As your payments partner, NIC maintains awareness of current PCI DSS requirements and their impact on solutions that are managed by NIC. PCI compliance and the security of payment account data is both NIC’s and our government partners’ responsibility. NIC has multiple PCI compliant payment solutions and each of them have a different allocation of the PCI requirement responsibilities. NIC has developed requirement matrices for each of our payment solutions that identifies which requirements are the responsibility of the governmental entity and which are taken care of by NIC, based upon the specific application and implementation method leveraged. Our goal is to streamline the business of payments, including the PCI responsibilities as much as possible for our partners.
PCI requires that all personnel involved in accepting credit card payments are made aware of proper handling of the account data and the security responsibilities surrounding the card reader devices when utilized. This awareness training is required at hire and annually thereafter. To assist our government partners in this effort, NIC has created training videos that can be used as a component of the government entity’s security program. The videos can be added into a learning management system. The Agency Compliance Manager Point of Contact is responsible for tracking employee completion.
Each year, NIC will send the Agency Compliance Manager Point of Contact an assessment to complete. NIC uses OneTrust to build and collect the compliance assessment. Our aim is that the assessment will be completed in thirty (30) days. Please reach out to your NIC contract manager for assistance or any questions you may have regarding the assessment.
In order for our government partner agencies to be compliant with PCI Data Security Standards, training for agency personnel and a completed assessment are required on an annual basis. To deliver a secure and compliant payment service to our Partners, NIC follows all PCI Security Standards Council assessment processes and Card brand security programs.
- NIC is certified by the Payment Card Industry Data Security Standards (PCI-DSS) as a Level 1 Service Provider by a Qualified Security Assessor
- NIC is listed as a PCI-DSS Compliant provider on Visa and MasterCard’s Global Registry of Service Providers
- NIC is a participating organization of the Payment Card Industry Security Standards Council