Accepting Electronic Payments
Sponsoring Agency: Department of Executive Services / Finance and Business Operations Division
Effective Date: March 3, 2016
Expiration Date: March 3, 2021
Approved: /s/ Dow Constantine
Type of Action: Supersedes FIN 8-5 (AEP), November 7, 2005
Signed document (PDF, 543KB)
This policy provides establishes a King County Executive policy for King County Departments and Agencies that accept electronic payments for County taxes, fees, services or products when using electronic payment options such as, but not limited to, the Internet, Point of Sale, Kiosk, Interactive Voice Response (IVR) and other approved electronic payment options.
II. Applicability and Audience
This policy applies to the Administrative Offices and Executive Departments supervised by the King County Executive. The audience may include any non-Executive Branch King County departments adopting this policy.
“Agency” means any department, or office managed by an elected official of any branch of King County government.
“Automated Clearing House” or “ACH” means an association of depository institutions that process financial transactions electronically through the Federal Reserve Bank.
“Business Application” means any software that assists and supports the making of an electronic payment for County taxes, fines, fees and/or services, and integrates through a “Payment Gateway” to an “Electronic Payment Processor.” A Business Application may involve one or more “Payment Channels” and “Payment Types”.
“County Consolidated Storefront” means the County developed and supported web portal services at the front end of the electronic payment process that, among others, displays to customers an agency’s products and services, customer payment history, and account balances (amount due); and redirects customers to the County’s approved electronic payment processor vendor gateway for entry of sensitive cardholder payment information. A component of the “Electronic Payments Enterprise System.”
“Credit Card” means a card indicating that the holder named on the card has obtained a revolving line of credit from the financial institution issuing the card up to a certain dollar amount valid to a specified date shown on the card. A credit card may be used to pay for goods and services from merchants or organizations participating in the corresponding credit card program.
“Customer” means the person who is purchasing county goods/services or paying fees/taxes with an electronic payment, such as a credit card, debit card, electronic check or other authorized form of electronic payment.
“Debit Card” means a card indicating that the holder named on the card has an open account in a financial institution shown on the card and that the holder named on the card is authorized to pay for purchases of goods and services from participating merchants so long as the account is valid and has adequate funds to cover the cost of either goods or services, or both, at the time of the transaction.
“Electronic Payments Management Plan” refers to the plan that proposes a countywide electronic payments solution. The plan was completed in November 2015, superseding the “eCommerce Management Plan” updated in October 2004.
“Electronic Payments Business Case Assessment” or “Business Case” means the electronic payments questionnaire provided by FBOD to agencies for the purposes of reviewing and evaluating proposals for new or modified electronic payment services.
“Electronic Check”, “eCheck” or “e-check” means an ACH debit that is initiated by the customer against an open account in a financial institution that is authorized for use to pay for purchases of goods and services from participating merchants so long as the account is valid and has adequate funds to cover the cost of either goods or services, or both, at the time of the transaction.
“Electronic Payments Enterprise System” means the approved countywide electronic payments solution providing all agencies the array of services, whether vendor supported or County developed hardware and software services, necessary to accomplish all phases of processing electronic payments; includes the agency storefront (front end of the electronic payment process), vendor payment gateway (front end to back end hand off), and electronic payment processor (back end of the electronic payment process).
“Electronic Payments Steering Committee” or “Steering Committee” refers to the committee of county representatives, chaired by the Finance Director, who provide guidance, advice, and oversight of County electronic payment strategy, and assistance to departments as part of the county’s Electronic Payments Management Plan.
“Electronic Payments” or “e-payments” means any financial transaction by which funds are transferred to the county through available electronic payment channels or types.
“Electronic Payment Services” means any service provided by a vendor who acts as an intermediary in processing an electronic payment, including, but not limited to; merchant banking services, credit card payment processing, ACH debit origination processing, and payment gateway services.
“Electronic Payment Processing Protocol” means the standard, countywide processes used by an agency when accepting electronic payments from customers, including, but not limited to, electronic payment software, contracts with financial services providers, and business procedures.
“Electronic Payment Processor” means an electronic payment vendor, often a third party, appointed by a merchant to handle transactions from various channels such as credit cards and debit cards for merchant acquiring banks.
“Finance Director” refers to the designated director of the Finance and Business Operations Division (FBOD) or his/her successor.
“FBOD” refers to the Finance and Business Operations Division of the Department of Executive Services.
“FBOD Electronic Payments Coordinator” is the designated FBOD point of contact for agencies regarding electronic payments planning, management and policies.
“Interactive Voice Response” or “IVR” means a system that allows users to pay for services over the telephone or other audio-signal carrier using a credit card.
“KCIT” refers to the King County Department of Information Technology or its successor.
“Merchant Banking Service” refers to the designated bank or banking service that processes an electronic payment.
“Payment Card Industry Data Security Standards” or “PCI DSS” means a widely accepted set of policies and procedures, created jointly in 2004 by Visa, MasterCard, Discover and American Express, intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
“Payment Channel” means the physical mechanism for delivery of payments to the County. Examples include, but are not limited to, US Mail, traditional phone, point-of-sale (POS) counter service, Internet, IVR, etc.
“Payment Gateway Service” or “Payment Gateway” means a software that routes an electronic payment transaction to the appropriate payment processor that authorizes the transfer of funds from the proper financial institution; and which specifically contains the “shopping cart” functionality and accepts payment data (e.g. cardholder information) from a customer
“Payment Kiosk” means a system that allows users to pay for services via an unattended payment station using an approved electronic payment process.
“Payment Type” means the payment instrument for transferring payment to the County. Examples include, but are not limited to, cash, mobile payment “apps”, check, wire transfer, debit card, credit card, e-check and other approved forms of payment.
“Personal Financial Information” means information provided by the customer in the course of completing a payment transaction with the county through an electronic transfer of funds, including but not limited to; credit card number, debit card number, and bank account number or any other non-public information (NPI).
“Point-of-sale” or “POS” is a payment option that performs a real-time payment authorization of a customer's account when the customer presents their credit card (or other payment method) in-person at the time of sale.
“PRB” refers to the county's Project Review Board and its process for reviewing, approving and monitoring the implementation of Information Technology (IT) projects.
“PSB” refers to the Office of Performance, Strategy and Budget.
“Service Fee” is a transaction fee that is charged to a customer for the convenience of making an electronic payment. If this fee is charged to a customer, it typically covers all or a portion of a payment vendor's transaction costs, including interchange.
“Service Fee Pricing Model” specifically denotes the pricing model developed for government merchants used by credit card networks to calculate transaction fees charged to customers. Also see definition for Visa Government and Higher Education Program.
“Visa Government and Higher Education Program” refers to the program that became effective in November 2012 which allows government and higher education entities to accept Visa cards in all payment channels and assess a variable service fee as a separate transaction. This is the program that grants the County a high degree of flexibility in charging service fees for all types of electronic payments.
A. Acceptance of Electronic Payments
- Agencies may accept electronic payments for any business service or purchase of goods pursuant to KCC 4A.601 and RCW 36.29.190.
- An agency must receive written approval from the Finance Director, on behalf of the Steering Committee and King County Executive, prior to offering any new electronic or significantly modified payment option to their customers.
- An agency that accepts electronic payments must comply with FBOD's electronic payment processing protocol and procedural steps as set forth in these administrative policies. Additional information involving these policies is provided in the Electronic Payments Management Plan and the policy Procedural Manual.
B. Agency Business Applications
- All Business Applications, services and/or equipment which employ electronic payments of any form shall integrate with the county's approved electronic payment vendor(s). The County’s approved electronic payment vendor(s) will manage all functions from the point where entry of cardholder sensitive payment information occurs. The intent is to promote the standard use of electronic payment services and options among agencies and customers. Standardization of the electronic payment vendor(s) is expected to create efficiencies, lower costs, integrate internal systems, simplify account reconciliation, improve reporting and work processes (e.g. standardizing processes for chargebacks, refunds, reconciliation, etc.), and achieve common best practices in accordance with current security/privacy standards.
a) New or Replacement Business Applications: Agencies with new or replacement Business Applications shall use the County’s approved electronic payment vendor(s) as described in the Electronic Payments Management Plan. New and replacement business application architecture must further be approved by the KCIT Architecture Review Team (ART) prior to development of the application or advertisement of an RFP.
b) Existing Business Applications: Agencies with existing Business Applications that are not already using the County's approved electronic payment vendor(s) to process electronic payments, and that were under contract prior to the effective date of these policies, are expected to migrate to the preferred electronic payment platform when their current vendor contract expires (or is terminated) or when there is an option to renew the contract.
c) Modifications to Business Applications: Agencies which are planning to modify electronic payments associated with existing Business Applications must use the County’s approved electronic payment vendor(s) for any new or modified electronic payments.
d) Exceptions: The Finance Director, working with the Steering Committee, has the authority to grant case-by-case exceptions to use an alternative payment solution instead of the County's approved electronic payment vendor(s). Due to an emphasis on standardizing back-end processes, only in rare circumstance will requests to use a non-County approved electronic payment processor be approved.
- Procurement of Business Applications: All agencies are allowed flexibility to procure Business Applications facilitating the purchasing of services electronically, whether vendor licensed or County developed, to meet functional needs and business requirements. This approach of front end storefront flexibility recognizes the widely varying agency business needs, while preserving the standardization of core payment workflow at the back end through use of County approved electronic payment vendor(s).
a) Agencies may choose to either use the KCIT developed County Consolidated Storefront or a vendor licensed Business Application, and shall adhere to FBOD and KCIT application development, security and IT architectural standards as outlined in the Electronic Payments Management Plan and this policy.
b) In all circumstances, the agency's Business Applications, whether vendor licensed or County developed, must provide for integration with the County's approved electronic payment vendor(s). Exceptions to this policy are as noted in section B.1.d above.
- In all circumstances involving new, replacement or modified Business Applications, agencies must submit a new or updated Business Case to FBOD.
a) In the case of new or replacement Business Applications, the Business Case must be submitted and approved before an RFP, if needed, can be issued.
C. Electronic Payment Processing Protocol, Security and Privacy
1. FBOD, and the Steering Committee, with technical assistance from KCIT, shall establish and maintain the protocols for electronic payment processing, including, but not limited to, access to the Electronic Payments Enterprise System, contracts for electronic payments vendor(s), monitoring the use of service fees, and standard business processes and procedures.
2. KCIT shall maintain and administer the information technology security requirements, including auditing, management and reporting associated with electronic payments.
3. No agency shall store any cardholder data or other sensitive payment information in a database pursuant to KCC 4A.601.020.
a) If an agency has a legal and justifiable business need to store personal financial information obtained from customers during an electronic payment transaction, the agency is required to obtain written authorization from the Executive and provide written notification to the King County Council chair pursuant to KCC 4A.601.020.
4. All agencies accepting electronic payments must be aware and compliant with Payment Card Industry data security standards (“PCI Compliance”); agency staff must be familiar with county policies and guidelines governing IT security, and required actions in the event of a security breach.
- FBOD shall establish and administer enterprise (Countywide) contracts with vendors for the acceptance and processing of electronic payments, including, but not limited to: merchant banking services, Internet storefront and payment gateway services, and third party electronic payment processors.
- FBOD shall keep the Steering Committee apprised of all matters associated with the establishment and administration of contracts with vendors for the acceptance of electronic payments, including, but not limited to: merchant banking services, Internet storefront and payment gateway services, and third party electronic payment processors.
- No county agency may enter into any vendor agreements for any electronic payment service without the written consent of the Finance Director.
- FBOD, through the establishment of contracts with payment vendors and banking partners, shall assist agencies in understanding contract requirements and the pricing structure options relative to electronic payments transaction costs.
E. Service Fees
- Both fee setting and cost recovery principles are delineated in the Electronic Payments Management Plan or its successor.
a) The standard payment card industry Service Fee pricing model is the County’s preferred pricing model for electronic payments. The Finance Director and Steering Committee may approve an alternative fee model if a product or service is not covered by the standard Service Fee pricing model.
b) The methodology used in calculating the Service Fee must be approved by the Finance Director prior to an agency accepting electronic payments, and be in accordance with the contracts the county has established with its payment vendor(s).
c) Service Fees may be calculated to recover all or a portion of a payment vendor's transaction costs.
- Agencies wishing to absorb all or a portion of the transaction costs from a payment vendor--as opposed to passing fees on to the customer in the form of a Service Fee, shall:
a) Be in accordance with Washington State laws. Specifically, no agency shall absorb the cost of transaction fees where such absorption is strictly prohibited by State Law (RCW 36.29.190). This restriction applies to payments involving taxes and certain special assessments.
b) Submit a Business Case to FBOD for review and action by the Finance Director and PSB. The Assessment should detail the reasons for absorbing transaction costs and outline the fee or rate model. The Business case must be submitted to FBOD prior to submittal to Council of a biennial, mid-biennial or supplement budget proposal indicating their intent to absorb electronic payment transaction fees as required by County Code, KCC, 4A.601, Electronic Payments.
c) Agencies which have previously been approved to absorb Service Fees are required to be reauthorized through the bi-annual budget process (County Code, KCC, 4A.601, Electronic Payments). This process will be facilitated by FBOD and PSB.
- Criteria for Absorbing Service Fees: The following evaluation criteria will be considered by FBOD and PSB for agencies requesting authorization by County Council to absorb Service Fees.
a) The agency has average transaction amounts that are low and adding a Service Fee would be a major barrier for customer adoption.
b) The agency can demonstrate strong customer adoption rates by absorbing fees, with increasing payments generating revenues or reducing administrative costs that more than offset the cost of absorbing fees.
c) The agency has a pricing structure for its products/services and the prices will be set to recover the costs of an electronic transaction.
d) The agency is influenced strongly by Equity and Social Justice considerations due to the population demographic that the agency predominantly serves.
e) An agency, with appropriate approvals, joins a regional, cooperative, State or Federal Business Application which requires the absorption of Service Fees for electronic payments.
f) The agency has a Council adopted budget that includes the cost of absorbing Service Fees.
F. Annual Reporting
- As part of the biennium budget request, and the mid-biennium report, the executive will provide the council with a list of all agencies offering electronic payment options. For those agencies absorbing Service Fees, either the actual or budgeted costs of absorbing these fees must be shown, as applicable, for the previous fiscal year, the present budget year and the upcoming budget year (County Code, KCC, 4A.601, Electronic Payments).
- Agencies proposing to add electronic payment services midway through a biennium budget period must indicate this intent by submission of a biennial or supplemental budget request coordinated by FBOD and PSB.
V. Implementation Plan
A. This policy becomes effective for Executive Branch agencies on the date that it is signed by the Executive. The Finance and Business Operations Division is responsible for implementation of this policy.
B. The Finance and Business Operations Division is responsible for communicating this policy to the management structure within their respective agencies and other appropriate parties.
A. This policy will be maintained by the Finance and Business Operations Division, or its successor agency.
B. This policy will automatically expire five (5) years after its effective date. A new, revised, or renewed policy will be initiated by the Finance and Business Operations Division, or its successor agency prior to the expiration date.
VII. Consequences for Noncompliance
Departments and agencies that do not conform to this policy may be in violation of County Code and State Law (Revised Code of the State of Washington (RCW) 36.29.190.). A possible outcome may be that FBOD and the Electronic Payments Steering Committee restricts or shuts down electronic payment system operation until an exception is approved or the department/agency has completed remediation as determined by FBOD and the Electronic Payments Steering Committee. FBOD may also require departments and agencies to develop or update a business case which will be submitted to the Electronic Payments Steering Committee for final review and decision-making.
Electronic Payments Procedures Manual [available from FBOD]