About GPO   |   Newsroom/Media   |   Congressional Relations   |   Inspector General   |   Careers   |   Contact   |   askGPO   |   Help  
 
Home   |   Customers   |   Vendors   |   Libraries  

The Electronic Code of Federal Regulations (e-CFR) is a regularly updated, unofficial editorial compilation of CFR material and Federal Register amendments produced by the National Archives and Records Administration's Office of the Federal Register (OFR) and the Government Printing Office.

Parallel Table of Authorities and Rules for the Code of Federal Regulations and the United States Code
Text | PDF

Find, review, and submit comments on Federal rules that are open for comment and published in the Federal Register using Regulations.gov.

Purchase individual CFR titles from the U.S. Government Online Bookstore.

Find issues of the CFR (including issues prior to 1996) at a local Federal depository library.

[2]
 
 

Electronic Code of Federal Regulations

e-CFR Data is current as of April 21, 2014

Title 39: Postal Service


PART 501—AUTHORIZATION TO MANUFACTURE AND DISTRIBUTE POSTAGE EVIDENCING SYSTEMS


Contents
§501.1   Definitions.
§501.2   Postage Evidencing System provider authorization.
§501.3   Postage Evidencing System provider qualification.
§501.4   Changes in ownership or control, bankruptcy, or insolvency.
§501.5   Burden of proof standard.
§501.6   Suspension and revocation of authorization.
§501.7   Postage Evidencing System requirements.
§501.8   Postage Evidencing System test and approval.
§501.9   Demonstration or test Postage Evidencing Systems.
§501.10   Postage Evidencing System modifications.
§501.11   Reporting Postage Evidencing System security weaknesses.
§501.12   Administrative sanctions.
§501.13   False representations of Postal Service actions.
§501.14   Postage Evidencing System inventory control processes.
§501.15   Computerized Meter Resetting System.
§501.16   PC postage payment methodology.
§501.17   Decertified Postage Evidencing Systems.
§501.18   Customer information and authorization.
§501.19   Intellectual property.
§501.20   xxx

Authority: 5 U.S.C. 552(a); 39 U.S.C. 101, 401, 403, 404, 410, 2601, 2605; Inspector General Act of 1978, as amended (Pub. L. 95-452, as amended); 5 U.S.C. App. 3.

Source: 71 FR 65733, Nov. 9, 2006, unless otherwise noted.

§501.1   Definitions.

(a) Postage Evidencing Systems regulated by part 501 produce evidence of prepayment of postage by any method other than postage stamps and permit imprints. A Postage Evidencing System is a device or system of components that a customer uses to generate and print evidence that postage required for mailing has been paid. Postage Evidencing Systems print indicia, such as meter imprints or information-based indicia to indicate postage payment. They include but are not limited to postage meters and PC Postage systems.

(b) A postage meter is a Postal Service-approved Postage Evidencing System that uses a device to account for postage purchased and printed. The term meter as used in this part refers to a postage meter.

(c) PC Postage products are Postal Service-approved Postage Evidencing Systems that use a personal computer as an integral part of the system. PC Postage products may use the Internet to download postage to a mailer's computer from which the postage indicia may then be printed.

(d) A provider is a person or entity authorized under this section to manufacture and/or distribute Postage Evidencing Systems to customers.

(e) A manufacturer of postage meters produces postage meters.

(f) A distributor of postage meters may be a manufacturer who leases postage meters directly to end-user customers or may be an independent entity who leases postage meters to end-user customers on behalf of the manufacturer.

(g) A customer is a person or entity authorized by the Postal Service to use a Postage Evidencing System in accordance with Mailing Standards of the United States Postal Service, Domestic Mail Manual (DMM) 604 Postage Payment Methods, 4.0 Postage Meters and PC Postage Products (Postage Evidencing Systems).

§501.2   Postage Evidencing System provider authorization.

(a) The Postal Service considers Postage Evidencing Systems and their respective infrastructure to be essential to the exercise of its specific powers to prescribe postage and provide evidence of payment of postage under 39 U.S.C. 404(a)(2) and (4).

(b) Due to the potential for adverse impact upon Postal Service revenue, the following activities may not be engaged in by any person or entity without prior, written approval of the Postal Service:

(1) Producing or distributing any Postage Evidencing System that generates U.S. postage.

(2) Repairing, distributing, refurbishing, remanufacturing, modifying, or destroying any component of a Postage Evidencing System that accounts for or authorizes the printing of U.S. postage.

(3) Owning or operating an infrastructure that maintains operating data for the production of U.S. postage, or accounts for U.S. postage purchased for distribution through a Postage Evidencing System.

(4) Owning or operating an infrastructure that maintains operating data that is used to facilitate registration with the Postal Service of customers of a Postage Evidencing System.

(c) Any person or entity seeking authorization to perform any activity described in paragraph (b) of this section, or to materially modify any activity previously approved by the Postal Service, must submit a request to the Postal Service in person or in writing. Decisions of the Postal Service upon such requests are effective only if in writing (including electronic mail).

(d) Approval shall be based upon satisfactory evidence of the applicant's integrity and financial responsibility, commitment to the security of the Postage Evidencing System, and a determination that disclosure to the applicant of Postal Service customer, financial, or other data of a commercial nature necessary to perform the function for which approval is sought would be appropriate and consistent with good business practices within the meaning of 39 U.S.C. 410(c)(2). The Postal Service may condition its approval upon the applicant's agreement to undertakings that would give the Postal Service appropriate assurance of the applicant's ability to meet its obligations under this section, including but not limited to the method and manner of performing certain financial, security, and servicing functions and the need to maintain sufficient financial reserves to guarantee uninterrupted performance of not less than 3 months of operation.

(e) Qualification and approval may be based upon additional conditions agreed to by the Postal Service and the applicant. The applicant is approved in writing to engage in the function(s) for which authorization was sought and approved.

(f) To the extent that any provider manufactures and/or distributes any PC Postage product through any authorized Postage Evidencing System, such provider must adhere to the requirements of these regulations.

(g) The Postal Service office responsible for administration of this part is the Office of Payment Technology (PT) or successor organization. All submissions to the Postal Service required or invited by this part are to be made to this office in person or via mail to 475 L'Enfant Plaza SW., Room 3500, Washington DC 20260-0004.

[71 FR 65733, Nov. 9, 2006, as amended at 78 FR 44438, July 24, 2013]

§501.3   Postage Evidencing System provider qualification.

Any person or entity seeking authorization to manufacture and/or distribute Postage Evidencing Systems must:

(a) Satisfy the Postal Service of its integrity and financial responsibility.

(b) Obtain Postal Service approval under this part of at least one Postage Evidencing System satisfying the requirements of Postal Service regulations.

(c) As a condition of obtaining authorization under this section, the Postage Evidencing System provider's facilities used for the manufacture, distribution, storage, resetting, or destruction of postage meters and all facilities housing infrastructure supporting Postage Evidencing Systems will be subject to unannounced inspection by representatives of the Postal Service. If such facilities are outside the continental United States, the provider will be responsible for all reasonable and necessary travel-related costs incurred by the Postal Service to conduct the inspections. Travel-related costs are determined in accordance with Postal Service Handbook F-15, Travel and Relocation. At its discretion, the Postal Service may continue to fund routine inspections outside the continental United States as it has in the past, provided the costs are not associated with particular security issues related to a provider's Postage Evidencing System or supporting infrastructure, or with the start-up or implementation of a new plant or of a new or substantially changed manufacturing process.

(1) When conducting an inspection outside the continental United States, the Postal Service will make every effort to combine the inspection with other inspections in the same general geographic area in order to enable affected providers to share the costs. The Postal Service team conducting such inspections will be limited to the minimum number necessary to conduct the inspection. All air travel will be contracted for at the rates for official government business, when available, under such rules respecting class of travel as apply to those Postal Service representatives inspecting the facility at the time the travel occurs.

(2) If political or other impediments prevent the Postal Service from conducting security evaluations of Postage Evidencing System facilities in foreign countries, Postal Service approval of the activities conducted in such facilities may be suspended until such time as satisfactory inspections may be conducted.

(d) As the provider bears the ultimate responsibility to ensure customer information will not be compromised at any domestic or off shore locations, the provider (as well as its agent operating domestic or off shore locations) will not cause or permit data to be released other than for the operation of the third-party location. The provider shall notify its customer that data relating to its systems is being housed by a third-party location, and shall provide a copy thereof to the Postal Service of such notice to its customers. To the extent that any unauthorized release takes place, the vendor shall notify the Postal Service immediately upon discovery of any unauthorized use or disclosure of data or any other breach or improper disclosure of data of this agreement by the provider (as well as its agent operating the third-party location) and will cooperate with the Postal Service in every reasonable way to help the Postal Service regain possession of the data and prevent its further unauthorized use or disclosure. In the event that the Postal Service cannot regain possession of the data or prevent its further unauthorized use or disclosure, the provider shall indemnify the Postal Service from damages resulting from its (or such third-party) actions.

(e) Have, or establish, and keep under its active supervision and control adequate facilities for the control, distribution, and maintenance of PES and their replacement or secure disposal or destruction when necessary and appropriate.

[71 FR 65733, Nov. 9, 2006, as amended at 76 FR 77149, Dec. 12, 2011]

§501.4   Changes in ownership or control, bankruptcy, or insolvency.

(a) Any person or entity authorized under §501.2 must promptly notify the Postal Service when it has a reasonable expectation that there may be a change in its ownership or control including changes in the ownership of an affiliate which exercises control over its Postage Evidencing System operations in the United States. A change of ownership or control within the meaning of this section includes entry into a strategic alliance or other agreement whereby a third party either has access to data related to the security of the system or is a competitor to the Postal Service. Any person or entity seeking to acquire ownership or control of a person or entity authorized under §501.2 must provide the Postal Service satisfactory evidence that upon completion of the contemplated transaction, it will satisfy the conditions for approval stated in §501.2. Early notification of a proposed change in ownership or control will facilitate expeditious review of an application to acquire ownership or control under this section.

(b) Any person or entity authorized under §501.2 must promptly notify the Postal Service when it has a reasonable expectation that there may be a change in the status of its financial condition either through bankruptcy, insolvency, assignment for the benefit of creditors, or other similar financial action. Any person or entity authorized under §501.2 who experiences a change in the status of its financial condition may, at the discretion of the Postal Service, have its authorization under §501.2 modified or terminated.

§501.5   Burden of proof standard.

The burden of proof is on the Postal Service in administrative determinations of suspension and revocation under §501.6 and administrative sanctions under §501.12. Except as otherwise indicated in those sections, the standard of proof shall be the preponderance-of-evidence standard.

§501.6   Suspension and revocation of authorization.

(a) The Postal Service may suspend and/or revoke authorization to manufacture and/or distribute any or all of a provider's approved Postage Evidencing System(s) if the provider engages in any unlawful scheme or enterprise, fails to comply with any provision in this Part 501, fails to implement instructions issued in accordance with any final decision issued by the Postal Service within its authority over Postage Evidencing Systems or if the Postage Evidencing System or infrastructure of the provider is determined to constitute an unacceptable risk to Postal Service revenues.

(b) The decision to suspend or revoke pursuant to paragraph (a) of this section shall be based upon the nature and circumstances of the violation (e.g. whether the violation was willful, whether the provider voluntarily admitted to the violation, or cooperated with the Postal Service, whether the provider implemented successful remedial measures) and on the provider's performance history. Before determining that a provider's authorization to manufacture and/or distribute Postage Evidencing Systems should be suspended or revoked, the procedures in paragraph (c) of this section shall be followed.

(c) Suspension or revocation procedures:

(1) Upon determination by the Postal Service that a provider is in violation of provisions of this part, or that its Postal Evidencing System poses an unreasonable risk to postal revenue, PT, acting on behalf of the Postal Service, shall issue a written notice of proposed suspension citing the specific conditions or deficiencies for which suspension of authorization to manufacture and/or distribute a specific Postage Evidencing System or class of Postage Evidencing Systems may be imposed. Except in cases of willful violation, the provider shall be given an opportunity to correct deficiencies and achieve compliance with all requirements within a time limit corresponding to the potential risk to postal revenue.

(2) In cases of willful violation, or if the Postal Service determines that the provider has failed to correct cited deficiencies within the specified time limit, PT shall issue a written notice of suspension setting forth the facts and reasons for the decision to suspend, and the effective date if a written defense is not presented as provided in paragraph (d) of this section.

(3) The notice shall also advise the provider of its right to file a response under paragraph (d) of this section. If a written response is not presented in a timely manner the suspension may go into effect. The suspension shall remain in effect for ninety (90) calendar days unless revoked or modified by PT.

(4) If, upon consideration of the defense as provided in paragraph (d) of this section, the Postal Service deems that the suspension is warranted, the suspension shall remain in effect for up to 90 days unless withdrawn by the Postal Service, as provided in paragraph (c)(5)(iii) of this section.

(5) At the end of the ninety (90) day suspension, the Postal Service may:

(i) Extend the suspension in order to allow more time for investigation or to allow the provider time to correct the problem.

(ii) Make a determination to revoke authorization to manufacture and/or distribute a Postage Evidencing System in part or in whole.

(iii) Withdraw the suspension based on identification and implementation of a satisfactory solution to the problem.

(d) The provider may present the Postal Service with a written defense to any suspension or revocation determination within thirty (30) calendar days of receiving the written notice (unless a shorter period is deemed necessary). The defense must include all supporting evidence and state with specificity the reasons why the order should not be imposed.

(e) After receipt and consideration of the defense, PT shall advise the provider of its decision, and the facts and reasons for it. The decision shall be effective upon receipt unless it provides otherwise. The decision shall also advise the provider that it may be appealed within thirty (30) calendar days of receipt (unless a shorter time frame is deemed necessary). If an appeal is not filed in a timely manner, the decision of PT shall become a final decision of the Postal Service. The appeal may be filed with the Chief Information Officer of the Postal Service and must include all supporting evidence and state with specificity the reasons the provider believes that the decision is erroneous. The decision of the Chief Information Officer shall constitute a final decision of the Postal Service.

(f) An order or final decision under this section does not preclude any other criminal or civil statutory, common law, or administrative remedy that is available by law to the Postal Service, the United States, or any other person or entity.

[71 FR 65733, Nov. 9, 2006, as amended at 78 FR 44438, July 24, 2013]

§501.7   Postage Evidencing System requirements.

(a) A Postage Evidencing System submitted to the Postal Service for approval must meet the requirements of the Intelligent Mail Indicia Performance Criteria published by PT. Copies of the current Performance Criteria may be requested via mail to the address in §501.2(g).

(b) The provider must affix to all meters a cautionary message providing the meter user with basic reminders on leasing and meter movement.

(1) The cautionary message must be placed on all meters in a conspicuous and highly visible location. PROPERTY OF [NAME OF PROVIDER] as well as the provider's toll-free number must be emphasized by capitalized bold type and preferably printed in red. The minimum width of the message should be 3.25 inches, and the minimum height should be 1.75 inches. The message should read as follows:

RENTED POSTAGE METER-NOT FOR SALE

PROPERTY OF [NAME OF PROVIDER]

(800) ###-####

Use of this meter is permissible only under U.S. Postal Service authorization. Call [Name of Provider] at (800) ###-#### to relocate/return this meter.

WARNING! METER TAMPERING IS A FEDERAL OFFENSE.

IF YOU SUSPECT METER TAMPERING, CALL POSTAL INSPECTORS AT (800) 372-8347

REWARD UP TO $50,000 for information leading to the conviction of any person who misuses postage meters resulting in the Postal Service not receiving correct postage payments.

(2) Exceptions to the formatting of the required message are determined on a case-by-case basis. Any deviation from standardized meter message requirements must be approved in writing by the Postal Service.

(c) The provider must ensure that any matter printed by a postage evidencing system, whether within the boundaries of the indicia or outside the clear zone as defined in DMM 604.4.0 and the Performance Criteria for Information-Based Indicia and Security Architecture for Open IBI Postage Evidencing Systems or Performance Criteria for Information-Based Indicia and Security Architecture for Closed IBI Postage Metering Systems, is:

(1) Consistent with the Postal Service's intent to maintain neutrality on religious, social, political, legal, moral, or other public issues;

(2) Is not obscene, deceptive, or defamatory of any person, entity, or group, and does not advocate unlawful action;

(3) Does not emulate any form of valid postage, government, or other official indicia, or payment of postage; and

(4) Does not harm the public image, reputation, or good will of the Postal Service and is not otherwise derogatory or detrimental to the interests of the Postal Service.

(d) Providers must also ensure that customers acknowledge, agree, and warrant in writing that:

(1) The customer bears full responsibility and liability for obtaining authorization to reproduce and otherwise use the matter as proposed (including, without limitation, any trademarks, slogans, likenesses or copyrighted material contained in the image);

(2) The customer in fact has the legal authority to reproduce and otherwise use the matter as proposed; and

(3) The customer understands that images or other matter is not provided, approved, or endorsed in any way by the Postal Service.

[71 FR 65733, Nov. 9, 2006, as amended at 78 FR 44439, July 24, 2013]

§501.8   Postage Evidencing System test and approval.

(a) To receive Postal Service approval, each Postage Evidencing System must be submitted by the provider and evaluated by the Postal Service in accordance with the Postage Evidencing Product Submission Procedures published by PT. Copies of the current Performance Criteria may be requested via mail to the address in §501.2(g). These procedures apply to all proposed Postage Evidencing Systems regardless of whether the provider is currently authorized by the Postal Service to distribute Postage Evidencing Systems. All testing required by the Postal Service will be an expense of the provider.

(b) As provided in §501.11, the provider has a duty to report security weaknesses to the Postal Service to ensure that each approved Postage Evidencing System protects the Postal Service against loss of revenue at all times. A grant of approval of a system does not constitute an irrevocable determination that the Postal Service is satisfied with the revenue-protection capabilities of the system. After approval is granted to manufacture and/or distribute a Postage Evidencing System, no change affecting its basic features or safeguards may be made except as authorized or ordered by the Postal Service in writing.

[71 FR 65733, Nov. 9, 2006, as amended at 78 FR 44439, July 24, 2013]

§501.9   Demonstration or test Postage Evidencing Systems.

(a) A demonstration or test postage evidencing system is any system that produces an image that replicates a postage indicium for which the Postal Service has not received payment for postage. The following procedures must be followed to implement controls over demonstration or test Postage Evidencing Systems:

(1) A demonstration or test Postage Evidencing System may print only specimen or test indicia. A specimen or test indicia must clearly indicate that the indicia does not represent valid postage.

(2) A demonstration or test Postage Evidencing System must be recorded as such on internal provider inventory records and must be tracked by model number, serial number, and physical location.

(3) A demonstration or test Postage Evidencing System must remain under the provider's direct control. A demonstration or test Postage Evidencing System may not be left in the possession of a customer under any circumstance.

(b) All indicia printed by a demonstration or test Postage Evidencing System must be collected and destroyed daily.

§501.10   Postage Evidencing System modifications.

(a) An authorized provider must receive prior written approval from the manager, PT, of any and all changes made to a previously approved Postage Evidencing System. The notification must include a summary of all changes made and the provider's assessment as to the impact of those changes on the security of the Postage Evidencing System and postage funds. Upon receipt of the notification, PT will review the summary of changes and make a decision regarding the need for the following:

(1) Additional documentation.

(2) Level of test and evaluation required.

(3) Necessity for evaluation by a laboratory accredited by the National Institutes of Standards and Technology (NIST) under the National Voluntary Laboratory Accreditation Program (NVLAP).

(b) Upon receipt and review of additional documentation and/or test results, PT will issue a written acknowledgement and/or approval of the change to the provider.

[78 FR 44439, July 24, 2013]

§501.11   Reporting Postage Evidencing System security weaknesses.

(a) For purposes of this section, provider refers to the Postage Evidencing System provider authorized under §501.2 and its foreign affiliates, if any, subsidiaries, assigns, dealers, independent dealers, employees, and parent corporations.

(b) Each authorized provider of a Postage Evidencing System must notify the Postal Service within twenty-four (24) hours, upon discovery of the following:

(1) All findings or results of any testing known to the provider concerning the security or revenue protection features, capabilities, or failings of any Postage Evidencing System sold, leased, or distributed by it that has been approved for sale, lease, or distribution by the Postal Service or any foreign postal administration; or has been submitted for approval by the provider to the Postal Service or other foreign postal administration(s).

(2) All potential security weaknesses or methods of tampering with the Postage Evidencing Systems that the provider distributes of which it knows or should know and the Postage Evidencing System model subject to each such method. Potential security weaknesses include but are not limited to suspected equipment defects, suspected abuse by a customer or provider employee, suspected security breaches of the Computerized Meter Resetting System (CMRS) or databases housing confidential customer data relating to the use of Postage Evidencing Systems, occurrences outside normal performance, or any repeatable deviation from normal Postage Evidencing System performance.

(3) Cyber attacks that include, but are not limited to, gaining unauthorized access to digital systems for purposes of misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber attacks may also be carried out in a manner that does not require gaining unauthorized access, such as by causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or insiders using techniques that range from highly sophisticated efforts to electronically circumvent network security or overwhelm Web sites to more traditional intelligence gathering and social engineering aimed at obtaining information necessary to gain access. Cyber security risk disclosures reported must adequately describe the nature of the material risks and specify how each risk affects the Postage Evidencing System.

(c) Within a time limit corresponding to the potential revenue risk to postal revenue as determined by the Postal Service, the provider must submit a written report to the Postal Service. The report must include the circumstances, proposed investigative procedure, and the anticipated completion date of the investigation. The provider must also provide periodic status reports to the Postal Service during subsequent investigation and, on completion, must submit a summary of the investigative findings.

(d) The provider must establish and adhere to timely and efficient procedures for internal reporting of potential security weaknesses and shall provide a copy of such internal reporting procedures and instructions to the Postal Service for review.

(e) Failure to comply with this section may result in suspension of approval under §501.6 or the imposition of sanctions under §501.12.

[71 FR 65733, Nov. 9, 2006, as amended at 77 FR 23396, Apr. 19, 2012]

§501.12   Administrative sanctions.

(a) An authorized Postage Evidencing System provider may be responsible to the Postal Service for revenue losses caused by failure to comply with §501.11.

(b) The Postal Service shall determine all costs and revenue losses measured from the date that the provider knew, or should have known, of a potential security weakness, including, but not limited to, administrative and investigative costs and documented revenue losses that result from any Postage Evidencing System for which the provider failed to comply with any provision in §501.11. The Postal Service issues a written demand for reimbursement of any and all such costs and losses (net of any amount collected by the Postal Service from the customers) with interest. The demand shall set forth the facts and reasons on which it is based.

(c) The provider may present the Postal Service with a written defense to the proposed action within thirty (30) calendar days of receipt. The defense must include all supporting evidence and state with specificity the reasons for which the sanction should not be imposed.

(d) After receipt and consideration of the defense, the Postal Service shall advise the provider of the decision, and the facts and reasons for it; the decision shall be effective upon receipt unless it provides otherwise. The decision shall also advise the provider that it may, within thirty (30) calendar days of receiving written notice, appeal that determination to the Chief Information Officer of the Postal Service, who shall issue a written decision upon the appeal, which will constitute the final Postal Service decision.

(e) The imposition of an administrative sanction under this section does not preclude any other criminal or civil statutory, common law, or administrative remedy that is available by law to the Postal Service, the United States, or any other person or entity.

(f) An authorized Postage Evidencing System provider, who without just cause fails to follow any Postal Service approved procedures, perform adequately any of the Postal Service approved controls, or fails to obtain approval of a required process in §501.14 in a timely fashion, is subject to an administrative sanction under this provision §501.12.

[71 FR 65733, Nov. 9, 2006, as amended at 78 FR 44439, July 24, 2013]

§501.13   False representations of Postal Service actions.

Providers, their agents, and employees must not intentionally misrepresent to customers of the Postal Service decisions, actions, or proposed actions of the Postal Service respecting its regulation of Postage Evidencing Systems. The Postal Service reserves the right to suspend and/or revoke the authorization to manufacture or distribute Postage Evidencing Systems throughout the United States or any part thereof pursuant to §501.6 when it determines that the provider, its agents, or employees failed to comply with this section.

§501.14   Postage Evidencing System inventory control processes.

(a) Each authorized provider of Postage Evidencing Systems must permanently hold title to all Postage Evidencing Systems that it manufactures or distributes, except those purchased by the Postal Service or distributed outside the United States.

(b) An authorized provider must maintain sufficient facilities for and records of the business relationship, distribution, control, storage, maintenance, repair, replacement, and destruction or disposal of all Postage Evidencing Systems and their components to enable accurate accounting and location thereof throughout the entire life cycle of each Postage Evidencing System. A complete record shall entail a list by serial number of all Postage Evidencing Systems manufactured or distributed showing all movements of each system from the time that it is produced until it is scrapped, and the reading of the ascending register each time the system is checked into or out of service. These records must be available for inspection by Postal Service officials at any time during business hours.

(c) To ensure adequate control over Postage Evidencing Systems, plans for the following subjects must be submitted for prior approval, in writing, to the office of Payment Technology.

(1) Service procedures for all Postage Evidencing Systems—these are procedures to address the process to be used for new Postage Evidencing Systems as well as those previously leased to another customer.

(2) Transportation and storage of Postage Evidencing Systems—these are procedures that provide reasonable precautions to prevent use by unauthorized individuals. Providers must ship all postage meters by Postal Service Registered Mail® service unless given written permission by the Postal Service to use another carrier. The provider must demonstrate that the alternative delivery carrier employs security procedures equivalent to those for Registered Mail service.

(3) Postage Evidencing System examination/inspection procedures and schedule—the provider is required to perform postage meter examinations or inspections based on an approved schedule. Failure to complete the postage meter examination or inspections by the due date may result in the Postal Service requiring the provider to disable the meter's resetting capability. If necessary, the Postal Service shall notify the customer that the postage meter is to be removed from service and the authorization to use a Postage Evidencing System revoked, following the procedures for revocation specified by regulation. The Postal Service shall notify the provider to remove the postage meter from the customer's location.

(4) Out-of-service procedures for a nonfaulty Postage Evidencing System—these procedures must be used when the system is to be removed from service for any reason.

(5) Postage Evidencing System repair process—any physical or electronic access to the internal components of a postage meter, as well as any access to software or security parameters, must be conducted within an approved facility under the provider's direct control and active supervision. To prevent unauthorized use, the provider or any third party acting on its behalf must keep secure any equipment or other component that can be used to open or access the internal, electronic, or secure components of a postage meter.

(6) Handling procedures for faulty meters—the provider must maintain handling procedures for faulty meters, including those that are inoperable, mis-registering, have unreadable registers, inaccurately reflect their current status, show any evidence of possible tampering or abuse, and those for which there is any indication that the postage meter has some mechanical or electrical malfunction of any critical security component, such as any component the improper operation of which could adversely affect Postal Service revenues, or of any memory component, or that affects the accuracy of the registers or the accuracy of the value printed.

(7) Lost or stolen postage meter procedures—the provider must promptly report to the Postal Service the loss or theft of any postage meter or the recovery of any lost or stolen postage meter. Such notification to the Postal Service will be made by completing and filing a standardized lost and stolen meter incident report within 10 calendar days of the provider's determination of a meter loss, theft, or recovery.

(8) Postage meter destruction—when required, the postage meter must be rendered completely inoperable by the destruction process and associated postage; printing dies and components must be destroyed. Manufacturers or distributors of meters must submit the proposed destruction method; a schedule listing the postage meters to be destroyed, by serial number and model; and the proposed time and place of destruction to Payment Technology for approval prior to any meter destruction. Providers must record and retain the serial numbers of the meters to be destroyed and provide a list of such serial numbers in electronic form in accordance with Postal Service requirements for meter accounting and tracking systems. Providers must give sufficient advance notice of the destruction to allow Payment Technology to schedule observation by its designated representative who shall verify that the destruction is performed in accordance with a Postal Service-approved method or process. To the extent that the Postal Service elects not to observe a particular destruction, the provider must submit a certification of destruction, including the serial number(s), to the Postal Service within 5 calendar days of destruction. These requirements for meter destruction apply to all postage meters, Postage Evidencing Systems, and postal security devices included as a component of a Postage Evidencing System.

(d) If the provider uses a third party to perform functions that may have an impact upon a Postage Evidencing System (especially its security), including, but not limited to, business relationships, repair, maintenance, and disposal of Postage Evidencing Systems, Payment Technology must be advised in advance of all aspects of the relationship, as they relate to the custody and control of Postage Evidencing Systems and must specifically authorize in writing the proposed arrangement between the parties.

(1) Postal Service authorization of a third-party relationship to perform specific functions applies only to the functions stated in the written authorization but may be amended to embrace additional functions.

(2) No third-party relationship shall compromise the Postage Evidencing System, or its components, including, but not limited to, the hardware, software, communications, and security components, or of any security-related system with which it interfaces, including, but not limited to, the resetting system, reporting systems, and Postal Service support systems. The functions of the third party with respect to a Postage Evidencing System, its components, and the systems with which it interfaces are subject to the same scrutiny as the equivalent functions of the provider.

(3) Any authorized third party must keep adequate facilities for and records of Postage Evidencing Systems and their components in accordance with paragraph (b) of this section. All such facilities and records are subject to inspection by Postal Service representatives, insofar as they are used to distribute, control, store, maintain, repair, replace, destroy, or dispose of Postage Evidencing Systems.

(4) The provider must ensure that any party acting on its behalf in any of the functions described in paragraph (b) of this section maintains adequate facilities, records, and procedures for the security of the Postage Evidencing Systems. Deficiencies in the operations of a third party relating to the custody and control of Postage Evidencing Systems, unless corrected in a timely manner, can place at risk a provider's approval to manufacture and/or distribute Postage Evidencing Systems.

(5) The Postal Service reserves the right to review all aspects of any relationship if it appears that the relationship poses a threat to Postage Evidencing System security and may require the provider to take appropriate corrective action. By entering into any relationship under this section, the provider is not relieved of any responsibility to the Postal Service, and such must be stated in any memorialization of the relationship.

[77 FR 23618, Apr. 20, 2012]

§501.15   Computerized Meter Resetting System.

(a) Description. The Computerized Meter Resetting System (CMRS) permits customers to reset their postage meters at their places of business. Authorized providers, who operate CMRS services, are known as resetting companies (RCs).

(b) A customer is required to have funds available on deposit with the Postal Service before resetting a Postage Evidencing System or the provider may opt to provide a funds advance in accordance with paragraph (c) of this section.

(c) If the RC chooses to offer advancement of funds to customers, the RC is required to maintain a deposit with the Postal Service equal to at least one (1) day's average funds advanced. The total amount of funds advanced to customers on any given day shall not exceed the amount the provider has on deposit with the Postal Service. The Postal Service shall not be liable for any payment made by the RC on behalf of a customer that is not reimbursed by the customer, since the RC is solely responsible for the collection of advances made by the RC.

(d) The CMRS customer is permitted to make deposits in one of three ways: check, electronic funds transfer (or wire transfer), or automated clearinghouse (ACH) transfer. These deposits must be remitted to the Postal Service's designated bank account.

(e) The RC must require each CMRS customer that requests a meter resetting to provide the meter serial number, the CMRS account number, and the meter's ascending and descending register readings. The RC must verify that there are sufficient funds in the customer's CMRS account to cover the postage setting requested before proceeding with the setting transaction (unless the RC opts to provide the customer a funds advance).

(f) The Postal Service requires that the RC publicize to all CMRS customers the following payment options (listed in order of preference):

(1) Automated clearinghouse (ACH) debits/credits.

(2) Electronic funds transfers (wire transfers).

(3) Checks.

(g) Returned checks and ACH debits are the responsibility of the Postal Service. Upon notice from the Postal Service's designated bank, the provider will be required to immediately lock the customer account to prevent a meter reset until the Postal Service receives payment for the returned check or the provider is provided with valid ACH credit or wire information.

(h) Refunds. The Postal Service will issue a refund in the amount remaining in a customer's Computerized Meter Resetting System account, after such time as the customer provides a written request to the provider, as long as the request meets the Postal Service approved minimum and time frame.

(i) Security and Revenue Protection. To receive Postal Service approval to continue to operate systems in the CMRS environment, the RC must submit to a periodic examination of its CMRS system and any other applications and technology infrastructure that may have a material impact on Postal Service revenues, as determined by the Postal Service. The examination shall be performed by a qualified, independent audit firm and shall be conducted in accordance with the Statements on Standards for Attestation Engagements (SSAEs) No. 16, Service Organizations, developed by the American Institute of Certified Public Accountants (AICPA), as amended or superseded. Expenses associated with such examination shall be incurred by the RC. The examination shall include testing of the operating effectiveness of relevant RC internal controls (SOC 1 Type II SSAE 16 Report). If the service organization uses another service organization (sub-service provider), Postal Service management should consider the nature and materiality of the transactions processed by the sub-service organization and the contribution of the sub-service organization's processes and controls in the achievement of the Postal Service's control objectives. The Postal Service should have access to the sub-service organization's SOC 1 Type II SSAE 16 report. The control objectives to be covered by the SOC 1 Type II SSAE 16 report are subject to Postal Service review and approval, and are to be provided to the Postal Service 30 days prior to the initiation of each examination period. As a result of the examination, the service auditor shall provide the RC and the Postal Service with an opinion on the design and operating effectiveness of the RC's internal controls related to the CMRS system and any other applications and technology infrastructure considered material to the services provided to the Postal Service by the RC. Such examinations are to be conducted on no less than an annual basis, and are to be as of and for the 12 months ended June 30 of each year (except for new contracts for which the examination period will be no less than the period from the contract date to the following June 30, unless otherwise agreed to by the Postal Service). The examination reports are to be provided to the Postal Service by August 15 of each year. To the extent that internal control weaknesses are identified in a SOC 1 Type II SSAE 16 report, the Postal Service may require the remediation of such weaknesses and review working papers and engage in discussions about the work performed with the service auditor. The Postal Service requires that all remediation efforts (if applicable) are completed and reported by the RC prior to the Postal Service's fiscal year end (September 30). In addition, the RC will be responsible for performing an examination of their internal control environment related to the CMRS system and any other applications and technology infrastructure considered material to the services provided to the Postal Service by the RC, in particular, disclosing changes to internal controls for the period of July 1 to September 30. This examination should be documented and submitted to the Postal Service by October 14. The RC will be responsible for all costs related to the examinations conducted by the service auditor and the RC.

(j) Inspection of records and facilities. The RC must make its facilities that handle the operation of the computerized resetting system and all records about the operation of the system available for inspection by representatives of the Postal Service at all reasonable times. At its discretion, the Postal Service may continue to fund inspections as it has in the past, provided the costs are not associated with a particular security issue related to the provider's CMRS or supporting infrastructure.

(k) The RC is required to incorporate the following language into its meter rental agreements:

Acknowledgment of Deposit Requirement—Meters

By signing this meter rental agreement, you the customer represent that you have read the Acknowledgment of Deposit Requirement—Meters and are familiar with its terms. You agree that, upon execution of this agreement with the RC, you will also be bound by all terms and conditions of the Acknowledgment of Deposit Requirement—Meters, as it may be amended from time to time.

[71 FR 65733, Nov. 9, 2006, as amended at 75 FR 56472, Sept. 16, 2010; 77 FR 56554, Sept. 13, 2012; 79 FR 10994, Feb. 27, 2014]

§501.16   PC postage payment methodology.

(a) The PC Postage customer is permitted to make payments for postage in one of two ways: Automated clearinghouse (ACH) transfer or credit card.

(b) The provider must make payments on behalf of the customer to the Postal Service in accordance with contractual and/or regulatory responsibilities.

(c) The Postal Service requires that the provider publicize to all PC Postage customers the following payment options (listed in order of preference):

(1) Automated clearinghouse (ACH) debits/credits.

(2) Credit cards.

(d) Returned ACH debits are the responsibility of the Postal Service. The RC must lock the customer account immediately so that the customer is unable to reset the account until the Postal Service receives payment in full.

(e) Refunds. The provider issues a refund to a customer for any unused postage in a Postage Evidencing System. After verification by the Postal Service, the provider will be reimbursed by the Postal Service for the individual refunds provided to customers by the provider.

(f) Security and Revenue Protection. To receive Postal Service approval to continue to operate PC Postage systems, the provider must submit to a periodic examination of its PC Postage system and any other applications and technology infrastructure that may have a material impact on Postal Service revenues, as determined by the Postal Service. The examination shall be performed by a qualified, independent audit firm and shall be conducted in accordance with the Statements on Standards for Attestation Engagements (SSAEs) No. 16, Service Organizations, developed by the American Institute of Certified Public Accountants (AICPA), as amended or superseded. Expenses associated with such examination shall be incurred by the provider. The examination shall include testing of the operating effectiveness of relevant provider internal controls (SOC1 Type II SSAE 16 Report). If the service organization uses another service organization (sub-service provider), Postal Service management should consider the nature and materiality of the transactions processed by the sub-service organization and the contribution of the sub-service organization's processes and controls in the achievement of the Postal Service's control objectives. The Postal Service should have access to the sub-service organization's SOC 1 Type II SSAE 16 report. The control objectives to be covered by the SOC 1 Type II SSAE 16 report are subject to Postal Service review and approval, and are to be provided to the Postal Service 30 days prior to the initiation of each examination period. As a result of the examination, the service auditor shall provide the provider and the Postal Service with an opinion on the design and operating effectiveness of the internal controls related to the PC Postage system, and any other applications and technology infrastructure considered material to the services provided to the Postal Service by the provider. Such examinations are to be conducted on no less than an annual basis, and are to be as of and for the 12 months ended June 30 of each year (except for new contracts for which the examination period will be no less than the period from the contract date to the following June 30, unless otherwise agreed to by the Postal Service). The examination reports are to be provided to the Postal Service by August 15 of each year. To the extent that internal control weaknesses are identified in a SOC 1 Type II SSAE 16 report, the Postal Service may require the remediation of such weaknesses, and review working papers and engage in discussions about the work performed with the service auditor. The Postal Service requires that all remediation efforts (if applicable) are completed and reported by the provider prior to the Postal Service's fiscal year end (September 30). In addition, the provider will be responsible for performing an examination of their internal control environment related to the PC Postage system and any other applications and technology infrastructure considered material to the services provided to the Postal Service by the provider, in particular, disclosing changes to internal controls for the period of July 1 to September 30. This examination should be documented and submitted to the Postal Service by October 14. The provider will be responsible for all costs related to the examinations conducted by the service auditor and the provider.

(g) Inspection of records and facilities. The provider must make its facilities, which handle the operation of the PC Postage system and all records about the operation of the system, available for inspection by representatives of the Postal Service at all reasonable times.

(h) To the extent that the customer maintains funds on deposit for the payment of postage, the provider is required to incorporate the following language into its agreements with PC Postage customers:

Acknowledgment of Deposit Requirement—PC Postage

By signing this agreement with the provider, you represent that you have read the Acknowledgment of Deposit Requirement—PC Postage and are familiar with its terms. You agree that, upon execution of this agreement with the provider, you will also be bound by all terms and conditions of the Acknowledgment of Deposit Requirement—PC Postage, as it may be amended from time to time.

[72 FR 33163, June 15, 2007, as amended at 75 FR 56472, Sept. 16, 2010; 79 FR 10995, Feb. 27, 2014]

§501.17   Decertified Postage Evidencing Systems.

(a) A Decertified Postage Evidencing System is a device for which the provider's authority to distribute has been withdrawn by the Postal Service as a result of any retirement plan for a given class of meters published by the Postal Service in the Federal Register; a suspension or revocation under §501.6; or a voluntary withdrawal undertaken by the provider.

(b) A Decertified Postage Evidencing System must be withdrawn from service by the date agreed to by the Postal Service and provider.

(c) To the extent postage meters are involved, the provider must utilize the approved procedures for lost and stolen meters under §501.14(c)(7) to locate the meter and remove it from service by the agreed upon date.

(d) Decertified Postage Evidencing Systems that are not submitted to the Postal Service for refund within one hundred and eighty (180) days of the agreed upon withdrawal from service date will not be eligible for refund of unused postage.

(e) Postage indicia printed by Decertified Postage Evidencing Systems may no longer be considered valid postage one hundred and eighty (180) days from the agreed upon withdrawal from service date.

§501.18   Customer information and authorization.

(a) Authorized providers must electronically transmit the necessary customer information to the designated Postal Service central data processing facility, in Postal Service-specified format, in order for the Postal Service to authorize a customer to use a Postage Evidencing System. Postal Service receipt and acceptance of the customer information provides the customer with the authorization to possess or use a Postage Evidencing System in accordance with DMM 604 Postage Payment Methods, 4.0 Postage Meters and PC Postage Products (Postage Evidencing Systems).

(b) The Postal Service may refuse to issue a customer authorization to use a Postage Evidencing System for the following reasons:

(1) The customer submitted false or fictitious information.

(2) Within five years preceding submission of the information, the customer violated any standard for the care or use of the Postage Evidencing System that resulted in revocation of that customer's authorization.

(3) Or there is sufficient reason to believe that the Postage Evidencing System is to be used in violation of the applicable standards.

(c) The Postal Service will notify the provider of the revocation of a customer's authorization to use a Postage Evidencing System. Within ten (10) days of receipt of the notice of revocation, the provider must cancel any lease or other agreement and remove the Postage Evidencing System from service. A customer's authorization to use a Postage Evidencing system is subject to revocation for any of the following reasons:

(1) A Postage Evidencing System is used for any illegal scheme or enterprise.

(2) The customer's Postage Evidencing System is not used for twelve (12) consecutive months.

(3) Sufficient control of a Postage Evidencing System is not exercised or the standards for its care or use are not followed.

(4) The Postage Evidencing System is kept or used outside the customs territory of the United States or those U.S. territories and possessions where the Postal Service operates.

(5) The customer is in possession of a Decertified Postage Evidencing System.

(d) The provider must electronically transmit any updates to the necessary customer information to the designated Postal Service central data processing facility, in Postal Service-specified format.

(e) No one other than an authorized provider may possess a Postage Evidencing System without a valid rental or other agreement with the provider. Other parties in possession of a Postage Evidencing System must immediately surrender it to the provider or the Postal Service.

(f) The Postal Service may use customer information consistent with the Privacy Act and the Postal Service's privacy policies posted on http://www.usps.com. Examples include the following:

(1) Communication with customers who may no longer be visiting a traditional Postal Service retail outlet or communication with customers through any new retail channels.

(2) Issuance (including re-authorization, renewal, transfer, revocation or denial, as applicable) of authorization to use a Postage Evidencing System to a postal patron that uses a Postage Evidencing System, and communications with respect to the status of such authorization.

(3) Disclosure to a meter provider of the identity of any meter required to be removed from service by that meter provider, and any related customer data, as the result of revocation of an authorization to use a Postage Evidencing System, questioned accurate registration of that meter, or de-certification by the Postal Service of any particular class or model of postage meter.

(4) Tracking the movement of meters between a meter provider and its customers and communications to a meter provider (but not to any third party other than the customer) concerning such movement. The term meter provider includes a meter provider's dealers and agents.

(5) To transmit general information to all Postage Evidencing System customers concerning rate and rate category changes implemented or proposed for implementation by the Postal Service.

(6) To advertise Postal Service services relating to the acceptance, processing, and delivery of, or postage payment for, metered mail.

(7) To allow the Postal Service to communicate with Postal Service customers on products, services, and other information otherwise available to Postal Service customers through traditional retail outlets.

(8) Any internal use by Postal Service personnel, including identification and monitoring activities relating to Postage Evidencing Systems, provided that such use does not result in the disclosure of applicant information to any third party or will not enable any third party to use applicant information for its own purposes; except that the applicant information may be disclosed to other governmental agencies for law enforcement purposes as provided by law.

(9) Identification of authorized Postage Evidencing System providers or announcement of the de-authorization of an authorized provider, or provision of currently available public information, where an authorized provider is identified.

(10) To promote and encourage the use of Postage Evidencing Systems as a form of postage payment, provided that the same information is provided to all Postage Evidencing System customers and no particular Postage Evidencing System provider will be recommended by the Postal Service.

(11) To contact customers in cases of revenue fraud or revenue security.

(12) Disclosure to a Postage Evidencing System provider of applicant information pertaining to that provider's customers that the Postal Service views as necessary to enable the Postal Service to carry out its duties and purposes.

(13) To transmit to a Postage Evidencing System provider all applicant and system information pertaining to that provider's customers and systems that may be necessary to permit such provider to synchronize its computer databases with information contained in the computer files of the Postal Service.

(14) Subject to the conditions stated herein, to communicate in oral or written form with any or all applicants any information that the Postal Service views as necessary to enable the Postal Service to carry out its duties and purposes under part 501.

§501.19   Intellectual property.

Providers submitting Postage Evidencing Systems to the Postal Service for approval are responsible for obtaining all intellectual property licenses that may be required to distribute their product in commerce and to allow the Postal Service to process mail bearing the indicia produced by the Postage Evidencing System. To the extent approval is granted and the Postage Evidencing System is capable of being used in commerce, the provider shall indemnify the Postal Service for use of such intellectual property in both the use of the Postage Evidencing System and the processing of mail bearing indicia produced by the Postage Evidencing System.

§501.20   xxx

Link to an amendment published at 78 FR 8407, Feb. 6, 2013.



For questions or comments regarding e-CFR editorial content, features, or design, email ecfr@nara.gov.
For questions concerning e-CFR programming and delivery issues, email webteam@gpo.gov.