Resources - FAQs
Overview
Card Acquiring Service (CAS) is a Fiscal Service federal program that provides federal agencies payment card acceptance capabilities.
CAS provides merchant services for credit, debit, electronic benefit transfer (EBT) and stored-value (e.g. gift, etc.) cards for federal partner agencies.
More than 60 federal agencies use CAS, including the Department of Commerce, Department of State, the Department of Veterans Affairs, The U.S. Forest Service, and the National Park Service.
Most federal agencies that accept credit or debit cards for payment MUST use CAS. Only groups with authority to process credit and debit cards on their own do not participate in CAS, including the U.S. Postal Service, Army/Air Force Exchange Service, Navy Exchange, and the Smithsonian.
Getting Started
All agencies interested in establishing a card services account can complete a CAS Application and work directly with CAS program staff, if assistance is needed for the following:
- Traditional Stand-alone Terminals
- Value Added Resellers
- Integrated Software Vendors, or
- Mobile Applications and Devices
Agencies that want to establish a new account and/or add locations to an existing account for card processing through Pay.gov need to contact their organization’s Pay.gov Implementation Specialist to submit applications for consideration. If you do not know your Implementation Specialist, please send an inquiry to: Pay.gov@fiscal.treasury.gov.
Establishing a card servicing account can take up to 2 weeks.
- Fiscal Service CAS Process – CAS retrieves, processes and approves all properly submitted CAS Applications. The current processing time for Fiscal Service CAS approval is one business week (i.e. 5 business days).
- Worldpay Process – Worldpay is responsible for the creation of CAS accounts. The current processing time for account creation is 7 business days.
If you have an inquiry/request related to:
- Terminal Support
- Reconciliation and Reporting
- Billing Inquiries
- Ordering Equipment or Supplies
- General Support Needs
Please contact the WorldPay Federal Agency Support Line: 1-866-914-0558 (Hours: 24/7).
If your inquiry/request is not in reference to any of the aforementioned categories, contact the CAS Outreach Mailbox at CardAcquiringService@fiscal.treasury.gov.
Dollar limits
There are different limits contingent upon the card type.
- For credit cards, the maximum a Federal Agency may collect in a single transaction is $24,999.99.
- For debit card, there is no limit.
- For government cards, the maximum a Federal Agency may collect in a single transaction is $9,999.99.
No, an agency customer cannot use two (2) credit cards to exceed the $24,999.99 credit card limit to pay on a transaction obligation. This would be considered a split transaction which violates the CAS Card Rules outlined in the Treasury Financial Manual: Volume 1, Chapter 7000 (Part 5) – Credit and Debit Card Transaction Collections.
- A customer could use one (1) credit card for the $24,999.99 and pay the remaining balance with an alternative payment option, Automated Clearing House (ACH), Debit Card or Cash.
- A customer could use any alternative payment outside of credit card to satisfy the payment of the entire transaction obligation.
Reporting
Transaction data for card servicing transactions can be found in the Collections Information Repository (CIR) or through the CAS Merchant Processor’s iQ portal.
Security
PCI - DSS is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud.
- PCI Validation is a snapshot of a compliance status. PCI Validation entails providing a quarterly submission of External Network Vulnerability scans, along with the completion of a Self-Assessment Questionnaire (SAQ) or Onsite Audit (depending on Merchant level) in order to “validate” an organization compliant with PCI DS requirements.
- PCI Compliance are the ongoing security controls and procedures that help to protect your organization on a 24/7 basis.
Yes, PCI DSS requirements apply to all organizations, systems, networks and applications that process, store, or transmit at least the cardholder number.
Yes.
- PCI Validation is a snapshot of a compliance status. PCI Validation entails providing a quarterly submission of External Network Vulnerability scans, along with the completion of a Self-Assessment Questionnaire (SAQ) or Onsite Audit (depending on Merchant level) in order to “validate” an organization compliant with PCI DS requirements.
- PCI Compliance are the ongoing security controls and procedures that help to protect your organization on a 24/7 basis.