Credit Card Management Policy and Procedures
Approved by the Practice Manager/Director of PsychSolutions Clinicians on 2nd May 2022
About PsychSolutions Clinicians
PsychSolutions believe in helping people to thrive. Our mission is to provide timely and accessible care of the highest quality to children, adults and organisations. We offer a range of health and wellbeing services including psychological assessment and counselling, educational as well as corporate leadership and workplace services. Committed to quality in all that we do, we help people cultivate self-worth, build resilience and grow in mental wellness in order to thrive.
PsychSolutions is committed to delivering best practice ethical standards in all areas of our company.
For the individual we provide the following psychological services:
- Psychological assessment and counselling in many clinical areas;
- Cognitive Behaviour Therapy (CBT), Acceptance and Commitment Therapy (ACT), Dialectical Behaviour Therapy (DBT), Mindfulness, Eye Movement Desensitisation Reprocessing and other evidence-based therapies;
- psychological assessment and counselling for workers compensation related rehabilitation;
- Employee Assistance Programs (EAPs);
- Speech Therapy Services
- Psychiatry Services
- Dietitian Services
- Behaviour Assessment and Behaviour Management Plans;
- online mental health assessments and cognitive assessments; and
We are conveniently located in Orange, Bathurst and Dubbo, NSW
Policy and Procedures Purpose
The purpose of this Policy and Procedures is to provide the policies and procedures for Credit Card Management by PsychSolutions staff. It also provides guidelines around the correct permission, access, use and storage of Client credit card information.
This policy and associated set of procedures outlines PsychSolutions staff ongoing obligations to all Clients in respect of how we manage their Personal Information and Credit Card details. This Policy and Procedures should be read in conjunction with both the Finance Management Policy and Procedures and the Privacy Policy and Procedures.
Scope
This Policy applies to all PsychSolutions Clinicians employees and Clients.
Definitions
Client
A Client is a person receiving goods and/or services from PsychSolutions.
Online Customer
An Online Customer is a person receiving goods and/or services from PsychSolutions.
Employee
An employee is a person who is hired to provide services in exchange for compensation (pay) (Australian Taxation Office, 2012). An employee is a paid member of staff – this can be on a full-time, part-time, fixed term or casual basis. This includes contractors providing services to PsychSolutions for a set time or specific task and those engaged in the performance of duties for PsychSolutions from a labour hire agency.
Aims of the Policy and Procedures
PsychSolutions Credit Card Management Policy & Procedures ensures that PsychSolutions staff has an effective, efficient, and lawful approach in collecting, charging, storing, accessing, securing, and disposing of a Client’s credit card information.
Reference
PsychSolutions has adopted the PCI Data Security Standards to protect and govern the way we accept, store, process and transmit credit card transactions.
A copy of the PCI security standards can be obtained from the PCI Security Standards Council website at www.pcisecuritystandards.org.
PsychSolutions as the Merchant (Collector) works with the third party, Pin Payments who is a Level 1 PCI Service Provider. PsychSolutions Clinicians is guided by and works in adherence with Pin Payment’s Terms of Service.
PsychSolutions as the Merchant (Collector) works with the third party, BPOINT who is a Level 1 PCI Service Provider. PsychSolutions is guided by and works in adherence with BPOINT Australia’s Services Agreement.
Third Parties
Where reasonable and practicable to do so, we will collect your credit card Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
PsychSolutions as the Merchant (Collector) works with two primary third parties in relation to Credit Card Management.
B-Point is a DATAVAULT tokenisation service that allows us to securely store credit cards, charge cards and bank account details. This allows PsychSolutions to become PCI DSS compliant.
Credit Card Authority Policy
Purpose of the Policy
The credit card authority policy governs the way PsychSolutions staff seek, process, store and destroy a client or customer’s credit card information. Credit card authority is only gained when a Credit Card Authority Form is completed and signed by a client or customer.
Procedures
Prior to any of the following credit card procedures being undertaken, the authorising person noted must provide authority to PsychSolutions. This policy should be considered closely alongside the Financial Management Policy and Procedures and the Privacy Policy and Procedures.
Gaining Authorisation
The following are the steps PsychSolutions’ Staff will take to gain authorisation from a client or customer to store Credit Card information.
- If you are a new Client of PsychSolutions, you will be asked over the phone if you would like to store your credit card information on your client file for payment of each session.
- With your verbal consent, we will enter in your credit card name, credit card number, CCV and expiry date into our secure payment system. This is a preliminary authority only.
- Once verbal agreement is given, you will be sent an electronic Credit Card Authority Form. It will ask you to provide your first name, surname, D.O.B and your signature. The form will also outline your standard session fee and our payment terms and cancellation policy.
- The form will request your compliance and authority with the following: