HomeMy WebLinkAboutContract No. 2015-26772015 -2677
REFERENCE:
RITE Customer Account #0010095
City of Columbia Heights Contract# 2015 -2677
Pri CARDriEFINDER
Payment Security Solution
Proposal for Jeff Hanson , City of Columbia Heights
SBA Top Valu
Prepared by: Gary Noble
8/24/2015
M��
2
CardDefender Service Agreement
This agreement is to outline and set expectations relating to the guarantees and the agreements between
RITE Enterprises Inc and the undersigned retailer.
• While the CardDefender solution is significantly more secure than the current standards for processing
credit cards nothing is impenetrable and the retailer still bears the responsibility of maintaining a safe
environment for the transmission of credit card data. This means utilizing virus and malware protection,
firewalls, and being responsible in the use of your technology. We recommend that you meet SAQB -IP
requirements by having an isolated local area network for your card processing terminals only and using
a stateful packet inspecting firewall to limit and monitor the traffic between the payment processing
network and the internet as well as the interaction between the payment processing terminals and the
LAN segment hosting the POS terminals (access to the payment terminals should be limited to ONLY
those devices and ONLY the required protocols). Click here for a diagram outlining our recommended
network configuration for reference.
• Our monthly services include direct support of the software integration and the payment terminals. It
does not include general support for the computing systems, network, or POS software. It also does not
include support outside of standard business hours. If you require support or it is determined that the
support you required was outside of this scope RITE standard support charges will be applied. Examples
include:
• A virus interfered with the software's ability to work
• RITE was utilize to determine that a hardware switch on the network created an inability for the
POS and payment terminal to communicate
• A network admin changed the IP address scheme of the network causing all terminals to be
reconfigured
• We WILL reinstall the integration software once time PER 365 day period assuming the first swap
occurs 365 days after the initial install. This is per terminal and is for cases like hard drive or
other failure. Additional reconfigurations will fall under standard — paid support.
• We reserve the right to disable these systems if there are unpaid recurring or any other unpaid
outstanding invoices. Multiple notices will be given prior to this event occurring.
• We reserve the right to cancel service at any time. If RITE opts to do this we will refund (assuming the
units are shipped back to us in new or like new condition) the cost of the hardware terminals as was as
the "CardDefender Core Software" charges prorated. The prorate value will be reduced for every day
since the first day after the first card was processed through the new system (initial installation) at a rate
of .2% per day for the first year and .074% per day in the second year. As an example — if we decided to
cancel someone's agreement after 400 days the customer would get 24.41% of their purchase price on
the hardware terminals and the "Core" software. If we opted to cancel after 200 days, then the
customer would get 60% refunded.
Initial
10
• Once the systems are installed, in place, and operational the hardware, software, and installation costs
are nonrefundable.
• While these systems provide a stable and secure means of processing payments, RITE will not be held
responsible for any download resulting from the use of the system. Please follow the backup plan
suggestions presented in our documentation.
• We will make our best effort to keep the integration compatible with 3rd party POS software however we
have limited control over what the POS software creator does with their systems, therefore we cannot
provide a hard guaranty of continued compatibility.
• It is the retailer's responsibility to confirm that their systems meet the minimum requirements stated in
the assumptions section of this document. If their systems do not meet these requirements and they opt
to proceed regardless they bear the responsibility of any additional work (which may incur additional
costs) or problems that occur as a result.
Printed Name:
Signed Name: 01 Date:
Initial
4 Card Information F
Credit card
Name on card:
Credit card expiration:
Credit card CW
Credit card billing address:
Cred Yard billing city:
Credit %cardbi ng state:
Credit ng zip,�x
I agree to
and am
11
Top Valu
CUSTOMER ELECTS TO PREPAY
AGREEMENT ANNUALLY BY CHECK,
IN LIEU OF MONTHLY PAYMENTS
BY CREDIT CARD. /
RITE,,to charge my credit card for the Monthly Service Agreement
Cardl) ender in the amount of $10 per terminal - per month. I hereby
authorize to do so. Number of Terminals - 9
Amount to be billed: _$90.00 (monthly) x 12 months + $74.25 MN sales tax @6.75%
$1,154.25 Total Annual Prepayment of Service Agreement
Signature: Date:
Please fill out form and fax to: 320 - 230 -1796
Initial
CITY OF COLUMBIA HEIGHTS
DATE: September 29, 2015
TO: WALT FEHST, CITY MANAGER
FROM: X JOSEPH KLOIBER, FINANCE DIRECTOR
RE: PROCUREMENT ANALYSIS FOR EMV CREDIT CARD SYSTEM
2015 PURCHASE ORDER #58953 for hardware, firmware, and installation
CONTRACT #2015 -2677 for support and use of software integration
For the mix of features I judge as best - suited for use in the liquor operation over the long run, RITE
Inc. is for all practical considerations the sole- source vendor for credit card processing terminals at
this time. For this reason, I recommend purchase of the "Card Defender" system detailed in the
8/24/15 proposal from RITE Inc. Not coincidentally, RITE Inc. is the vendor for the point -of -sale cash
register system used in the city's liquor operations.
U.S. credit card technology is transitioning from use of magnetic strips containing card data to more
secure computer chips containing that data in encrypted form (EMV). The liability for fraudulent
card transactions with chip cards will shift from the card issuer to the merchant, unless the
merchant adopts the new technology. This issue is driving the recommendation to change from our
current magnetic- stripe -only system, but there are also other factors /opportunities involved.
"Near- field- communications" (NFC), is a variation of this new technology that is increasingly
popular, such as with "Apple -Pay" via iPhones. Future expected developments include eventually
requiring both an EMV chip and a PIN to process credit card transactions. PINS require a customer
keypad, which we currently do not have. The proposed system incorporates all of the above
features, so it is not likely to be obsolete for several years, as would be the case for some lower cost
EMV card terminals with fewer features.
Other features of the proposed system, which are not related to the new chip technology, also
provide a significant improvement in card acceptance over our current system. The new card
reading terminals will be mounted on the customer side of the checkout counter instead of on the
cash register. This provides a more secure experience for the customer, in that they never have to
let their card out of their physical control. The new terminals obtain an electronic copy of the
customer's signature, replacing our current process of handling and storing thousands of small
paper receipt copies of customer signatures each month.
Card - processing usually takes one of two paths:
1. A simple card swipe device connected into the point -of -sale cash register system.
This is our current system. It makes for a low -cost card terminal because the cash register PC
doubles as the card terminal, but the down side is that card -data goes through the point -of-
sale system, expanding the portion of the computer network that is subject to the credit
card industry security rules (known as PCI -DSS compliance). It appears that vendors for this
approach are also limited for EMV cards.
CITY OF COLUMBIA HEIGHTS
September 29, 2015
PROCUREMENT ANALYSIS FOR EMV (aka "Chip) CREDIT CARD SYSTEM
Continued-
2. A stand -alone card reading terminal which connects directly over the internet to the card -
processor. The downside of this system is that it doesn't talk to the cash register in anyway.
So it requires entering the transaction twice; once in detail in the cash register and once
again in total in the card terminal. This isn't practical for the high volume and high speed of
transactions required to be processed in a retail liquor store. Terminals for this approach
range from roughly $150 to $650, plus programming charges. Limitations encountered with
terminals at the lower end of this price range may include compatibility with only one card
processor, lack of electronic signatures, lack of NFC, short expected life cycle, and support
costs charged on a per transaction basis.
The terminals proposed by RITE are $530 each plus programming charges. They are compatible with the
twelve largest card processors. Support is charged as a flat monthly fee per terminal, a fee structure
which appears relatively advantageous compared to most industry pricing. The significant feature that is
solely available with the proposed system is that for $630 per store, RITE installs software of their own
design which allows transaction data to be shared between the RITE point -of -sale system and the card
terminal, but restricts card data to only the path between the terminal and the card processor. This
hybrid solution eliminates the downsides to both of the standard approaches above.
A further unique benefit of the RITE proposal is that by using the same vendor for support of both the
credit card system and the point -of -sale system, when technical problems arise that require
troubleshooting, the city will avoid the potential for being whipsawed between two different vendors,
each with an interest in pointing to the other's work as the cause of the problem. With the highly time -
sensitive nature of high - volume card processing, this improved response time is of significant value.