
b) If there are no issues identified by OSC or
OSC
ITS, advise the agency.
c) Send an acceptance confirmation email to
the agency project including fiscal and
business areas, and to the CPS Team that OSC
includes MID,TID , and User Profile
information.
6b.2 Obtain approval and Production set-up numbers OSC provides numbers obtain from STMS OSC
eac94ecf-33de-466e-8a2d-f95d306eed50.xls Page 11
Workplan Template
For Applications using the Common Payment Service (CPS)
Brief the agency's IT support, business support, and fiscal
support about the proper communication protocol when
the application becomes operational. IT and business
POINTS-OF-CONTACT have to be identified.
Identify the agency personnel who may report problems
and issues to ITS and who will be in ITS's notification list if
there are problems, changes, or issues on the Common
6b.3 Conduct briefing on Contact information
Payment Service. All CPS-related problems, issues and
requests must be coursed through the ITS Service Desk.
Review website Contact Information page for details.
Business-related issues, MyMerchantView, and Wachovia
Connection issues must be conducted through OSC.
Review OSC's SECP Website "Contact Us" page for
details.
AT LEAST 1 WEEK before production migration and BY a) Using information from the Group 2 and
EMAIL to CPSTechSupport@lists.ncmail.net to request Group 3 set-up data, define the agency store CPS
6b.4 Submit CPS Set-up Form - Group 3 Data CPS Set-up Form - Group 3 Data
merchant agency activation in the CPS Production or profile in the respective CPS Production Team
environment Environment.
b) Set-up customer access to Virtual Credit
Card Terminal and orientation with the agency
CPS
users specified on the Set-up Form. Check
Team
that the users have reviewed the User Guide
and know how to use the reports.
c) Obtain firewall policy change approval by
opening an iWise ticket for TS requesting a CPS
firewall policy update for Team
- the agency production application servers
CPS
d) Add the agency's Bill Code to the CPS table
Team
e) Update the
CPS
CPSClientAgencies@lists.ncmail.net list serve
Team
with agency information provided.
f) Update the CPS Merchant Agency Database
CPS
with Settlement and Maintenance windows,
Team
and other set-up information
Coordinate migration activities and schedule with OSC
6b.5 Migrate agency application into production
and the CPS team.
Testers should be State employees or contractors whose
6b.6 Recruit production verification testers
use of the live application can be directed and monitored.
This process takes from 1 - 2 weeks. Production
Verification means the agency application is live and will
accept and process LIMITED live transactions from pre-
identified State employees. The purpose is to determine if
the merchant agency had been set-up correctly: the
funds are received within the next business day, CPS
6b.7 Perform "production verification" a) Monitor the production transactions.
processing rates applied on transactions are correct, Team
processing charges are not debited against the daily
funding deposits, the settlement bank account can be
viewed through Wachovia Connection, etc. Any incorrect
set-ups have to be corrected before making the online
service open to the public.
eac94ecf-33de-466e-8a2d-f95d306eed50.xls Page 12
Workplan Template
For Applications using the Common Payment Service (CPS)
CPS
b) Monitor the batch settlement process.
Team
c) Guide merchant agency in their initial review
CPS
of the VCCT reports after the settlement is
Team
completed.
d) Guide agency in their initial review of the
Wachovia Connection reports.
e) Guide agency in their initial review of the
MyMerchant View reports.
a) Make any necessary changes in account
Report findings to OSC. OSC will work with STMS and mapping on Wachovia Connection.
6b.8 Resolve agency set-up issues detected OSC
Wachovia Bank for any agency-set-up issues. b) Rectify any setup issues with MyMerchant
View
Review results to ensure there are no agency
6b.9 Submit "production verification" final results Advise OSC and CPS of test results OSC
set-up issues remaining.
a) Brief agency points of contact on the use of
Issue public announcement / availability of service CPS
6b.10 ITS Service Desk support from this point
if needed Team
onward.
b) Close the iWise ticket for this CPS activation CPS
project. Team
7 Establish Business Procedures
Review presentations, policies, agreements, forms, and
7.1 Educate staff on SECP website
contact information
Base procedures on STMS Operating Guide and Card
Association Rules. Topics should include signature
Establish procedures for face-to-face transactions
7.2 verification, address verification, expiration date
and card not-present transactions.
verification, processing inadvertent duplicate transactions,
refunds, chargebacks, etc.
Base procedures on STMS Operating Guide and Card
Association Rules. Topics should include voice
7.3 Establish procedures for obtaining authorizations
authorization as backup, suspected fraud situations
(Code 10 Procedures), etc.
Provide necessary training for operating POS Obtain guidance from STMS Technical Services Help
7.4
terminals and POS software applications. Desk if necessary.
Establish procedures for closing out terminals and
Base procedures based on cut-off times provided by CPS
7.5 other applications, and tranmitting batches to either
or STMS.
CPS or STMS.
Establish procedures for retaining transaction slips, Devise procedures based on OSC E-Commerc Policies,
7.6 records retention, and handling disputed STMS Operating Guide, and Card Association Rules. Internal Policies and Procedures
transactions. Use template on OSC's SECP Website
OSC reviews and approves policies and
7.7 Submit Internal Agency Policies & Procedures Submit by email to osc.secp.info@ncosc.net for review. OSC
procedures
8 Establish Fiscal Procedures
Review presentations, policies, agreements, forms, and
8.1 Educate staff on SECP website
contact information
Establish procedures for reporting of funds Incorporate Reconcilement Function requirements on
received for settlement of transactions; and SECP website. Consider settlement of proprietary card
8.2
Refunds and Chargebacks that are netted out of transactions that may be received on a different day than
daily ZBA sweep. Visa or MasterCard.
Verify all users have received userIDs and passwords,
Establish procedures for Wachovia Connection
8.3 and have access to all required functions and settlement
users
accounts
eac94ecf-33de-466e-8a2d-f95d306eed50.xls Page 13
Workplan Template
For Applications using the Common Payment Service (CPS)
Verify all users have received userIDs and passwords,
8.4 Establish procedures for MyMerchant View users and have access to all merchant numbers and required
reports
Verify all users have received userIDs and passwords,
8.5 Establish procedures for VCCT users and have access to all merchant numbers and required
reports
Establish procedures for multiple merchant number
settling into same bank account, and associated Incorporate Reconcilement Function requirements on
8.6
reconcilement with the decentralized department's SECP website
captured transactions.
Establlish procedures for reviewing, verifying, and Develop controls, and periodically examine to enusre that
8.7
paying STMS monthly invoice the appropriate Interchange rates are being applied.
Describe Internal Policies and Procedures, incorporating
8.8 Prepare an updated Cash Management Plan procedures established, and any applicable E-Commerce Internal Policies and Procedures
policies on SECP websie, utilizing sample format.
OSC reviews and approves policies and
8.9 Submit Internal Agency Policies & Procedures Submit by email to osc.secp.info@ncosc.net for review. OSC
procedures
9 Obtain PCI Security Compliance
Review OSC's Website pertaiing to PCI Security,
Educate staff on PCI Security Standards including presentations, policies, Visa and MasterCard
9.1
requirements Websites. Consider the potential fines for non-compliance
or security breaches.
Consider requirement associated with business
Establish procedures from the business
9.2 processing, to include physical security, employee
perspective
background checks, etc.
Consider requirement associated with technical
Establish procedures from the technical
9.3 processing, to include hardware, software, firewalls,
perspective
encryption, etc.
Complete questionnaire regardless of types of capture
9.4 Complete Security Assessment Questionnaire
used.
If third-party gateways or other service providers are
9.5 Ascertain compliance of third party providers
used, obtain certificate of compliance
Provide one contact for entire agency to OSC, on
9.6 Designate individual for PCI Security
Merchant Card Participant Setup Form
If outward facing IPS URLs are used, enroll with
9.7 Enroll with AmbironTrustWave if applicable AmbironTrustWave, for annual questionnaire completion OSC enrolls each merchant number with ATW OSC
and quarterly vulnerability scans.
For merchant numbers not required to be enrolled with
PCI Self Assessment Certification
9.8 Complete Self Assessment Certification ATW (i.e., POS Terminals) complete Self Assessment
Form
Certification Form
eac94ecf-33de-466e-8a2d-f95d306eed50.xls Page 14
