Have a Question about Nelnet Payment Services?

Here are some of the most common questions and their answers.

Account & Reconciliation

  • Nelnet Payment Services is the secure engine behind your software solutions that runs payments and collects your transaction information. Nelnet Payment Services offers real-time transaction and batch payment reporting.

    Merchant Portal reports are available for you to review settlement batch details, fee statements, and chargeback information.

  • To facilitate payment of funds and payment of fees, you must authorize your bank to allow Nelnet Payment Services to debit your account using the National Automated Clearing House Association (NACHA) Company IDs for fees and returns. Failure to do so could result in a hold on your Nelnet Payment Services Gateway merchant account.

    Your bank will need the following information to set up your credit card funds transfer details:

    • Descriptor (the label that will appear on your statement): TSYS PYMT PROC (CC)
    • Bank Name: Wells Fargo
    • NACHA Company ID: 9470259043

    If you will be accepting ACH transactions, your bank will also need to set up the following details to transfer ACH funds:

    • Descriptor (the label that will appear on your statement): Nelnet Payment Services
    • Bank Name: Wells Fargo
    • Company ID: 6470751402
  • Credit card funds are remitted in two (2) business days, post settlement. ACH funds are remitted in three (3) business days. Gateway automatically settles your approved transactions on a daily basis to ensure timely delivery of funds.

  • Credit card and ACH processing fees will be debited from your account separately.

    CC Fees – Credit card processing fees will be auto-debited from your bank account the following month on the second business day. Access your monthly credit card fee statements via Merchant Portal 24/7.

    ACH Fees – An ACH fee invoice will be emailed to the contact address provided on the merchant application on/around the 5th of the following month. ACH processing fees will be auto-debited from your bank account the following month on/around the 15th.

Chargebacks

  • A chargeback is an activity that occurs when a cardholder disputes a transaction on their card account through their issuing bank. A chargeback can occur for a number of reasons including but not limited to:

    • defective merchandise
    • recurring payment was not stopped as agreed
    • fraud

    During the chargeback process, funds related to a disputed transaction are adjusted, resulting in financial changes to both the cardholder and the merchant until such time as the case is resolved.

  • A retrieval request is an activity that occurs when a cardholder does not recognize a transaction on their card account and reaches out to their issuing bank to request more information. A major difference between a retrieval request and a chargeback is that during the retrieval request process, none of the funds related to a transaction in question are adjusted. A retrieval request may result in a chargeback if appropriate information is not supplied during the retrieval request process.

  • A refund generally occurs between a merchant and a cardholder and results in full or partial credit to the cardholder’s account for a specific transaction. Additionally, a merchant generally receives the goods and/or services back from the cardholder in exchange for applying the credit back to their account. A chargeback occurs when a cardholder works through their issuing bank to attempt to receive a credit for a specific transaction or a group of transactions and may not result in a return of funds back to the cardholder.

  • You will receive a chargeback notification from TSYS Merchant Solutions via fax or USPS mail. This notice includes the reason for the dispute, amount and date of the transaction, the last 4 digits of the card number, as well as a case number and rebuttal deadline. Also, your next daily remittance will be net the adjustment of the chargeback amount.

  • You will receive a retrieval notification from TSYS Merchant Solutions via fax or USPS mail. This notice includes the reason for the inquiry, amount and date of the transaction, the last 4 digits of the card number, as well as a case number and rebuttal deadline.

  • Using the case number and rebuttal deadline provided, you should forward documentation to support the transaction. This documentation includes, but is not limited to, a copy of a contract or receipt signed by the payer, a confirmation number and/or email, as well as proof of an existing partial or full refund.

  • Your merchant account may include a chargeback and/or retrieval fee. Please refer to your merchant agreement for pricing details.

  • To reduce the risk of chargebacks, we suggest that you communicate clearly with your customers. This includes obtaining and storing a payer’s written request and authorization for payment, including receipt with client signature and/or agreement, if required. Using the DBA Name and phone number you provided to Nelnet Payment Services, a payer will be able to recognize the transaction on their bank statement and contact you directly with any concerns.

    To avoid chargebacks, be sure to respond to your customers in a timely manner. If you find that you are receiving several inquiries either directly from your clients or via retrieval requests and chargebacks, please contact our Client Services Team to review the account info you provided. In addition, we recommend the use of the CVV code and full AVS, which includes verification of the billing address and zip code.

  • When a fraudster gets a successful transaction to process, the cardholder is charged. The cardholder has a right to submit a chargeback for an unauthorized transaction resulting in associated fees. If a successful fraudulent charge is processed and the charge isn’t immediately refunded, it’s likely that a chargeback will follow.

    You can take proactive steps in avoiding chargeback fees by monitoring your payment activity and processing refunds where applicable in a timely manner. For further information on card testing and how it affects you, consider contacting our Client Services line for support.

FinCEN Rules

On May 18, 2018 FinCEN enacted changes pertaining to entities completing a merchant application.

  • The Financial Crimes Enforcement Network (FinCEN) is a bureau of the United States Department of the Treasury that collects and analyzes information about financial transactions in order to combat domestic and international money laundering, terrorist financing, and other financial crimes.

  • FinCEN is imposing new customer due diligence requirements in their continued effort to detect and protect against fraud, money laundering and other financial crimes. These new requirements are considered to be a fifth pillar of Anti-Money Laundering (AML)/Bank Secrecy Act (BSA) compliance programs.

  • This depends on the tax classification of the institution.

    All IRS Tax Classifications, including Tax Exempt Organization/501c3:

    • An individual with Managerial Control must be identified. Managerial Control is defined as having significant responsibility to control, manage, or direct a legal entity customer. (This person may or may not be the Authorized Signer.)
    • The person identified as having Managerial Control must provide the following:
      • Full Name
      • Title
      • Email Address
      • Date of Birth
      • Social Security Number
      • Home Address

    NOTE: ONLY the individual identified as having Managerial Control must provide the above information. If the Authorized Signer is different than the person with Managerial Control, the Authorized Signer does NOT have to provide a Social Security Number.

    Government IRS Tax Classification:

    • Only an Authorized Signer has to be identified, as Government entities are exempt from FinCEN Beneficial Ownership requirements.
  • The new FinCEN Beneficial Ownership requirements must be completed within the online application pages.

    The person reviewing and completing the application pages can complete the application to the best of their ability and then forward the application within the online Signup tool to the Authorized Signer for their review, completion, signature, and submission.

  • No, collection of the information is done solely for the purpose of satisfying the Customer Due Diligence requirements imposed by the Beneficial Ownership rules.

  • Nelnet Payment Services, LLC, a Nelnet Company, is bound by the Nelnet Corporate Privacy policies, which are designed to protect and all Nonpublic Personal Information and Personally Identifiable Information we are required to collect as part of doing business and to comply with applicable privacy laws. This includes data retention requirements and following appropriate notification in the unlikely event of a data breach.

    Our privacy policy can be found on our website, https://nelnetinc.com/privacy-policy/nelnet-payment-services. Our security procedures are addressed in this policy, and include the following:

    We take careful steps to safeguard customer information. We restrict access to your personal and account information to those employees who need to know that information to provide Services to you, and we regularly train our employees on privacy, information security, and their obligation to protect your information. We maintain reasonable and appropriate physical, electronic, and procedural safeguards to guard your Nonpublic Personal Information and Personally Identifiable Information and we regularly test those safeguards to maintain the appropriate levels of protection.

  • The institution will not be able to offer credit cards as a payment option.

PCI Compliance

  • PCI stands for Payment Card Industry. PCI DSS, often referred to as PCI compliance, is the Payment Card Industry Data Security Standard. PCI DSS is best summed up as card protection. It’s the standard anybody who touches card data in any way is expected to follow to better protect the integrity of that data and lessen the likelihood it can be compromised.

    Nelnet Payment Services is certified as a Level 1 Service Provider. The Level 1 certification process involves a complete audit of data security policies and practices by an outside auditor, or a Qualified Security Assessor (QSA), who is certified by the Security Standards Council. That audit must ensure, to the auditor’s and company’s own satisfaction, all measures being presented are in place 24/7/365, not just once a year.

    Any business handling card payment data must also be PCI compliant. Merchants using the Nelnet Payment Services solution correctly should have little to no interaction with a user’s actual card number due to encryption and tokenization. While this doesn’t unburden businesses entirely, it does greatly reduce the merchant’s PCI DSS scope.

    For more information regarding the PCI Security Standards Council, go to pcisecuritystandards.org.

  • SAQ stands for Self-Assessment Questionnaire and is a self-validation tool to assess a merchant’s level of cardholder data security. There are different SAQs available for a variety of merchant environments.

  • You must complete a Self-Assessment Questionnaire (SAQ) with our PCI DSS-approved qualified security assessor (QSA), Aperia Solutions, within 90 calendar days from the date of your welcome email.

  • With Nelnet Payment Services, the process is simple.

    • The online PCI Portal will guide you and tailor the questions per your responses.
    • No IT experience is required; however, it may be helpful to have your IT team on hand for questions regarding your internal network.
    • Depending on your SAQ, an accompanying quarterly external scan may be required to identify any weaknesses in your network.
    • Once you have completed the SAQ and initial passing scan, the subsequent quarterly scans can be set to occur automatically with little to no intervention.
  • Even though you are new to accepting payments, you should answer the questionnaire based on the manner in which you plan to utilize Nelnet Payment Services once you are set up.

  • A PCI Self-Assessment Questionnaire (SAQ) can be answered specific to your services with a single payment vendor or multiple vendors if your business utilizes more than one payment service. If your existing SAQ covers the manner in which you will utilize Nelnet Payment Services, you can simply forward your current passing SAQ and, if applicable, your most recent quarterly scan documents to support@pcihelpcenter.com.

    When communicating with the PCI Help Desk, please reference your DBA name, eight (8) digit MID number and Tax ID. Upon receipt, the documents will be uploaded and your account status will be updated accordingly.

  • Because our solutions take the majority of the PCI compliance burden off your hands, most of our customers qualify for the basic questionnaire, making the process pretty pain-free. There are cases where systems are more complex and have additional requirements – like systems audits – but our PCI vendor Aperia is here to help you through the whole process.

  • A monthly PCI compliance fee may be assessed per merchant account. Should the account not reflect a status of Compliant by the 90 calendar day deadline, or upon annual renewal, an additional monthly non-compliance fee may be assessed. Upon status change to Compliant, the non-compliance fee will discontinue. All PCI-related account fees, as stated on your merchant agreement, will be assessed via the monthly credit card fee statement available at transactionsummary.com.

  • Yes, you are required to renew your PCI SAQ annually. You should receive email reminders prior to expiration. To ensure you don’t miss your deadline, we recommend putting a reminder on your calendar.

    Depending on the PCI scope and the SAQ type recommended for your business, a quarterly network scan may be required in addition to the annual SAQ. Once you’ve completed the initial SAQ and passing scan, the subsequent scans can be set to occur automatically with little to no intervention. Once complete, you will receive a scan summary report via email.

  • For assistance accessing and/or completing the questionnaire, the PCI Help Desk is happy to help.

    Representatives are available Monday through Friday, 9 a.m. to 5 p.m. CST. Please reference your DBA name, abbreviated eight (8) digit Merchant ID (MID) number and Tax ID.

    855-449-2579 | support@pcihelpcenter.com

  • This is case-by-case, depending on any pre-existing, payment processing methods you may support outside of your Nelnet Payment Services account. We recommend consulting our PCI helpdesk number if you employ any other methods outside of Nelnet Payment Services e-commerce, such as card-readers and standalone terminals.

    However, if you are filing PCI exclusively for your Nelnet Payment Services account, you may select “website integrated with validated payment gateway.”

  • Yes, you are outsourcing cardholder data to Nelnet Payment Services. We use multiple data-protection methods, including encryption and tokenization, to keep cardholder data safe. This takes most of the compliance burden off your business.

  • In the case of filing PCI exclusively for your Nelnet Payment Services account, your company only has a relationship with one acquirer.

  • In the case of filing PCI exclusively for your Nelnet Payment Services account, no. The QIR description does not apply to our services.

  • No, for the purposes of your Nelnet Payment Services account, network segmentation is not applicable.

Multi-Factor Authentication (MFA) Setup

  • Multi-Factor Authentication (MFA) is when a user must provide two or more pieces of evidence to verify their identity to gain access to an application or digital resource. MFA is used to protect against hackers by ensuring digital users are who they say they are as well as adding a layer of protection to the sign-in process to help safeguard customer and business information.

    Nelnet has implemented MFA to comply with updates to FTC regulations and to increase security to its portals.

  • There are three user authentication methods to choose from: Email, Text Message, or Authenticator App. Only one MFA method can be configured at a time. Each method describes the steps a user takes to receive a six-digit verification code to complete their authentication. A new verification code is sent every time the user initiates the login process.

    Email – This method enables users to log in with their email address.

    Text Message – This method enables users to identify a phone number where they will receive a text message with a verification code.

    Authenticator App – This method requires users to download an authenticator app and scan the QR code displayed on the MFA registration screen to generate a verification code. It is the user’s discretion whether they choose to associate any existing account (e.g., Google) with the authentication app. The app must be refreshed periodically to generate an updated code for each login.

    1. Complete the usual sign-in steps using your email address and password to initiate the MFA registration workflow.
    2. Select Email as the MFA Method. Then, enter your email address and click Next.
    3. Check your inbox for an email from Nelnet. Enter the verification code provided to you and click Submit.
    4. IMPORTANT – Backup Code: You will receive a confirmation message and should save the backup code that is shown on this screen in case you need to change your MFA method in the future. You can click Copy Backup Code and paste it in a secure place for future reference.

    After receiving the confirmation message, click Continue to return to the main screen where you will be asked to sign in again. The system will invoke the MFA method by sending you an email message with the MFA code to complete your login.

    1. Complete the usual sign-in steps using your email address and password to initiate the MFA registration workflow.
    2. Select Text Message as the MFA Method. Then, select the appropriate country/country code, enter your phone number, and click Next.
    3. You will receive a text message from NPS with your MFA code. Enter the verification code provided to you and click Submit.
    4. IMPORTANT – Backup Code: You will receive a confirmation message and should save the backup code that is displayed in case you need to change your MFA method in the future. You can click Copy Backup Code and paste it in a secure place for future reference.
    5. After receiving the confirmation message, click Continue to return to the main screen where you will be asked to sign in again. The system will invoke the MFA method by sending you a text message with the MFA code that will complete your login.
    1. You are required to download an authenticator app – NPS recommends Google Authenticator or Authy.
    2. Complete the usual sign-in steps using your email address and password to initiate the MFA registration workflow.
    3. Select Authenticator App as the MFA Method. Then, enter a name for your device (e.g., iPhone or the name of the phone or tablet manufacturer) and click Next.
    4. Open the authenticator app you downloaded to scan the QR code displayed on your screen. If the app requests permission to take pictures and record video, click Allow. This is necessary to scan the QR code you are given.Note: The QR code shown in these steps is provided for instructional purposes only.
    5. The app will display a verification code. Enter the verification code provided to you and click Submit.
    6. IMPORTANT – Backup Code: You will receive a confirmation message and should save the backup code that is displayed in case you need to change your MFA method in the future. You can click Copy Backup Code and paste it in a secure place for future reference.
    7. After receiving the confirmation message, click Continue to return to the main screen where you will be asked to sign in again. The system will invoke the MFA method and request a verification code which you will see in your authenticator app.
  • Regardless of which method you use, you will receive a confirmation message and should save the backup code that is shown in the event you ever need to change your MFA method in the future or if you no longer have access to the device you originally used. When logging in, click Use Backup Code only to reset or change your MFA option because the backup code you receive will change every time you change your MFA option. Refer to How do I change my MFA method section for information about changing your MFA option.

    1. Complete the usual sign-in steps using your email address and password.
    2. Instead of entering the verification code you just received, click Use Backup Code.
    3. Enter the backup code you saved when you initially set up MFA and click Submit.
    4. You will be presented with an option to change your authentication method. After you select a new method, continue with the authentication process.
  • For questions or if you need assistance, contact NPS Client Services or call 866.431.4637.

Call Us

866.431.4637

 
Email Us

Email Support

 
Our Documents

Developer Docs

 

Support, Super-Sized

Partnering closely with every client is our key to creating so many success stories. So whatever your organization needs to succeed, we’re here to help.

Nelnet Payment Services, LLC (formerly PaymentSpring) is a registered ISO of Wells Fargo Bank, N.A. Concord, CA.