Have a Question about Nelnet Payment Services?
Here are some of the most common questions and their answers.
Account Access & Reconciliation
- Why do I need access to both Nelnet Payment Services Gateway and Transaction Summary?
Nelnet Payment Services is the secure engine behind your software solutions that runs payments and collects your transaction information. Nelnet Payment Services offers real-time transaction and batch payment reporting.
Transaction Summary reports are available for you to review settlement batch details, fee statements, and chargeback information.
- How do I set up my accounts to transfer funds between my bank account and my payment acceptance account?
To facilitate payment of funds and payment of fees, you must authorize your bank to allow Nelnet Payment Services to debit your account using the National Automated Clearing House Association (NACHA) Company IDs for fees and returns. Failure to do so could result in a hold on your Nelnet Payment Services Gateway merchant account.
Your bank will need the following information to set up your credit card funds transfer details:
- Descriptor (the label that will appear on your statement): TSYS PYMT PROC (CC)
- Bank Name: Wells Fargo
- NACHA Company ID: 9470259043
If you will be accepting ACH transactions, your bank will also need to set up the following details to transfer ACH funds:
- Descriptor (the label that will appear on your statement): Nelnet Payment Services
- Bank Name: Wells Fargo
- Company ID: 6470751402
- When are my funds remitted?
Credit card funds are remitted in two (2) business days, post settlement. ACH funds are remitted in three (3) business days. Gateway automatically settles your approved transactions on a daily basis to ensure timely delivery of funds.
- When will my processing fees be debited from my account?
Credit card and ACH processing fees will be debited from your account separately.
CC Fees – Credit card processing fees will be auto-debited from your bank account the following month on the second business day. Access your monthly credit card fee statements via Transaction Summary 24/7.
ACH Fees – An ACH fee invoice will be emailed to the contact address provided on the merchant application on/around the 10th of the following month. ACH processing fees will be auto-debited from your bank account the following month on/around the 20th.
- What is a chargeback?
A chargeback is an activity that occurs when a cardholder disputes a transaction on their card account through their issuing bank. A chargeback can occur for a number of reasons including but not limited to:
- defective merchandise
- recurring payment was not stopped as agreed
During the chargeback process, funds related to a disputed transaction are adjusted, resulting in financial changes to both the cardholder and the merchant until such time as the case is resolved.
- What is a retrieval request?
A retrieval request is an activity that occurs when a cardholder does not recognize a transaction on their card account and reaches out to their issuing bank to request more information. A major difference between a retrieval request and a chargeback is that during the retrieval request process, none of the funds related to a transaction in question are adjusted. A retrieval request may result in a chargeback if appropriate information is not supplied during the retrieval request process.
- What is the difference between a refund and a chargeback?
A refund generally occurs between a merchant and a cardholder and results in full or partial credit to the cardholder’s account for a specific transaction. Additionally, a merchant generally receives the goods and/or services back from the cardholder in exchange for applying the credit back to their account. A chargeback occurs when a cardholder works through their issuing bank to attempt to receive a credit for a specific transaction or a group of transactions and may not result in a return of funds back to the cardholder.
- How do I know if a payment was charged back?
You will receive a chargeback notification from TSYS Merchant Solutions via fax or USPS mail. This notice includes the reason for the dispute, amount and date of the transaction, the last 4 digits of the card number, as well as a case number and rebuttal deadline. Also, your next daily remittance will be net the adjustment of the chargeback amount.
- How do I know if a payer submitted a retrieval request?
You will receive a retrieval notification from TSYS Merchant Solutions via fax or USPS mail. This notice includes the reason for the inquiry, amount and date of the transaction, the last 4 digits of the card number, as well as a case number and rebuttal deadline.
- As a merchant, what do I need to do, if I receive a chargeback or retrieval request?
Using the case number and rebuttal deadline provided, you should forward documentation to support the transaction. This documentation includes, but is not limited to, a copy of a contract or receipt signed by the payer, a confirmation number and/or email, as well as proof of an existing partial or full refund.
- Are there any fees associated with a chargeback or retrieval?
Your merchant account may include a chargeback and/or retrieval fee. Please refer to your merchant agreement for pricing details.
- Are there any steps I can take to protect myself from receiving a chargeback?
To reduce the risk of chargebacks, we suggest that you communicate clearly with your customers. This includes obtaining and storing a payer’s written request and authorization for payment, including receipt with client signature and/or agreement, if required. Using the DBA Name and phone number you provided to Nelnet Payment Services, a payer will be able to recognize the transaction on their bank statement and contact you directly with any concerns.
To avoid chargebacks, be sure to respond to your customers in a timely manner. If you find that you are receiving several inquiries either directly from your clients or via retrieval requests and chargebacks, please contact our Client Services Team to review the account info you provided. In addition, we recommend the use of the CVV code and full AVS, which includes verification of the billing address and zip code.
- In the event of card testing, could I be subject to chargebacks?
When a fraudster gets a successful transaction to process, the cardholder is charged. The cardholder has a right to submit a chargeback for an unauthorized transaction resulting in associated fees. If a successful fraudulent charge is processed and the charge isn’t immediately refunded, it’s likely that a chargeback will follow.
You can take proactive steps in avoiding chargeback fees by monitoring your payment activity and processing refunds where applicable in a timely manner. For further information on card testing and how it affects you, consider contacting our Client Services line for support.
FinCEN Beneficial Ownership Rules
On May 18, 2018 FinCEN enacted changes pertaining to entities completing a merchant application.
- What is FinCEN?
The Financial Crimes Enforcement Network (FinCEN) is a bureau of the United States Department of the Treasury that collects and analyzes information about financial transactions in order to combat domestic and international money laundering, terrorist financing, and other financial crimes.
- Why are the changes being made?
FinCEN is imposing new customer due diligence requirements in their continued effort to detect and protect against fraud, money laundering and other financial crimes. These new requirements are considered to be a fifth pillar of Anti-Money Laundering (AML)/Bank Secrecy Act (BSA) compliance programs.
- What changes are being made?
This depends on the tax classification of the institution.
All IRS Tax Classifications, including Tax Exempt Organization/501c3:
- An individual with Managerial Control must be identified. Managerial Control is defined as having significant responsibility to control, manage, or direct a legal entity customer. (This person may or may not be the Authorized Signer.)
- The person identified as having Managerial Control must provide the following:
- Full Name
- Email Address
- Date of Birth
- Social Security Number
- Home Address
NOTE: ONLY the individual identified as having Managerial Control must provide the above information. If the Authorized Signer is different than the person with Managerial Control, the Authorized Signer does NOT have to provide a Social Security Number.
Government IRS Tax Classification:
- Only an Authorized Signer has to be identified, as Government entities are exempt from FinCEN Beneficial Ownership requirements.
- What if the person reviewing the online application pages does not have Managerial Control AND is not an Authorized Signer?
- Is the person designated as having Managerial Control held liable for activity on the account?
No, collection of the information is done solely for the purpose of satisfying the Customer Due Diligence requirements imposed by the Beneficial Ownership rules.
- How does Nelnet Payment Services safeguard any Nonpublic Personal Information and Personally Identifiable Information?
Nelnet Payment Services, LLC, a Nelnet Company, is bound by the Nelnet Corporate Privacy policies, which are designed to protect and all Nonpublic Personal Information and Personally Identifiable Information we are required to collect as part of doing business and to comply with applicable privacy laws. This includes data retention requirements and following appropriate notification in the unlikely event of a data breach.
We take careful steps to safeguard customer information. We restrict access to your personal and account information to those employees who need to know that information to provide Services to you, and we regularly train our employees on privacy, information security, and their obligation to protect your information. We maintain reasonable and appropriate physical, electronic, and procedural safeguards to guard your Nonpublic Personal Information and Personally Identifiable Information and we regularly test those safeguards to maintain the appropriate levels of protection.
- What if no one at the institution is willing to provide the information FinCEN is now requiring?
The institution will not be able to offer credit cards as a payment option.
- What is PCI Compliance and why do I have to do it?
PCI stands for Payment Card Industry. PCI DSS, often referred to as PCI compliance, is the Payment Card Industry Data Security Standard. PCI DSS is best summed up as card protection. It’s the standard anybody who touches card data in any way is expected to follow to better protect the integrity of that data and lessen the likelihood it can be compromised.
Nelnet Payment Services is certified as a Level 1 Service Provider. The Level 1 certification process involves a complete audit of data security policies and practices by an outside auditor, or a Qualified Security Assessor (QSA), who is certified by the Security Standards Council. That audit must ensure, to the auditor’s and company’s own satisfaction, all measures being presented are in place 24/7/365, not just once a year.
Any business handling card payment data must also be PCI compliant. Merchants using the Nelnet Payment Services solution correctly should have little to no interaction with a user’s actual card number due to encryption and tokenization. While this doesn’t unburden businesses entirely, it does greatly reduce the merchant’s PCI DSS scope.
For more information regarding the PCI Security Standards Council, go to pcisecuritystandards.org.
- What is an SAQ?
SAQ stands for Self-Assessment Questionnaire and is a self-validation tool to assess a merchant’s level of cardholder data security. There are different SAQs available for a variety of merchant environments.
- How long do I have to complete PCI Compliance?
You must complete a Self-Assessment Questionnaire (SAQ) with our PCI DSS-approved qualified security assessor (QSA), Aperia Solutions, within 90 calendar days from the date of your welcome email.
- What does the PCI questionnaire process involve?
With Nelnet Payment Services, the process is simple.
- The online PCI Portal will guide you and tailor the questions per your responses.
- No IT experience is required; however, it may be helpful to have your IT team on hand for questions regarding your internal network.
- Depending on your SAQ, an accompanying quarterly external scan may be required to identify any weaknesses in your network.
- Once you have completed the SAQ and initial passing scan, the subsequent quarterly scans can be set to occur automatically with little to no intervention.
- It asks me to complete the form based on “how I process payments.” How do I answer if I don’t accept payments yet?
Even though you are new to accepting payments, you should answer the questionnaire based on the manner in which you plan to utilize Nelnet Payment Services once you are set up.
- If I completed an SAQ with another PCI DSS-approved QSA within the last year, do I need to complete a new SAQ?
A PCI Self-Assessment Questionnaire (SAQ) can be answered specific to your services with a single payment vendor or multiple vendors if your business utilizes more than one payment service. If your existing SAQ covers the manner in which you will utilize Nelnet Payment Services, you can simply forward your current passing SAQ and, if applicable, your most recent quarterly scan documents to email@example.com.
When communicating with the PCI Help Desk, please reference your DBA name, eight (8) digit MID number and Tax ID. Upon receipt, the documents will be uploaded and your account status will be updated accordingly.
- Is the PCI compliance assessment difficult?
Because our solutions take the majority of the PCI compliance burden off your hands, most of our customers qualify for the basic questionnaire, making the process pretty pain-free. There are cases where systems are more complex and have additional requirements – like systems audits – but our PCI vendor Aperia is here to help you through the whole process.
- What PCI compliance fees should I be aware of?
A monthly PCI compliance fee may be assessed per merchant account. Should the account not reflect a status of Compliant by the 90 calendar day deadline, or upon annual renewal, an additional monthly non-compliance fee may be assessed. Upon status change to Compliant, the non-compliance fee will discontinue. All PCI-related account fees, as stated on your merchant agreement, will be assessed via the monthly credit card fee statement available at transactionsummary.com.
- Once I’m PCI Compliant, will I ever have to complete the survey again?
Yes, you are required to renew your PCI SAQ annually. You should receive email reminders prior to expiration. To ensure you don’t miss your deadline, we recommend putting a reminder on your calendar.
Depending on the PCI scope and the SAQ type recommended for your business, a quarterly network scan may be required in addition to the annual SAQ. Once you’ve completed the initial SAQ and passing scan, the subsequent scans can be set to occur automatically with little to no intervention. Once complete, you will receive a scan summary report via email.
- Who do I contact if I have questions about my PCI compliance process?
For assistance accessing and/or completing the questionnaire, the PCI Help Desk is happy to help.
Representatives are available Monday through Friday, 9 a.m. to 5 p.m. CST. Please reference your DBA name, abbreviated eight (8) digit Merchant ID (MID) number and Tax ID.
855-449-2579 | firstname.lastname@example.org
- When going through the PCI questionnaire process, what “processing environment” should I select?
This is case-by-case, depending on any pre-existing, payment processing methods you may support outside of your Nelnet Payment Services account. We recommend consulting our PCI helpdesk number if you employ any other methods outside of Nelnet Payment Services e-commerce, such as card-readers and standalone terminals.
However, if you are filing PCI exclusively for your Nelnet Payment Services account, you may select “website integrated with validated payment gateway.”
- Am I sharing any cardholder data with any third-party service providers?
Yes, you are outsourcing cardholder data to Nelnet Payment Services. We use multiple data-protection methods, including encryption and tokenization, to keep cardholder data safe. This takes most of the compliance burden off your business.
- Does my company have a relationship with more than one acquirer?
In the case of filing PCI exclusively for your Nelnet Payment Services account, your company only has a relationship with one acquirer.
- Does my company use a Qualified Integrator & Reseller (QIR)? Is Nelnet Payment Services a QIR?
In the case of filing PCI exclusively for your Nelnet Payment Services account, no. The QIR description does not apply to our services.
- Does network segmentation apply to my business’s relationship with Nelnet Payment Services?
No, for the purposes of your Nelnet Payment Services account, network segmentation is not applicable.
Nelnet Payment Services, LLC (formerly PaymentSpring) is a registered ISO of Wells Fargo Bank, N.A. Concord, CA.