Loading...
HomeMy WebLinkAboutContract No. 2015-26772015 -2677 REFERENCE: RITE Customer Account #0010095 City of Columbia Heights Contract# 2015 -2677 Pri CARDriEFINDER Payment Security Solution Proposal for Jeff Hanson , City of Columbia Heights SBA Top Valu Prepared by: Gary Noble 8/24/2015 M�� 2 CardDefender Service Agreement This agreement is to outline and set expectations relating to the guarantees and the agreements between RITE Enterprises Inc and the undersigned retailer. • While the CardDefender solution is significantly more secure than the current standards for processing credit cards nothing is impenetrable and the retailer still bears the responsibility of maintaining a safe environment for the transmission of credit card data. This means utilizing virus and malware protection, firewalls, and being responsible in the use of your technology. We recommend that you meet SAQB -IP requirements by having an isolated local area network for your card processing terminals only and using a stateful packet inspecting firewall to limit and monitor the traffic between the payment processing network and the internet as well as the interaction between the payment processing terminals and the LAN segment hosting the POS terminals (access to the payment terminals should be limited to ONLY those devices and ONLY the required protocols). Click here for a diagram outlining our recommended network configuration for reference. • Our monthly services include direct support of the software integration and the payment terminals. It does not include general support for the computing systems, network, or POS software. It also does not include support outside of standard business hours. If you require support or it is determined that the support you required was outside of this scope RITE standard support charges will be applied. Examples include: • A virus interfered with the software's ability to work • RITE was utilize to determine that a hardware switch on the network created an inability for the POS and payment terminal to communicate • A network admin changed the IP address scheme of the network causing all terminals to be reconfigured • We WILL reinstall the integration software once time PER 365 day period assuming the first swap occurs 365 days after the initial install. This is per terminal and is for cases like hard drive or other failure. Additional reconfigurations will fall under standard — paid support. • We reserve the right to disable these systems if there are unpaid recurring or any other unpaid outstanding invoices. Multiple notices will be given prior to this event occurring. • We reserve the right to cancel service at any time. If RITE opts to do this we will refund (assuming the units are shipped back to us in new or like new condition) the cost of the hardware terminals as was as the "CardDefender Core Software" charges prorated. The prorate value will be reduced for every day since the first day after the first card was processed through the new system (initial installation) at a rate of .2% per day for the first year and .074% per day in the second year. As an example — if we decided to cancel someone's agreement after 400 days the customer would get 24.41% of their purchase price on the hardware terminals and the "Core" software. If we opted to cancel after 200 days, then the customer would get 60% refunded. Initial 10 • Once the systems are installed, in place, and operational the hardware, software, and installation costs are nonrefundable. • While these systems provide a stable and secure means of processing payments, RITE will not be held responsible for any download resulting from the use of the system. Please follow the backup plan suggestions presented in our documentation. • We will make our best effort to keep the integration compatible with 3rd party POS software however we have limited control over what the POS software creator does with their systems, therefore we cannot provide a hard guaranty of continued compatibility. • It is the retailer's responsibility to confirm that their systems meet the minimum requirements stated in the assumptions section of this document. If their systems do not meet these requirements and they opt to proceed regardless they bear the responsibility of any additional work (which may incur additional costs) or problems that occur as a result. Printed Name: Signed Name: 01 Date: Initial 4 Card Information F Credit card Name on card: Credit card expiration: Credit card CW Credit card billing address: Cred Yard billing city: Credit %cardbi ng state: Credit ng zip,�x I agree to and am 11 Top Valu CUSTOMER ELECTS TO PREPAY AGREEMENT ANNUALLY BY CHECK, IN LIEU OF MONTHLY PAYMENTS BY CREDIT CARD. / RITE,,to charge my credit card for the Monthly Service Agreement Cardl) ender in the amount of $10 per terminal - per month. I hereby authorize to do so. Number of Terminals - 9 Amount to be billed: _$90.00 (monthly) x 12 months + $74.25 MN sales tax @6.75% $1,154.25 Total Annual Prepayment of Service Agreement Signature: Date: Please fill out form and fax to: 320 - 230 -1796 Initial CITY OF COLUMBIA HEIGHTS DATE: September 29, 2015 TO: WALT FEHST, CITY MANAGER FROM: X JOSEPH KLOIBER, FINANCE DIRECTOR RE: PROCUREMENT ANALYSIS FOR EMV CREDIT CARD SYSTEM 2015 PURCHASE ORDER #58953 for hardware, firmware, and installation CONTRACT #2015 -2677 for support and use of software integration For the mix of features I judge as best - suited for use in the liquor operation over the long run, RITE Inc. is for all practical considerations the sole- source vendor for credit card processing terminals at this time. For this reason, I recommend purchase of the "Card Defender" system detailed in the 8/24/15 proposal from RITE Inc. Not coincidentally, RITE Inc. is the vendor for the point -of -sale cash register system used in the city's liquor operations. U.S. credit card technology is transitioning from use of magnetic strips containing card data to more secure computer chips containing that data in encrypted form (EMV). The liability for fraudulent card transactions with chip cards will shift from the card issuer to the merchant, unless the merchant adopts the new technology. This issue is driving the recommendation to change from our current magnetic- stripe -only system, but there are also other factors /opportunities involved. "Near- field- communications" (NFC), is a variation of this new technology that is increasingly popular, such as with "Apple -Pay" via iPhones. Future expected developments include eventually requiring both an EMV chip and a PIN to process credit card transactions. PINS require a customer keypad, which we currently do not have. The proposed system incorporates all of the above features, so it is not likely to be obsolete for several years, as would be the case for some lower cost EMV card terminals with fewer features. Other features of the proposed system, which are not related to the new chip technology, also provide a significant improvement in card acceptance over our current system. The new card reading terminals will be mounted on the customer side of the checkout counter instead of on the cash register. This provides a more secure experience for the customer, in that they never have to let their card out of their physical control. The new terminals obtain an electronic copy of the customer's signature, replacing our current process of handling and storing thousands of small paper receipt copies of customer signatures each month. Card - processing usually takes one of two paths: 1. A simple card swipe device connected into the point -of -sale cash register system. This is our current system. It makes for a low -cost card terminal because the cash register PC doubles as the card terminal, but the down side is that card -data goes through the point -of- sale system, expanding the portion of the computer network that is subject to the credit card industry security rules (known as PCI -DSS compliance). It appears that vendors for this approach are also limited for EMV cards. CITY OF COLUMBIA HEIGHTS September 29, 2015 PROCUREMENT ANALYSIS FOR EMV (aka "Chip) CREDIT CARD SYSTEM Continued- 2. A stand -alone card reading terminal which connects directly over the internet to the card - processor. The downside of this system is that it doesn't talk to the cash register in anyway. So it requires entering the transaction twice; once in detail in the cash register and once again in total in the card terminal. This isn't practical for the high volume and high speed of transactions required to be processed in a retail liquor store. Terminals for this approach range from roughly $150 to $650, plus programming charges. Limitations encountered with terminals at the lower end of this price range may include compatibility with only one card processor, lack of electronic signatures, lack of NFC, short expected life cycle, and support costs charged on a per transaction basis. The terminals proposed by RITE are $530 each plus programming charges. They are compatible with the twelve largest card processors. Support is charged as a flat monthly fee per terminal, a fee structure which appears relatively advantageous compared to most industry pricing. The significant feature that is solely available with the proposed system is that for $630 per store, RITE installs software of their own design which allows transaction data to be shared between the RITE point -of -sale system and the card terminal, but restricts card data to only the path between the terminal and the card processor. This hybrid solution eliminates the downsides to both of the standard approaches above. A further unique benefit of the RITE proposal is that by using the same vendor for support of both the credit card system and the point -of -sale system, when technical problems arise that require troubleshooting, the city will avoid the potential for being whipsawed between two different vendors, each with an interest in pointing to the other's work as the cause of the problem. With the highly time - sensitive nature of high - volume card processing, this improved response time is of significant value.