The Internal Revenue Service has awarded a contract to process tax return payments for the coming filing season to RBS Worldpay, a company that recently disclosed that a hacker break-in jeopardized financial data on 1.5 million payroll card holders and at least 1.1 million Social Security numbers.
The contract award comes a month after credit card giant Visa said RBS was no longer in compliance with the Payment Card Industry (PCI) security standards, a set of guidelines designed to protect cardholder data.
RBS spokesman Josh Passman said the company expects to be re-certified as PCI compliant “within the next few weeks.”
The contract awarded to RBS is a what’s known as a “zero dollar” contract, meaning the government doesn’t award a specific dollar amount. Rather, the approved vendor takes a convenience fee for each transaction it processes. According to a copy of the contract listed at fedbizopps.gov, RBS’s base convenience fee will be 1.95 percent of the amount the taxpayer owes the federal government.
IRS spokesman Anthony Burke said RBS will not be allowed to process credit card payments for taxpayers owing money to Uncle Sam until Jan. 20, 2010. Before that date, he said, RBS will not only have to show that it is once again PCI compliant, but that it also has passed the IRS’s own payment security audit.
“All service providers must undergo system acceptability testing,” Burke said. “We have a third-party who runs a series of tests on all of our providers to make sure their systems are security before they accept credit card payments” on behalf of taxpayers, he said.
The company will join two established payment processors approved by the IRS to process tax payments on behalf of the government: Nashville-based Link2Gov Corporation and Official Payments, out of San Ramon, Calif.
RBS Worldpay, based in Atlanta, is the U.S. payment-processing division of The Royal Bank of Scotland Group, the fifth biggest banking group in the world, according to the company’s Web site.