The Utah Division of Finance has authorized the State of Utah Executive Branch Agencies to obtain and operate credit card payment merchant identifications. These allow agencies to accept credit card payments for services.
Seven authorized options were documented by the Division of Finance (Finance) and will be supported by the Division of Technology Services (DTS). These options and associated fees are documented below.
Features and Descriptions
Option 1: Stand-alone card swipe on IP
This option entails a card swiping devices that is connected through the use of a wired network cable. This credit card traffic will traverse through the State’s network and the Internet to the payment processor.
In order to do this a firewall with an intrusion prevention system (IPS) will need to be ordered through DTS. One firewall will be needed per geographic office or processing location. The purpose of this firewall is to encrypt the traffic between the payment devices through our state network and on to the payment processing service.
Pricing
| Firewall with IPS | $861.44 |
| 3 Year Maintenance plan for firewall | $874.37 |
| Monthly networking rate for the card swiping device | $59/month |
Option 2: Card swipe on phone line
This option entails a card swiping devices that is connected through a phone line only. All transaction traffic will traverse over the phone line carrier’s network until it reaches the credit card processing service, thus no additional equipment is needed.
Pricing
Monthly Expenses (for additional phone line) Per Unit Expenses
| Phone Line (per location) | $34.00 |
| 1FB | $6.00 |
| URATE | $28.00 |
Option 3: PC to payment portal – state employee
This option is for state employees that are using a computer to enter payments through the Utah Interactive or Paymentech web services gateway. Users will log onto a service with an Internet browser and enter credit card information and payment amounts through this service hosted by an outside party.
In this case, all traffic is encrypted with through the contractor’s web service, but we have the responsibility of protecting our end point devices used to access this service. In order to do this, these computers need to be protected by a Firewall with IPS with the option to segment them with their own services including Symantec endpoint point protection, Zenworks, Active Directory authentication and File integrity monitoring.
Pricing
| Firewall with IPS | $861.44 |
| 3 Year Maintenance plan for firewall | $874.37 |
| Monthly networking rate for the card swiping device | $59/month |
| Desktop rate for each user’s device | $63/month |
Optional Services
| Hosting processing rate (a server to host segregated services) | $391.72/month |
| CPU & Storage rate (for the segregated services) | $277.47 |
| Licensing fees for additional optional services would need to be estimated based upon the Agency’s request (i.e. a separate AD server, Symantec server, file integrity monitoring, etc.) | Variable |
Option 4: POS on a computer with attached card swipe
This option entails a card-swiping device attached to a computer with software integration. This option is needed when credit card data is integrated with a software application that accounts for each transaction such as what is used in a large retail store.
In order to do this a firewall with an intrusion prevention system (IPS) will need to be ordered through DTS per processing location. The purpose of this firewall is to encrypt the traffic between the payment devices through our state network and on to the payment processing service.
Additionally, all services to these devices will need to be isolated to the credit card processing environment including the following:
- Logging and monitoring
- Symantec endpoint protection
- Zenworks
- Any centralized authentication like active directory
- Patching
- File integrity monitoring services
File integrity monitoring service will also need to be installed on all computers connected to the environment.
Pricing
| Firewall with IPS | $861.44 |
| 3 Year Maintenance plan for firewall | $874.37 |
| Monthly networking rate for the card swiping device | $59/month |
| Desktop rate for each user’s device | $63/month |
| Hosting processing rate (a server to host segregated services) | $391.72/month |
| CPU & Storage rate (for the segregated services) | $277.47 |
| File integrity monitoring software per computer | $100 |
| Licensing fees for additional optional services would need to be estimated based upon the Agency’s request (i.e. a separate AD server, Symantec server, file integrity monitoring, etc.) | Variable |
Option 5: Chase mobile
This option is selected when the agency would like to use a mobile device payment-processing device. These can currently be purchased for through Finance for most of the popular mobile phones and tablets.
No additional equipment purchases from DTS are need for this option. Mobile phones/tablets should be purchased through agency contacts.
Pricing
| No additional equipment purchases from DTS are need for this option. |
Option 6: Public kiosk
This option is used when agencies would like to create a public kiosk to collect payments for residents to use. Residents could then use the Internet browser on this kiosk to enter a transaction from one of the online payment services such as Utah Interactive or Paymentech.
In this case, all traffic is encrypted with through the contractor’s web service, but we have the responsibility of protecting our end point devices used to access this service. In order to do this, these computers need to be protected by a Firewall with IPS with the option to segment them with their own services including Symantec endpoint point protection, Zenworks, Active Directory authentication and File integrity monitoring.
Pricing
| Firewall with IPS | $861.44 |
| 3 Year Maintenance plan for firewall | $874.37 |
| Monthly networking rate for the card swiping device | $59/month |
| Desktop rate for each user’s device<br> | $63/month |
Optional Services
| Hosting processing rate (a server to host segregated services) | $391.72/month |
| CPU & Storage rate (for the segregated services) | $277.47 |
| Licensing fees for additional optional services would need to be estimated based upon the Agency’s request (i.e. a separate AD server, Symantec server, file integrity monitoring, etc.) | Variable |
Option 7: e-commerce
This option is used when agencies select to have a contractor take payments on their behalf through an online service. In this case, no state employees are involved in the credit card transaction, rather the user enters their transaction on the vendor website.
Pricing
| No additional equipment purchases from DTS are need for this option. |
Features Not Included
Card swiping devices
Card swiping devices should be ordered through Finance and cannot be procured through DTS.
Paymentech services
DTS is dependent on Paymentech’s services being available for credit card purchases and application availability metrics may be affected by contractor service.
Ordering and Provisioning
New PCI services and changes to existing PCI services should be coordinated through each Agencies IT Director.
DTS Responsibilities
DTS is responsible for the hosting and application services as well as network connectivity.
These include the following:
- Firewall availability, support and maintenance
- Server availability, support and maintenance
- Desktop availability, support and maintenance
Agency Responsibilities
Agencies are responsible for keeping IT Directors on apprised on PCI needs and options selected. As detailed above, Agencies are responsible for ordering card swiping devices and merchant ID’s through Finance and obtaining mobile devices as needed.
