Enterprise Payments

eGov Strategies offers a suite of payment solutions that integrate to your back-office & legacy systems to provide advanced functions for bill payers.

PCI Compliance & Security

If a local or state government entity accepts credit cards/debit cards/EBTs, they must use a system that meets the Payment Card Industry Data Security Standard (PCI DSS) established by Visa, MasterCard, Discover, American Express & JCB. The PCI Security Standards Council has made compliance fairly easy by splitting it into four basic levels.

PCI Compliance Levels

  • eGov Strategies is certified to the highest PCI DSS standards - Level 1 (see press release)

PCI Compliance Chart

eGov and TransFirst (our credit card processor and gateway) are on VISA's global registry as PCI Level 1 service providers:

Quarterly PCI Scans

Quarterly, eGov Strategies will provide your organization with the results of a PCI network scan conducted through the McAfee Secure PCI Compliance tool.  eGov will run the scan against the IP address associated with your Enterprise Payment Portal website.  The result of the scan is a report that is approximately 35 pages in length and includes a list of vulnerabilities ranked by Severity (1 – 5) and PCI Severity (High – Low).

Some of the vulnerability areas addressed include:

  • IP address and internal network name;
  • SSL/TS sessions
  • Web server HTTP Requests
  • Firewall
  • DNS Host name
  • Internet Service Provider

Secure Data Transmission

eGov uses SSL encryption to ensure the security of user and credit card information relayed between the website user (from a PC, tablet or mobile phone) and the eGov web server. Once established, this connection will encrypt all traffic and ensure that all data passed between the web server and browser remains private.  

The SSL process requires registering of public and private keys with a 3rd party certificate authority. eGov utilizes the strongest public/private key sizes possible (up to and exceeding 2048-bit) and session keys that are at or exceed the industry standard of 256-bit encryption.   

Prohibited Data Storage

eGov never stores credit card information, card validation codes (CAV2, CID, CVC2, CVV2) or PIN data within our server environment.  Passwords and other user data that needs to be secure is encrypted when it is stored in our database. 

Related Devices

For credit card swipe devices, eGov will provide clients the MagTek Mini USB-powered card reader which has been specifically designed to secure card data per PCI DSS requirements. 

© 2017 eGov Strategies LLC
101 W Ohio Street Suite 2250
Indianapolis, IN 46204
1 877 634 3468 | info@egovstrategies.com