0500 eCommerce

All participants in the State Controller’s Master Services Agreement for Merchant Card Services, as well as State agencies engaging in separate arrangements, are to devise a security incident response plan that incorporates the requirements of the Payment Card Industry Security Council. For those State agencies falling under the purview of The State Chief Information Officer, the incident response requirements defined by the Office of Information Technology Services (ITS) should also be incorporated.

When developing agency cash management plans, each state agency shall consider utilizing electronic payments methods for both outbound and inbound payments.

The Office of the State Controller (OSC) will periodically consider the types of merchant cards that may be appropriate to be accepted as a means of payment by entities participating under a master services agreement provided by the State Controller, and participating entities shall adhere to the guidelines prescribed herein.