The URL can be used to link to this page

Home My WebLink AboutRFP - P1045 ELECTRONIC PAYMENT PROCESSINGE C itv of Fort Collins REQUEST FOR PROPOSAL P1045 Electronic Payment Processing The City of Fort Collins is seeking a single source payment processing technology and merchant services partner who will provide a completely integrated Automated Clearing House (ACH) and integrated credit card payment solution on one technical platform. This would include merchant account services supported by payment gateway technology provider that will interface with the City's e-Commerce application, Tele-Works, Inc. Written proposals, six (6) will be received at the City of Fort Collins' Purchasing Division, 215 North Mason St., 2nd floor, Fort Collins, Colorado 80524. Proposals will be received before 3:00 p.m. (our clock), October 2, 2006. Proposal No. P1045. If delivered, they are to be sent to 215 North Mason Street, 2nd Floor, Fort Collins, Colorado 80524. If mailed, the address is P.O. Box 580, Fort Collins, 80522-0580. Questions concerning the scope of the project should be directed to Project Manager Brenda McCoy- Manfredo (970) 221-6528. Questions regarding proposals submittal or process should be directed to James B. O'Neill, II, CPPO, FNIGP (970) 221-6779. A copy of the Proposal may be obtained as follows: 1. Download the Proposal/Bid from"the BuySpeed Webpage, https://secure2.fcqov.com/bso/login.osp 2. Come by Purchasing at 215 North Mason St., 2nd floor, Fort Collins, and request a copy of the Bid. Sales Prohibited/Conflict of Interest: No officer, employee, or member of City Council, shall have a financial interest in the sale to the City of any real or personal property, equipment, material, supplies or services where such officer or employee exercises directly or indirectly any decision -making authority concerning such sale or any supervisory authority over the services to be rendered. This rule also applies to subcontracts with the City. Soliciting or accepting any gift, gratuity favor, entertainment, kickback or any items of monetary value from any person who has or is seeking to do business with the City of Fort Collins is prohibited. Collusive or sham proposals: Any proposal deemed to be collusive or a sham proposal will be rejected and reported to authorities as such. Your authorized signature of this proposal assures that such proposal is genuine and is not a collusive or sham proposal. The City of Fort Collins reserves the right to reject any and all proposals and to waive any irregularities or informalities. Sincerely, Q�{ Ja s B. O'Neill II, CPPO, FNIGP erector of Purchasing &Risk Management 215 North Mason Street • 2"" Floor • P.O. Box 580 • Fort Collins, CO 80522-0580 • (970) 221-6775 • Fax (970) 221-6707 www.fcaov.eom 12. Default. Each and every term and condition hereof shall be deemed to be a material element of this Agreement. In the event either party should fail or refuse to perform according to the terms of this agreement, such party may be declared in default thereof. 13. Remedies. In the event a party has been declared in default, such defaulting party shall be allowed a period of ten (10) days within which to cure said default. In the event the default remains uncorrected, the party declaring default may elect to (a) terminate the Agreement and seek damages; (b) treat the Agreement as continuing and require specific performance; or (c) avail himself of any other remedy at law or equity. If the non -defaulting party commences legal or equitable actions against the defaulting party, the defaulting party shall be liable to the non -defaulting party for the non -defaulting party's reasonable attorney fees and costs incurred because of the default. 14. Binding Effect. This writing, together with the exhibits hereto, constitutes the entire agreement between the parties and shall be binding upon said parties, their officers, employees, agents and assigns and shall inure to the benefit of the respective survivors, heirs, personal representatives, successors and assigns of said parties. 15. Indemnity/Insurance. a. The Service Provider agrees to indemnify and save harmless the City, its officers, agents and employees against and from any and all actions, suits, claims, demands or liability of any character whatsoever brought or asserted for injuries to or death of any person or persons, or damages to property arising out of, result from or occurring in connection with the performance of any service hereunder. b. The Service Provider shall take all necessary precautions in performing the work hereunder to prevent injury to persons and property. c. Without limiting any of the Service Provider's obligations hereunder, the Service Provider shall provide and maintain insurance coverage naming the City as an additional insured under this Agreement of the type and with the limits specified within Exhibit consisting of ( ) pages[s], attached hereto and incorporated herein by this SA 09/01 /06 reference. The Service Provider before commencing services hereunder, shall deliver to the City's Director of Purchasing and Risk Management, P. O. Box 580 Fort Collins, Colorado 80522 one copy of a certificate evidencing the insurance coverage required from an insurance company acceptable to the City. 16. Entire Agreement. This Agreement, along with all Exhibits and other documents incorporated herein, shall constitute the entire Agreement of the parties. Covenants or representations not contained in this Agreement shall not be binding on the parties. 17. Law/Severability. The laws of the State of Colorado shall govern the construction interpretation, execution and enforcement of this Agreement. In the event any provision of this Agreement shall be held invalid or unenforceable by any court of competent jurisdiction, such holding shall not invalidate or render unenforceable any other provision of this Agreement. 18. Prohibition Against Employing Illegal Aliens. This paragraph shall apply to all Contractors whose performance of work under this Agreement does not involve the delivery of a specific end product other than reports that are merely incidental to the performance of said work. Pursuant to Section 8-17.5-101, C.R.S., et. seq., Contractor represents and agrees that: A. As of the date of this Agreement: 1. Contractor does not knowingly employ or contract with an illegal alien; and 2. Contractor has participated or attempted to participate in the basic pilot employment verification program created in Public Law 208, 104th Congress, as amended, and expanded in Public Law 156, 108th Congress, as amended, administered by the United States Department of Homeland Security (the "Basic Pilot Program") in order to verify that Contractor does not employ any illegal aliens. B. Contractor shall not knowingly employ or contract with an illegal alien to perform works under this Agreement or enter into a contract with a subcontractor that fails to certify to Contractor that the subcontractor shall not knowingly employ or contract with an illegal alien to perform work under this Agreement. C. Contractor shall continue to apply to participate in the Basic Pilot Program and shall in writing verify same every three (3) calendar months thereafter, until Contractor is accepted or the public contract for services has been completed, SA 09/01/06 12 whichever is earlier. The requirements of this section shall not be required or effective if the Basic Pilot Program is discontinued. D. Contractor is prohibited from using Basic Pilot Program procedures to undertake pre -employment screening of job applicants while this Agreement is being performed. E. If Contractor obtains actual knowledge that a subcontractor performing work under this Agreement knowingly employs or contracts with an illegal alien, Contractor shall: 1. Notify such subcontractor and the City within three days that Contractor has actual knowledge that the subcontractor is employing or contracting with an illegal alien; and 2. Terminate the subcontract with the subcontractor if within three days of receiving the notice required pursuant to this section the subcontractor does not cease employing or contracting with the illegal alien; except that Contractor shall not terminate the contract with the subcontractor if during such three days the subcontractor provides information to establish that the subcontractor has not knowingly employed or contracted with an illegal alien. F. Contractor shall comply with any reasonable request by the Colorado Department of tabor and Employment (the "Department") made in the course of an investigation that the Department undertakes or is undertaking pursuant to the authority established in Subsection 8-17.5-102 (5), C.R.S. G. If Contractor violates any provision of this Agreement pertaining to the duties imposed by Subsection 8-17.5-102, C.R.S. the City may terminate this Agreement. If this Agreement is so terminated, Contractor shall be liable for actual and consequential damages to the City arising out of Contractor's violation of Subsection 8-17.5-102, C.R.S. H. The City will notify the Office of the Secretary of State if Contractor violates this provision of this Agreement and the City terminates the Agreement for such breach. SA 09/01 /06 13 ATTEST: City Clerk APPROVED AS TO FORM: Assistant City Attorney CITY OF FORT COLLINS, COLORADO a municipal corporation By: James B. O'Neill II, CPPO, FNIGP Director of Purchasing and Risk Management Date: By: PRINT NAME CORPORATE PRESIDENT OR VICE PRESIDENT Date: ATTEST: (Corporate Seal) CORPORATE SECRETARY SA 09/01 /06 14 [Optional] EXHIBIT " " CONFIDENTIALITY IN CONNECTION WITH SERVICES provided to the City of Fort Collins (the "City") pursuant to this Agreement (the "Agreement"), the Contractor hereby acknowledges that it has been informed that the City has established policies and procedures with regard to the handling of confidential information and other sensitive materials. In consideration of access to certain information, data and material (hereinafter individually and collectively, regardless of nature, referred to as "information") that are the property of and/or relate to the City or its employees, customers or suppliers, which access is related to the performance of services that the Contractor has agreed to perform, the Contractor hereby acknowledges and agrees as follows: That information that has or will come into its possession or knowledge in connection with the performance of services for the City may be confidential and/or proprietary. The Contractor agrees to treat as confidential (a) all information that is owned by the City, or that relates to the business of the City , or that is used by the City in carrying on business, and (b) all information that is proprietary to a third party (including but not limited to customers and suppliers of the City) . The Contractor shall not disclose any such information to any person not having a legitimate need -to -know for purposes authorized by the City. Further, the Contractor shall not use such information to obtain any economic or other benefit for itself, or any third party, except as specifically authorized by the City. The foregoing to the contrary notwithstanding, the Contractor understands that it shall have no obligation under this Agreement with respect to information and material that (a) becomes generally known to the public by publication or some means other than a breach of duty of this Agreement, or (b) is required by law, regulation or court order to be disclosed, provided that the request for such disclosure is proper and the disclosure does not exceed that which is required. In the event of any disclosure under (b) above, the Contractor shall furnish a copy of this Agreement to anyone to whom it is required to make such disclosure and shall promptly advise the City in writing of each such disclosure. In the event that the Contractor ceases to perform services for the City, or the City so requests for any reason, the Contractor shall promptly return to the City any and all information described hereinabove, including all copies, notes and/or summaries (handwritten or mechanically produced) thereof, in its possession or control or as to which it otherwise has access. The Contractor understands and agrees that the City's remedies at law for a breach of the Contractor's obligations under this Confidentiality Agreement may be inadequate and that the City shall, in the event of any such breach, be entitled to seek equitable relief (including without limitation preliminary and permanent injunctive relief and specific performance) in addition to all other remedies provided hereunder or available at law. SA 09/01 /06 15 CONFIDENTIAL 9/29/2006 (�) Payment Processing, Inc. The following is the response from Payment Processing, Inc. (PPQ to the Request for Proposal, P1045 Electronic Payment Processing, distributed by The City of Fort Collins. Requirements: The following are PPI's responses to specifically address, or recommend alternatives to, our ability to support or replace the following existing systems: Point of Sale (POS) terminals o ID Tech Omni Dual Reader, ID Tech Omni MSR, Verifone Tranz 460, computers with Magtek devices, Verifone Tranz 330 w/40 column printer; devices for barcodes, devices integrated with keyboard for mag strip. o PPI can support or reprogram all the POS terminals noted above. Any device that PPI can not support will be replaced by an equivalent device at PPI cost. • POS manual card swipe devices. o PPI will either reprogram or replace the current device at PPI cost. • Interactive Voice Response (IVR). o PPI will support IVR payment transactions through an integration with Tele-Works IVR functionality. • Web payments. o PPI will support web payments through an interface with the Tele-Works web commerce module. • Digital Pioneer Intella Pay Machine (parking lot payment machine). o PPI can support Digital Pioneer Intella Pay Machines. E-Commerce Solution: PPI hereby specifically identifies our ability to provide the following. PPI has identified all costs, fees or penalties associated with the listed goods and/or services. A dynamic, integrated payment processing option that supports e-commerce activities that encompass web, POS card present, POS card not present, and IVR technologies. o PPI's PPI PayMover gateway is an integrated payment processing platform supporting card present (includes POS) and card not present for web -based, IVR or telephone transactions. PPI charges no fees for the PPI PayMover gateway. Fees are only incurred on the actual credit card transactions (merchant account). PPI Response to RFP P I045.doc Page 1 of 6 CONFIDENTIAL 9/29/2006 • Provide a unified merchant account with robust gateway services. o PPI will work with Tele-Works to provide a unified merchant account which integrates with the gateway service. • POS hardware, supplies, maintenance, training, and technical support. o Where Tele-Works does not provide POS specific hardware, PPI will either (a) reprogram existing City of Fort Collins devices or (b) provide replacement devices with equivalent functionality at PPI cost. PPI will team with Tele-Works to provide training and on -gong maintenance and training support at no cost. • Provide a web -based virtual terminal application, installation, testing, training, maintenance and technical support. o Through our PPI PayMover payment gateway we can allocate each City entity a web -based virtual terminal (VT). As part of our standard installation practice we will coordinate thorough training on all features and functions applicable to your account, including VT use. • Provide a web -based virtual terminal application that performs the credit card processing functions of a physical POS terminal that allows multiple users to access the system with individual logins. o Included with your gateway accounts we will allocate a VT which will support the transaction types associated with your account set up. • Vendor must be willing to work cooperatively with Tele-Works to ensure integration by providing necessary programming and code information for the creation of customizable POS applications and other customized e-Commerce solutions developed with Tele-Works, Vermont Systems, Banner Systems, Indus Advantage CIS with IVR, and T2 Parking Systems. o PPI is a partner with Tele-Works and is completely dedicated to integrating with Tele-Works applications. PPI provides a published PCI complaint API for PPI PayMover which is readily available to Vermont Systems, Banner Systems, Indus Advantage CIS with IVR and T2 Parking Systems. • The gateway needs to provide dynamic communication for a single umbrella merchant account number with the ability to associate a unique identifier for individual locations and/or POS devices that will append to the single merchant number. o We have several options to identify individual entities and accounts. All entities will be individually identified and chained under your primary merchant account number. • Real time credit card authorization and posting. o Transaction authorization happens "real-time", settlement posts end of day. • Acceptance and support for gift cards. o PPI does offer and support gift card programs. PPI Response to RFP P1045.doc Page 2 of 6 CONFIDENTIAL 9/29/2006 • Integration support for the following: Net, SOAP, ASP, VB Script, CGI, PERL, JAVA, XML, C/C++, and PHP. o Integration support is included in our standard API tool kit. Administrative Support and Customer Service: PPI hereby specifically identifies our ability to provide the following items. PPI has identified all costs, fees or penalties associated with the listed goods and/or services. • Responsive customer service 24/7/365 for problem identification and resolution upon immediate contact with problem resolution or a plan of action within 2 hours of initial contact. o PPI will provide 24/7/365 technical and administrative support for payment processing. Support is available via phone, email at supportftavpros.com or the web at www.Paypros.com 24 hours a day, everyday. • Provide a single corporate merchant number for the City of Fort Collins and Submerchant numbers for various location sites throughout the organization. The City is seeking a definable identification system that will allow a unique identifier to each location or POS, which will be appendable to the single corporate merchant number. o PPI will provide a merchant number with multiple Terminal identifiers as needed to identify transaction origination. Where multiple merchant numbers are needed for back end accounting purposes those numbers will be "chained" allowing one logon to access information across the chain of Merchant numbers. Additional merchant and terminal numbers will be provided at no additional cost for setup. • Provide a single point of contact for both authorization and settlement of transactions. o PPI provides one number to call for all payment processing inquiries, 1- 800-774-6462. The support line is available 24X7X365 and has access to all points of reference for the transaction, from original authorization to back end funding transfer to the bank account. • Customer support for installation, configuration, testing, validation, training, and on -going technical assistance for transaction processing and gateway services. o PPI has trained staff on hand to provide initial installation and training as well as any needed ongoing support. • Provide customizable, electronic reporting features which allow for global reporting of a single umbrella merchant number or granular reporting for individual locations within the organization by a unique identifier. o Through the use of the PPI Paymover gateway and available on-line reporting, the City will have access to the entire list of transactions with unique identifiers for the required transactional information. PPI Response to RFP P1045.doc Page 3 of 6 CONFIDENTIAL 9/29/2006 • Provide electronic files that allow for extraction or export into the city's financial system, JD Edwards or other enterprise data base applications. o Files are available via download or automated FTP delivery in delimited text files for the easy extraction into applications that can accept such data. • Allow for reoccurring billing by securing and encrypting customer account information. Specifically identify the components and procedures used to secure customer information. o This requirement can be filled via a number of different options. Either with the Teleworks POS system or within the PPI Paymover gateway. After further research on the need we can determine the best way to proceed. • Responsive administrative support for resolution of banking and processing issues. o The implementation and support department is available 24X7 for all administrative and banking issues. • The vendor will provide a detailed plan to ensure the continuity of the City of Fort Collins business processes for which the solution is selected in the event the vendor should go out of business, be acquired by another company, or encounter other business situations that will change the support or maintenance for the incorporated technologies. o PPI commits to providing a detailed plan to ensure the continuity of the City of Fort Collins business processes under the guidelines above Fraud and Loss Prevention: PPI hereby specifically identifies our ability to provide the following items. PPI has identified all costs, fees or penalties associated with the listed goods and/or services. • Proactive security and fraud detection. o All new merchants receive Payment Processing, Inc.'s fraud tip brochure entitled; "Watch Out For Fraud". This contains best practices for preventing fraudulent credit card transactions. Our fraud department is also available to answer questions Sunday through Friday during business hours on any suspicious issues. In addition, all transactions are monitored as listed below. • System must meet Payment Card Industry (PCI) compliance standards. Identify or provide supporting documentation that system meets this requirement. o Payment Processing has met PCI compliance standards. Please see the attached documentation that shows compliance on 3/31/06. • Provide transaction fraud screening to identify potential fraudulent activities, such as invalid credit, duplicate transactions, or incorrect keying. o The Risk Department uses several reporting databases to monitor merchant activity. Transactions are monitored for large sales, average PPI Response to RFP PI045.doc Page 4 of 6 CONFIDENTIAL 9/29/2006 ticket, duplicates, invalid returns, miss -keys and large and negative batches. Past usage of the credit card is also checked. Any unusual transactions would warrant a call by a risk manager to the merchant contact to discuss the circumstances of the transaction. • Digital certificate authentication. o Transactions coming though PPI would have to be through a SSL (secured socket layer). • Provide automated risk monitoring tools and hands-on training. o Depending on the processing bank; there are available tools for the merchant to monitor their transactions. Through Paymentech, Resource Online (ROL) would provide merchants the ability to view their batches to verify the transactions processed. They would also gain access to chargeback and retrieval information. Global uses a system called Global Access Advantage (GAA) which provides the same information. Training can be provided by Payment Processing, Inc. Fees/Costs/Penalties: PPI hereby specifically identifies our ability to provide the following items. • Competitive pricing for merchant bank and gateway processing costs/fees with no hidden costs/fees — all costs must be itemized, detailed, and disclosed. Failure to fully disclose fees, costs, and penalties will be immediate grounds for contract termination if later discovered. o PPI has disclosed all rates per our Schedule A Billing Information. • Identify any and all fees and costs for: application processing, setup, installation and testing, customer and administrative services (The City will not accept low monthly limits, inflexible policies, long-term lock -in contracts, add -on costs, and arbitrary monthly limits. o PPI does not charge application processing, setup, installation, testing, or customer and administrative fees. PPI will not enforce a low monthly limit, or long term contracts. We will work with the City on reviewing the contract. • The City will not accept charge back fees or imposed rolling charge back reserves. o Payment Processing, Inc. will evaluate previous transaction history in order to determine how chargeback fees and any reserves could be waived. Only in extraordinary circumstances would a rolling chargeback reserve be imposed. --`_—� • Merchant bank must deposit revenue into depository bank within 24-72 hours of payment transaction settlement. o Merchant bank must deposit revenue into depository bank within 24-72 hours of payment transaction settlement. • Penalty provisions must be explicitly disclosed. PPI Response to RFP PI045.doc Page 5 of 6 P1045 Electronic Payment Processing Scope of Work Objective: The City of Fort Collins is embarking on implementation of an e-Commerce solution that expands access to city services and information for the citizen utilizing web and phone components. The City of Fort Collins is seeking a single source payment processing technology and merchant services partner who will provide a completely integrated Automated Clearing House (ACH) and integrated credit card payment solution on one technical platform. This would include merchant account services supported by payment gateway technology provider that will interface with the City's e-Commerce application, Tele-Works, Inc. Acceptance of all e-Commerce payment types, such as credit and debit cards, e-checks, gift cards, and direct payment, for the purchase and payment of goods and services with the City of Fort Collins will allow the agency to respond to the public's desire for expanded payment options and convenience. Additionally, the City is seeking to streamline revenue collection and cash management practices, speed receipt of payments, lower overall banking costs, achieve internal operational efficiencies by reducing the processing time to reconcile bank and merchant account information using customizable electronic reporting options through the implementation of new payment technologies. The City is looking for a vendor that will assist with the establishment of a flexible, custom -fit solution that will not restrict business processes. This formal Request for Proposal process and subsequent results supersedes any and all communications and/or agreements made by personnel of the City with any vendor regarding this project. Requirements: The successful vendor responses will specifically address, or recommend alternatives to, their ability to support or replace the following existing systems: • Point of Sale (POS) terminals o ID Tech Omni Dual Reader, ID Tech Omni MSR, Verifone Tranz 460, computers with Magtek devices, Verifone Tranz 330 w/40 column printer; devices for barcodes, devices integrated with keyboard for mag strip. • POS manual card swipe devices. • Interactive Voice Response (IVR). • Web payments. • Digital Pioneer Intella Pay Machine (parking lot payment machine). E-Commerce Solution: Vendors responding to this RFP must specifically identify their ability to provide the following. The vendor must identify any costs, fees or penalties associated with the listed goods and/or services. • A dynamic, integrated payment processing option that supports e-commerce activities that encompass web, POS card present, POS card not present, and IVR technologies. • Provide a unified merchant account with robust gateway services. • POS hardware, supplies, maintenance, training, and technical support. SA 09/01 /06 2 CONFIDENTIAL 9/29/2006 o There are no penalties to leave PPI • Need to provide flexible, competitive card present and card not present fees. o PPI has very competitive rates for both card present and card not present. PPI is $0.08 above interchange costs from Visa/Mastercard Minimum Requirements to Propose: The City's minimum requirements for banks responding to this RFP include: • A Green VERIBANC, Inc. rating if applicable o Not applicable, please see statement below. • Total assets of at least $2 Billion o Not applicable, please see statement below. • Capital ratios indicating the proposer is at least adequately capitalized. o Not applicable, please see statement below. • Approval as an Eligible Public Fund Depository by the Colorado State Banking Board o Not applicable, please see statement below. • Provide information from a third party that verifies your credit standing and financial ability to provide the services to the City. o Not applicable, please see statement below. Justification for Consideration PPI is sponsored by Global Payments, Inc and their bank, HSBC Bank USA. The Minimum Requirements to Propose are all fulfilled by these sponsors. All questions may be directed to Steve Chandler of Global Payments at (214) 324-9007 and steve.chandleraa globalpay.com. References Bruce Albright City of College Station 1101 Texas Ave. College Station, TX 77842 (979)764-3523 Ganga Chandrashekar City of Memphis 125 North Main St Room 301 Memphis, TN 38103 (901)576-6215 PPI Response to RFP P1045.doc Page 6 of 6 Schedule A Billing Information Payment ProaRoing INCORM)RA11D CorpName DBA City of Fort Collins Annual Visa/MasterCard Volume $ 9,339,524,64 Average Ticket $ 142.90 Qualified Discount Rate Visa 0.00% Network Global Dial Up MasterCard 0.00% Qualified Category Retail (CPS Retail/Merit Terminal Authorization Fees Interchange Pass -through Visa Authorization $ 0.08 MasterCard Authorization $ 0.08 All transactions will be billed at pass -through of interchange and assessments rates as determined by Visa and Non-Bankcard Authorization $ 0.10 Mastercard. The Qualified Discount Rate above will be charged on all transactions. Address Verification $ 0.00 Batch Settlement $ 0.00 Additional Services (enter your existing account numbers or mark the services you would like to accept) American Express # Diners # 11 ESA - 3.50% Max 11 Bank -Licensed 2.90% ❑ PinDebit* EBT Discover # JCB # 11 Easi ($25 Set -Up Fee) 2.95% + $0.10 Max Bank -Licensed 3.50% CheckService Miscellaneous Fees Voice Authorization $ 1.50 Chargeback $ 15.00 Monthly Statement $ 0.00 ACH Reject $ 25.00 Minimum Discount $ 25.00 Application Fee $ 0.00 PIN -Debit Per Item $ 0.20 (+ network fees)* Additional Location Fee $ 0.00 Assessments Visa 0.0925% Mastercard 0.095% Online Reporting $ 10.00 11 Check here to decline online reporting *Additional network fees charged by individual debit networks will be passed through to merchant; pin -pad equipment required Equipment (For PPI Use Only) I -or PPI to request an American Express Number on behalf of the merchant through the Amex ESA Program: By signing below, I/we represent that the information rwe have provided on the Application is complete and accurate and Uwe authorize American Expres Travel Related Services Company, Inc. ("American Express) to verify the information on this Application and to receive and exchange information about me, including, requesting reports from consumer reporting agencies, If Uwe ask American Express whether or not a consumer report was requested, American Express will tell me, and if American Express received a report, American Express will give me the name and address of the agency that furnished it IANe understand that upon American Express' approval of the business entity indicated above to accept the American Express Card the Terms and Conditions for American Express ® Card Acceptance (Terms and Conditions) will be sent to such business entity along with a Welcome Letter. By accepting the American Express Card for the purchase of goods and/or services, INae agree to be bound by the Terms and Conditions. Amex Volume Merchant's Printed Name Confdenhal - Payment Processing, Inc. Rate/Monthly Fee Merchant Signature Date 20011151044 Visa U.S.A. Cardholder Information Security Program (CISP) List of Compliant Service Providers As of September 22, 2006 The companies listed below successfully completed a CISP review based on the PCI Data Security Standard. The "VALIDATION DATE" is the date of last compliance. CISP reviews are valid for one year, with the next annual report due to Visa one year from the "VALIDATION DATE". Reports that are from 1-60 days late are noted in yellow and reports that are from 60-90 days late are noted in red. Entities with reports over 90 days past due will be removed from this list. If the date is blue, the current assessment has been submitted but not yet accepted. It is the member's responsibility to use compliant service providers and to follow up with service providers if there are any questions about their compliance status. SERVICE PROVIDER VALIDATION DATE SERVICES COVERED BY REVIEIM+ ASSESSOR 1ShoppingCart.com March 31, 2006 Internet Payment Processing Security Metrics 1"Americard June 30, 2006 Merchant Payment Services AmbironTrustWave 3Delta Systems May 31, 2006 Merchant Payment Services Cybertrust Abanco International May 31, 2006 Merchant Payment Processing AmbironTrustWave ACH Direct October 31, 2005 Merchant Payment Processing VeriSign Acxlom ICS/BNS Core & ISC/BNS Proprietary September 30, 2005 Bankruptcy Notification Services Cybertrust ADP Output Services September 30, 2005 Statement Processing Self -Assessment Adteractive, Inc. January 31, 2006 Merchant Digital Marketing Digital Resources Group AdvanceMe Merchant Solutions May 31, 2006 Merchant Payment Services Self -Assessment Affiliated Computer Services October 31, 2005 Payment Processing Jefferson Wells Airlines Reporting Corporation November 30, 2005 Payment Processing VeriSign Alliance Data Systems August 31, 2005 Payment Processing Deioitte & Touche Applied Card Systems May 31, 2006 Merchant Payment Processing Self -Assessment Andera, Inc. March 31, 2006 New Accounts Online Self -Assessment Aplus.Net May 31, 2006 Internet Payment Processing Security Metrics Apriva February 28, 2006 Merchant Payment Processing AmbironTrustWave Arcot October 31, 2005 Verified by Visa Access Control Server Fortrex AssureBuy April 30, 2006 Internet Payment Processing AmbironTrustWave Au Beta Network March 31, 2006 Payment Transmission Services AmbironTrustWave Authorize.Net October 31, 2005 Internet Payment Processing AmbironTrustWave B3 Corp November 30; 2004 Internet Payment Processing Digital Resources Group BA Merchant Services January 31, 2006 Payment Processing Cybertrust BankSery Julv 31 2005 Merchant Payment Processing Payment Software Company Beanstream March 31, 2006 Internet Payment Processing DynTek BearingPoint ePay January 31, 2006 Internet Payment Processing AmbironTrustWave BidPay, a First Data Company November 30, 2005 Merchant Payment Processing AmbironTrustWave Billing Concepts April 30, 2006 Merchant Payment Processing AmbironTrustWave BIIIMatrix January 31, 2006 Bill Payment Processing AmbironTrustWave Blackboard February 28, 2006 1 Merchant Payment Processing AmbironTrustWave CISP reviews represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Inclusion on this list Indicates only that the service provider successfully completed a CISP assessment following requirements proscribed for their CISP Level, based on the report of an independent security assessor. Visa does not endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa Is not responsible to any party for the timeliness, accuracy or completeness of any report. Visa U.S.A. Cardholder Information Security Program (CISP) List of Compliant Service Providers SkRf10EPR OER VALMAT16WAAvE° iotm COVEREDEY . A SES t; EEVIEYI) v Bluefin Payment Systems September 30, 2005 Merchant Payment Processing PRESIG CAPITAL Card Services April 30, 2006 Credit Card Services AmbironTrustWave Card Commerce April 30, 2005 Loyalty Programs Foundstone International Cardholder Management February 28, 2006 Merchant Payment Processing Jefferson Wells Services Cardinal Commerce Corp. December 31, 2005 Verified by Visa Merchant Fagan 6 Associates Services CardService International, a August 31, 2006 Merchant Payment Processing AmbironTrustWave First Data Company Cardtranz, Inc. April 30, 2006 Merchant Payment Processing Cybertrust Carlson Marketing Group June 30, 2006 Visa Preferred, Visa Data Track, AmbironTrustWave Visa Extras, and Visa Delta Program CashLINQ Group, LLC July 31, 2006 Merchant Payment Services SecurityMetrics Catalyst Payments January 31, 2006 Merchant Payment Processing AmbironTrustWave CCBILLIVSCRUB September 30, 2005 Internet Payment Processing Lockheed Martin Certegy December 31, 2005 Verified by Visa Access Control Internet Security Systems Server Chase Paymentech November 30, 2005 Payment Processing AmbironTrustWave Solutions Chockstone April 30, 2005 Stored Value 1 Gift Card VeriSign Processing ClearCommerce April 30, 2006 Internet Payment Processing / AmbironTrustWave Verified by Visa Hosted Payer Authentication ClearTren September 30, 2005 Merchant Payment Processing Security Metrics Comdata Processing May 31, 2006 Payment Processing K3DES Systems Computer Services, Inc. June 30, 2006 Payment Processing Crowe Chizek Comstar Interactive April 30, 2006 Wireless POS, PDA, Mobile and AmbironTrustWave Internet Payment Processing Concord EFS, a First Data May 31, 2006 Payment Processing AmbironTrustWave Company Concord Emerging August 31, 2006 Merchant Payment Processing AmbironTrustWave Technologies, a First Data Company ( formerly EFSnet) Concord Financial May 31, 2006 Merchant Payment Processing AmbironTrustWave Technologies, a First Data Company (formerly Solspark) Concord Payment Services, May 31, 2006 Payment Processing AmbironTrustWave a First Data Company Concord Processing, LP, a May 31, 2006 Merchant Payment Processing AmbironTrustWave First Data Company (formerly Core Data Resources) Corlllian Payment February 28, 2006 Account Management Services Self -Assessment Solutions, Inc. ui5r reviews represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. mcrusion on tins list Ini following requirements assessor. Visa does nm Bates only that the service provider successfully completed a CISP assessmer roscribed for their CISP Level, based on the report of an Independent security endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa Is not responsible to any party for the timeliness, accuracy or completeness of any report. Visa U.S.A. Cardholder Information Security Program (CISP) VISA List of Compliant Service Providers $�R�IIGE Pttt)VIDBR �iAi@�71ON SATE . SE[ G6&C FLED AS$ESS R a ,q CSG Systems April 30, 2006 Account Billing Services Solutionary CredltDiscovery February 28, 2005 Merchant Payment Services K3DES CROEM February 28, 2006 Merchant Payment Processing AmbironTrustWave Cybera November 30, 2005 Data Transmission Internet Security Systems CyberSource Corporation June 30, 2006 Internet Payment Processing ! Verified by Visa Hosted Payer Authentication Cybertrust Cynergy Data July 31, 2006 Merchant Payment Services Information Exchange Data Delivery Services May 31, 2006 Web -based Reporting K3DES Datastream November 30, 2005 ATM Processing Information Exchange Datawire Communication Network December 31, 2005 Payment Transmission AmbironTrustWave DHD Media December 31, 2005 Internet Payment Processing VeriSign Dialect Payment Technologies May 31, 2006 Internet Payment Processing Vectra Corporation (Visa AP) Digital River July 31, 2D04 Internet Payment Processing Savvis DlnnerBroker March 31, 2006 Dining Enhancement Programs Self -Assessment Dynamic Payments April 30, 2006 Web -based Reporting ! Loyalty Programs AmbironTrustWave E-Funds November 30, 2004 Payment Processing Cybertrust Ebocom, LLC. April 30, 2006 Payment Processing Cybertrust EDS Commercial Card August 31, 2006 Payment Processing AmbironTrustWave EDS Consumer Card Services April 30, 2006 Payment Processing AmbironTrustWave EDS CRMJUI August 31, 2006 Payment Processing AmbironTrustWave EDS Deposit Systems April 30, 2006 Payment Processing AmbironTrustWave EDS Guidance Authorization June 30, 2006 Payment Processing AmbironTrustWave EDS Merchant Acquirer Services April 30, 2006 Payment Processing AmbironTrustWave EDS Oregon Egovemment August 31, 2006 Managed Merchant Hosting AmbironTrustWave EDS Pay for Convenience August 31, 2006 Internet Payment Processing AmbironTrustWave EDS PeopleSoft August 31, 2006 Customer Relationship Management AmbironTrustWave EDS Surveyor August 31, 2006 Report Processing AmbironTrustWave Electronic Clearing House (ECHO) July 31, 2006 Payment Processing PRESIG Electronic Merchant Systems October 31, 2005 Merchant Payment Processing Ernst & Young Electronic Payment Exchange(EPX) April 30, 2006 Merchant Payment Processing Payment Software Company Electronic Payment Systems April 30, 2006 Web -based Reporting Information Exchange Electronic Processing Services January 31, 2006 Merchant Payment Services Information Exchange Electronic Transaction Systems Corporation May 31, 2006 Merchant Payment Processing Fortrex Technologies CISP reviews represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Inclusion on this list Indicates only that the service provider successfully completed a CISP assessment 3 following requirements proscribed for their CISP Level, based on the report of an Independent security assessor. Visa does not endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Visa U.S.A. Cardholder Information Security Program (CISP) �,�� List of Compliant Service Providers SE" PROVIDER VALIDATION OATS BER tIGES O k --,-#Y, saftok �t eProcessing Network March 31, 2006 POS, Mobile, and Internet AmbironTrustWave Payment Processing EVO Merchant Services April 30, 2006 Merchant Payment Services Information Exchange E-xact Transactions March 31, 2006 Merchant Payment Processing AmbironTrustWave Experlan Information June 30, 2006 Credit Reporting Cybertrust Solutions Ezic October 31, 2005 POS, Mobile, & Internet ASA Consulting Payment Processing Fifth Third Processing May 31, 2006 Payment Processing Deloitte & Touche Solutions — Acquiring Systems First American Payment May 31, 2006 Merchant Payment Services Specialized Security Systems Services First Data Encompass May 31, 2006 Merchant Payment Processing AmbironTrustWave First Data Government November 30, 2005 Merchant Payment Processing AmbironTrustWave Solutions (formerly GovConnect) First Data International — November 30, 2005 Merchant Payment Processing AmbironTrustWave Active Resources First Data International — August 31, 2006 Merchant Payment Processing AmbironTrustWave ANZSA (Australia, New Zealand, & South Asia First Data International — November 30, 2005 Merchant Payment Processing AmbironTrustWave CNA China & North Asia First Data International — November 30, 2005 Merchant Payment Processing AmbironTrustWave EMEA (Europe, Middle East & Africa) First Data International — November 30, 2005 Merchant Payment Processing AmbironTrustWave Greece (Hellas) First Data International — November 30, 2005 Merchant Payment Processing AmbironTrustWave LAC (Latin America & Canada) First Data International - November 30, 2005 Payment Processing AmbironTrustWave OmnlPay Service First Data International — August 31, 2006 Merchant Payment Processing AmbironTrustWave TeleCash First Data Merchant November 30, 2005 Payment Processing AmbironTrustWave Services First Data Resources November 30, 2005 Payment Processing AmbironTrustWave First Data Technologies November 30, 2005 Merchant Payment Processing AmbironTrustWave First Hawaiian Bank April 30, 2006 Payment Processing AmbironTrustWave First Horizon Merchant December 31, 2005 Payment Processing Cybertrust Services First National Bank of November 30, 2005 Payment Processing AmbironTrustWave Omaha First National Merchant November 30, 2005 Payment Processing AmbironTrustWave Solutions Fisery Credit Processing June 30, 2006 Payment Processing Payment Software Services Company Florida Credit Union Leader February 28, 2006 Back Office Charge -backs I Self -Assessment CISP reviews represent only a "snapshot' of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Inclusion on this list indicates only that the service provider successfully completed a CISP assessment 4 following requirements proscribed for their CISP Level, based on the report of an Independent security assessor. Visa does not endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report Visa U.S.A. Cardholder Information Security Program (CISP) �� List of Compliant Service Providers Si MACEPROVIDER VAL1DkkiI6kDOE $ER�If��CU1lER��i' � I�E1lI�Ylt1" ASi;E,S§0 FSV Payment Systems April 30, 2004 Stored Value Programs ODES Galileo Processing (Not affiliated with Cendant Travel Distribution Services) March 31, 2006 Merchant Payment Processing AmbironTrustWave Global Card Services March 31, 2006 Merchant Payment Processing Cybertrust Global Electronic Technology December 31, 2005 Internet Payment Processing 5PEG Global Payments, Inc. May 31, 2006 Payment Processing AmbironTrustWave Goemerchant March 31, 2006 Internet Payment Processing Internet Security Systems Golden Retriever Systems April 30, 2006 Loyalty Programs KPMG, LLP Google February 28, 2006 Internet Payment Processing Cybertrust Govolution April 30, 2006 Internet Payment Processing Internet Security Systems Green Dot July 31, 2006 Prepaid Card Processing 5PEG Harbor Payments May 31, 2006 Payment Processing Cybertrust Harte-Hanks January 31, 2006 Direct and Targeted Marketing Symantec Heartland Payment Systems January 31, 2006 Payment Processing AmbironTrustWave HostMySite.com February 28, 2006 Co -location hosting / Physical Security Self -Assessment Hughes Network Systems July 31, 2006 Payment Transmission Internet Security Systems 12c Incorporated June 30, 2006 Stored Value Card Management AmbironTrustWave IC Group January 31, 2006 Visa Sweepstakes Administrator Self -Assessment ID Analytics, Inc. March 31, 2006 Predictive Scoring for Identity Risk Management Computer Task Group, Inc. IDM Services May 31, 2006 Visa Data Delivery Services AmbironTrustWave Infinet Solutions November 30, 2005 Merchant Payment Processing AmbironTrustWave Infinity Data November 30, 2005 Merchant Payment Services Information Exchange Infonox June 30, 2005 Merchant Payment Processing Digital Resources Group Informed Decisions January 31, 2006 Merchant Payment Processing AmbironTrustWave Innovative Merchant Solutionsli n novative Gateway Solutions Judy 31, 2005 Merchant Payment Processing VeriSign IntelliPay February 28, 2006 Merchant Payment Processing AmbironTrustWave International Card Establishment December 31, 2005 Fraud and Risk Analysis Self -Assessment InternetSecure June 30, 2006 Internet Payment Processing AmbironTrustWave IP Merchant Solutions April 30, 2006 Payment Transmission Internet Security Systems (Pass, Inc. March 31, 2006 Data Transmission Digital Resources Group IPayment November 30, 2005 Merchant Payment Services AmbironTrustWave IPS Solutions June 30, 2005 Merchant Payment Processing Digital Resources Group Iron Mountain March 31, 2006 Box and Tape Storage PriceWaterhouseCoopers, LLP ITA Software June 30, 2006 Merchant Payment Processing AmbironTrustWave ITransact May 31, 2006 Internet Payment Processing AmbironTrustWave ITS Bank / SHAZAM Network April 30, 2006 Payment Processing AmbironTrustWave CISP reviews represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Inclusion on this Ilst inlndicates only that the service provider successfully completed a CISP assessment 5 following requirements proscribed for their CISP Level, based on the report of an Independent security assessor. Visa does not endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa Is not responsible to any party for the timeliness, accuracy or completeness of any report. Visa U.S.A. Cardholder Information Security Program (CISP) VISA List of Compliant Service Providers SER1lI E F1tr3YlDER . 5fAL16Ait000ATE SEV Cis obvi b 9Y. Rwi AS . JetPay, LLC April 30, 2006 Payment Processing AmbironTrustWave Jettis February 28, 2006 Internet Payment Processing VeriSign Kincaid Technologies February 28, 2006 Merchant Payment Processing AmbironTrustWave Kubra Data Transfer, Inc. January 30, 2006 Merchant Payment Processing AmbironTrustWave Lethoff, Inc. March 31, 2006 Merchant Payment Processing Lockheed Martin LInk2Gov February 28, 2006 Federal, State, and County Tax Payments Dynamics Research Corporation LlnkPoint International, a First Data Company November 30, 2005 Merchant Payment Processing AmbironTrustWave Latle & Co April 30, 2006 Merchant Payment Processing Payment Software Company LOTSolutions / Life of the South May 31, 2006 Merchant Payment Services AmbironTrustWave Lundquist Consulting May 31, 2006 Bankruptcy Notification AmbironTrustWave Mellon Bank December 31, 2005 Payment Processing KPMG, LLP Merchante-Solutions July 31, 2005 Merchant Payment Processing Digital Resources Group Merchant Link, LLC November 30, 2005 Merchant Payment Processing AmbironTrustWave Merchant Management Group March 31, 2006 Dispute Resolution Self -Assessment Merchant Partners October 31, 2005 Merchant Payment Processing PRESIG Merchant Service Center November 30, 2005 Merchant Payment Services Information Exchange Merchants Billing Services December 31, 2005 Merchant Payment Processing Information Exchange Mercury Payment Systems June 30, 2006 Merchant Payment Processing Information Exchange Merlin Solutions, LLC April 30, 2006 Chargeback and Dispute Resolution KPMG, LLP Metavante November 30, 2005 Payment Processing Deloitte & Touche, LLP MHM Resources January 31, 2006 Employee Benefits Programs Self -Assessment Mighty Net August 31, 2005 Merchant Payment Processing Self -Assessment Motivano Card Services January 31, 2006 Prepaid Employee Benefits Programs Self -Assessment MonsterCommerce November 30, 2005 Merchant Payment Processing Payment Software Company National Bankcard Services July 31, 2005 Payment Processing Mission Critical Systems National Electronic Warranty Corporation April 30, 2006 Visa Cardholder Enhancement Management Services Self -Assessment NBS Technologies, Inc. April 30, 2006 Merchant Payment Processing Cybertrust NCMIC Finance Corporation September 30, 2005 Merchant Payment Services Security Metrics Netifice Communications December 31, 2005 Payment Transmission Internet Security Systems NetSpend October 31, 2005 Prepaid Card Processing Ernst & Young, LLP Network Merchants February 28, 2006 Internet Payment Processing AmbironTrustWave New Edge Networks May 31, 2006 Payment Transmission AmbironTrustWave Newtek Merchant Solutions September 30, 2005 Merchant Payment Services Security Metrics Nobel Electronic Transfer May 31, 2006 Payment Processing K3DES NoCheck May 31, 2006 Account Billing Services Digital Resources Group Nova Information Systems March 31, 2006 Payment Processing VeriSign CISP reviews represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. -- - ----- -.. Inclusion on this list Indicates only that the service provider successfully completed a CISP assessment 6 following requirements proscribed for their CISP Level, based on the report of an Independent security assessor. Visa does not endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa Is not responsible to any party for the timeliness, accuracy or completeness of any report. Visa U.S.A. Cardholder Information Security Program (CISP) 'VISA List of Compliant Service Providers SItY10E P13GVIgER vA{ InAT(CM(;DA[E SFI �f)1tERDBY Iv�l::lite AEi$SS4R ; ` e Official Payments Corporation October 31, 2005 Federal, State, and County Tax Payments Dynamics Research Corporation OneBridge, Inc. May 31, 2006 Payment Processing Crowe Chizek Optimal Payments June 30, 2006 Merchant Payment Processing AmbironTrustWave Outtask, Inc. February 28, 2006 Travel Profile Services VeriSign Paclolan, Inc. July 31, 2006 Merchant Payment Services AmbironTrustWave Pay By Touch Processing Inc. July 31, 2006 Payment Processing AmbironTrustWave Paycom Billing Services April 30, 2004 Internet Payment Processing Protiviti PayJunctlon March 31, 2006 Merchant Payment Processing Payment Software Company (PSC) Payment Online May 31, 2006 Internet Payment Processing 5PEG Payment Processing, Inc. March 31, 2006 Merchant Payment Processing AmbironTrustWave Payment Technologies, Inc. November 30, 2005 Merchant Payment Processing AmbironTrustWave PayPal-VeriSign April 30, 2006 Internet Payment Processing Internet Security Systems Paypolnt Electronic Payment Systems, a First Data Company August 31, 2006 Payment Processing AmbironTrustWave PEMCO Technology Services Inc. May 31, 2006 Payment Processing Coalfire Systems Peppercoin March 31, 2006 Small Payment Processing AmbironTrustWave PhoneCharge, Inc. April 30, 2006 Merchant Payment Processing AmbironTrustWave Pipeline Data May 31, 2006 Merchant Payment Processing AmbironTrustWave Planet Group February 28, 2006 Multi -Currency Payment Processing AmbironTrustWave Plug 'n Pay Technologies March 31, 2006 Internet Payment Processing Savvis POS Portal February 28, 2006 Merchant Payment Services Coalfire Systems POST Integrations, Inc. April 30, 2006 Payment Processing Cybertrust praCharge Risk Management Solutions January 31, 2006 Fraud and Chargeback Services AmbironTrustWave Princeton acorn May 31, 2006 Merchant Payment Processing AmbironTrustWave Priority Payment Systems March 31, 2006 Merchant Payment Services Security Metrics ProPay February 28, 2006 Internet, Merchant, MOTO Payment Processing AmbironTrustWave PropertyBridge February 28, 2006 Merchant Payment Processing Security Metrics QS/1 April 30, 2006 Payment Processing AmbironTrustWave Qulckbooks Merchant Services July 31. 2005 Merchant Payment Processing VeriSign RBA International April 30, 2006 Prepaid Payment Processing VeriSign RIBS Lynk May 31, 2006 Payment Processing AmbironTrustWave RemitCo, A First Data Company August 31, 2006 Merchant Payment Processing AmbironTrustWave Retail Decisions March 31, 2006 Internet Payment Processing AmbironTrustWave Rewards Network July 31, 2006 Loyalty and Rewards Programs KPMG, LLP Sabre, Inc. April 30, 2006 Global Distribution System Jefferson Wells SafeMerchant Payment Solutions May 31, 2006 Internet Payment Gateway Solutionary CISP reviews represent only a "snapshot" of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Inclusion on this Ilst indicates only -that the service provider successfully completed a CISP assessment 7 following requirements proscribed for their CISP Level, based on the report of an independent security assessor. Visa does not endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa Is not responsible to any party for the timeliness, accuracy or completeness of any report. Visa U.S.A. Cardholder Information Security Program (CISP) �� List of Compliant Service Providers SERVICE PROVIDER VALIOATION GATE . SE1191 '--C REit1WW? , ° Secure Electronic Transmissions May 31, 2006 Payment Transmission Solutionary Sequoia Retail Systems March 31, 2006 Data center hosting / Physical Security Self -Assessment ServiceU March 31, 2006 Internet Payment Procssing ODES ShHt4 March 31, 2006 Merchant Payment Processing AmbironTrustWave Simmons First National Bank May 31, 2006 Payment Processing AmbironTrustWave Sklpjack Financial Services December 31, 2005 Internet Payment Processing / County Tax Payments AmbironTrustWave Skylight Financial, Inc. May 31, 2006 Debit Card Processing Information Exchange SIImCD June 30, 2006 Merchant POS Payment Processing Security Metrics Source, Inc. May 31, 2006 Loyalty Programs Self -Assessment Southern DataComm April 30, 2006 Merchant Payment Processing AmbironTrustWave Stamps.com March 31, 2006 Internet Payment Processing Security Metrics Star Networks (Northeast Platform), a First Data Company May 31, 2006 Payment Processing AmbironTrustWave Star Networks (Southeast Platform), a First Data Company May 31, 2006 Payment Processing AmbironTrustWave Sterling Payment Technologies June 30, 2006 Merchant Payment Processing / Web -based Reporting AmbironTrustWave Strategic Profits Inc March 31, 2006 Merchant Payment Services DynTek Synchronics June 30, 2006 Merchant Payment Processing AmbironTrustWave Telecheck International Inc., a First Data Company May 31, 2006 Payment Processing AmbironTrustWave Teleservices, a First Data Company November 30, 2005 Merchant Payment Processing AmbironTrustWave TennNet Merchant Services March 31, 2006 Merchant Payment Processing AmbironTrustWave Tier Technologies March 31, 2006 Internet & IVR Payment Processing VeriSign TK Keith April 30, 2006 Merchant Payment Processing Cybertrust Total Systems (TSYS) January 31, 2006 Payment Processing KPMG, LLP TSYS Acquiring Solutions (fomrerly Vital Processing Services) April R, 2006 Payment Processing KPMG, LLP TSYS Debt Management February 28, 2006 Debt Collection Agency Self -Assessment TSYS Prepaid April 30, 2006 Prepaid Card Processing Cybertrust TouchNst March 31, 2006 Internet Payment Processing AmbironTrustWave Transaction Transport Technologies (T3) April 30, 2006 Payment Transmission AmbironTrustWave TransFirst March 31, 2006 Merchant Payment Processing AmbironTrustWave TransWorld Payment Solutions March 31, 2006 Multi -Currency Payment Processing AmbironTrustWave TrustCommerce January 31, 2006 Merchant Payment Processing 5PEG USA Payment Systems April 30, 2004 Payment Processing K3DES CISP reviews represent only a "snapshot' of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Inclusion on this list indicates only that the service provider successfully compieted a CISP assesament� following requirements proscribed for their CISP Level, based on the report of an Independent security assessor. Visa does not endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa Is not responsible to any party for the timeliness, accuracy or completeness of any report. • Provide a web -based virtual terminal application, installation, testing, training, maintenance and technical support. • Provide a web -based virtual terminal application that performs the credit card processing functions of a physical POS terminal that allows multiple users to access the system with individual logins. • Vendor must be willing to work cooperatively with Tele-Works to ensure integration by providing necessary programming and code information for the creation of customizable POS applications and other customized e-Commerce solutions developed with Tele- Works, Vermont Systems, Banner Systems, Indus Advantage CIS with IVR, and T2 Parking Systems. • The gateway needs to provide dynamic communication for a single umbrella merchant account number with the ability to associate a unique identifier for individual locations and/or POS devices that will append to the single merchant number. • Real time credit card authorization and posting. • Acceptance and support for gift cards. • Integration support for the following: .Net, SOAP, ASP, VB Script, CGI, PERIL, JAVA, XML, C/C++, and PHP. Administrative Support and Customer Service: Vendors responding to this RFP must specifically identify their ability to provide the following items. The vendor must identify any costs, fees or penalties associated with the listed goods and/or services. • Responsive customer service 24/7/365 for problem identification and resolution upon immediate contact with problem resolution or a plan of action within 2 hours of initial contact. • Provide a single corporate merchant number for the City of Fort Collins and sub - merchant numbers for various location sites throughout the organization. The City is seeking a definable identification system that will allow a unique identifier to each location or POS, which will be appendable to the single corporate merchant number. • Provide a single point of contact for both authorization and settlement of transactions. • Customer support for installation, configuration, testing, validation, training, and on -going technical assistance for transaction processing and gateway services. • Provide customizable, electronic reporting features which allow for global reporting of a single umbrella merchant number or granular reporting for individual locations within the organization by a unique identifier. • Provide electronic files that allow for extraction or export into the city's financial system, JD Edwards or other enterprise data base applications. • Allow for reoccurring billing by securing and encrypting customer account information. Specifically identify the components and procedures used to secure customer information. • Responsive administrative support for resolution of banking and processing issues. The vendor will provide a detailed plan to ensure the continuity of the City of Fort Collins business processes for which the solution is selected in the event the vendor should go out of business, be acquired by another company, or encounter other business situations that will change the support or maintenance for the incorporated technologies. SA 09/01 /06 3 Visa U.S.A. Cardholder Information Security Program (CISP) �r� List of Compliant Service Providers v swipe PIi0Y1l ER ` YAL1 kiim bAn. °. fiERYlGE CAD Y IIEVij+° § ASS ` USAePay January 31, 2006 Internet Payment Processing AmbironTrustWave Valet Pay June 30, 2006 Merchant Payment Processing Fortrex Technologies Vanco Services January 31, 2006 Merchant Payment Processing Security Metrics VeriFone May 31, 2006 Merchant Payment Processing AmbironTrustWave Verus Card Services May 31, 2006 Merchant Payment Processing Cybertrust Vindicla January 31, 2006 Online Fraud Protection Services Payment Software Company Visa Debit Processing Service August 31, 2006 Payment Processing Cybertrust Vision Sankcard, Inc. / CartManager September 30, 2005 Merchant Payment Processing AmbironTrustWave WageWorks June 30, 2005 Prepaid Healthcare Programs Self -Assessment Way Systems July 31, 2005 Merchant Payment Processing Cybertrust Western Union Payment Services, a First Data Company (formerly Ecommerce Group) May 31, 2006 Merchant Payment Processing AmbironTrustwave WIIdCard Systems April 30, 2006 Payment Processing AmbironTrustWave WIIIowCSN March 31, 2006 Merchant Payment Services VeriSign World Access Service Corporation January 31, 2006 Visa Enhancement Management Services Self -Assessment Yahool Stores September 30, 2005 Intemet Payment Processing VeriSign Yodlee August 31 20o5i Bill Payment VeriSign YourPay, a First Data Company November 30, 2005 Merchant Payment Processing AmbironTrustWave Zion's Bancorporation / Modern Payment Technology May 31, 2006 Billing Services Cybertrust The following Service Providers have undergone a review with the TrustKeeper methodology, determined by Visa to be an acceptable alternative to the CISP validation: SERVICE PROVIDER VALIgATION W►TE " SERV CE9 C01 RW 81f ttESPGNEIBI EASSE$St Dateline Systems, Inc. May 31, 2005 Merchant Payment Processing TrustWave Fair Isaac May 31, 2005 Credit Scoring TrustWave NCO Group October 31, 2005 Merchant Payment Processing TrustWave Paradata Systems Mardi 5, 2004 Internet Payment Processing TrustWave Transaction Network Services October 31, 2005 Merchant Payment Processing TrustWave + CISP reviews represent only a "snapshot' of security in place at the time of the review, and do not guarantee that those security controls remain in place after the review is complete. These reviews did not cover proprietary software solutions that may be used or sold by these service providers. Induslon on this Ilst Indicates only that the service provider successfully completed a CISP assessment 9 following requirements proscribed fortheir CISP Level, based on the report of an Independent security assessor. Visa does not endorse the service providers or their business processes or practices. Visa has no duty to Members, merchants, processors or other third parties to obtain or review reports from any party required to submit a report, and Visa is not responsible to any party for the timeliness, accuracy or completeness of any report. Fraud and Loss Prevention: Vendors responding to this RFP must specifically identify their ability to provide the following items. The vendor must identify any costs, fees or penalties associated with the listed goods and/or services. • Proactive security and fraud detection. • System must meet Payment Card Industry (PCI) compliance standards. Identify or provide supporting documentation that system meets this requirement. • Provide transaction fraud screening to identify potential fraudulent activities, such as invalid credit, duplicate transactions, or incorrect keying. • Digital certificate authentication. • Provide automated risk monitoring tools and hands-on training. Fees/Costs/Penalties: Vendors responding to this RFP must specifically identify their ability to provide the following items. • Competitive pricing for merchant bank and gateway processing costs/fees with no hidden costs/fees — all costs must be itemized, detailed, and disclosed. Failure to fully disclose fees, costs, and penalties will be immediate grounds for contract termination if later discovered. • Identify any and all fees and costs for: application processing, setup, installation and testing, customer and administrative services (The City will not accept low monthly limits, inflexible policies, long-term lock -in contracts, add -on costs, and arbitrary monthly limits. The City will not accept charge back fees or imposed rolling charge back reserves.) • Merchant bank must deposit revenue into depository bank within 24-72 hours of payment transaction settlement. • Penalty provisions must be explicitly disclosed. • Need to provide flexible, competitive card present and card not present fees. Implementation: • The City of Fort Collins will: o Be actively involved in the design and implementation phases, testing, and acceptance of all application components. o Will assist with user training. A technology project team will be designated to assist with the implementation of this project. o The Project Manager must accept each phase of the project and provide final acceptance of the entire project before payments for each particular phase or final payment for an entire project shall be made. "Acceptance" shall mean approval, in writing, of the completed installation and implementation of a project phase or of an entire project, after allowing what the Project Manager deems to be sufficient operating time in a production environment to allow the Project Manager to determine that such installation and implementation complies with the Scope of Work and/or any Specifications relevant to the project. SA 09/01 /06 4 Minimum Requirements to Propose: The City's minimum requirements for banks responding to this RFP include: a. A Green VERIBANC, Inc. rating if applicable b. Total assets of at least $2 Billion c. Capital ratios indicating the proposer is at least adequately capitalized. d. Approval as an Eligible Public Fund Depository by the Colorado State Banking Board e. Provide information from a third party that verifies your credit standing and financial ability to provide the services to the City. The City cannot enter into a contract with a proposers that do not meet the minimum criteria outlined above. Proposers that do not currently meet the minimum criteria but desire to submit a proposal must include a written Justification for Consideration. A written Justification for Consideration does not obligate the selection committee to consider the proposal of a bank that does not meet the minimum criteria. Designation as an eligible public depository by the State Banking Board cannot be waived. Credit Card Receipt Processing: Currently, all Visa, Mastercard, and Discover receipts collected by the City are forwarded to the bank for processing. When a City location requests the ability to accept credit cards the bank provides the hardware (at an agreed upon price) and completes the set up for the location. Average monthly transaction detail Number of City locations accepting Credit Cards: 25 Number of monthly EDC transactions: 16,000 Average dollar amount of EDC transactions: $999,002 Average ticket amount $62.44 SA 09/01 /06 5 Review and Assessment: The evaluation team will use the following criteria to judge and score the written proposals and, if necessary, for interviews. The rating scale shall be from 1 to 5, with 1 being the lowest score, 3 being an average rating, and 5 being an outstanding rating. WEIGHTING QUALIFICATION STANDARD FACTOR 2.5 Fees and Compensation The proposal that Cost provides the electronic payment processing services at the lowest total cost to the City. Degree to which the proposal and supporting Understanding City materials demonstrate that the firm 2.5 Needs understands the City's needs and operational requirements. Quality and scope of the conversion implementation plan. Evaluation of key financial ratios and financial 1.0 Financial Strength position provided by independent rating services. Scope of Electronic Payment Processing Services. The availability and quality of 3.0 Scope of Services services proposed by the firm. Includes the value of any new product or service suggestions or other new ideas and enhancements. The experience, resources, and qualifications 1.0 Experience of the firm and individuals assigned to the City's account. Relevant experience managing similar relationships with public sector clients. At the option of the City, interviews and site visits may be conducted with some or all of the firms responding to this Request for Proposal. The final selection will be based on an evaluation of all of the information submitted and the City's determinations that the proposal will best serve the City's needs. SA 09/01 /06 6 SERVICES AGREEMENT THIS AGREEMENT made and entered into the day and year set forth below by and between THE CITY OF FORT COLLINS, COLORADO, a Municipal Corporation, hereinafter referred to as the "City" and hereinafter referred to as "Service Provider". WITNESSETH: In consideration of the mutual covenants and obligations herein expressed, it is agreed by and between the parties hereto as follows: 1. Scope of Services. The Service Provider agrees to provide services in accordance with the scope of services attached hereto as Exhibit "A", consisting of ( ) page and incorporated herein by this reference. 2. The Work Schedule. The services to be performed pursuant to this Agreement shall be performed in accordance with the Work Schedule attached hereto as Exhibit "B", consisting of ( ) page, and incorporated herein by this reference. 3. Contract Period. This Agreement shall commence , and shall continue in full force and effect until , 200 , unless sooner terminated as herein provided. In addition, at the option of the City, the Agreement may be extended for additional one year periods not to exceed ( ) additional one year periods. Renewals and pricing changes shall be negotiated by and agreed to by both parties. The Denver Boulder Greeley CPIU published by the Colorado State Planning and Budget Office will be used as a guide. Written notice of renewal shall be provided to the Service Provider and mailed no later than ninety (90) days prior to contract end. 4. Delay. If either party is prevented in whole or in part from performing its obligations by unforeseeable causes beyond its reasonable control and without its fault or negligence, then the party so prevented shall be excused from whatever performance is prevented by such cause. To the extent that the performance is actually prevented, the Service SA 09/01 /06 8 Provider must provide written notice to the City of such condition within fifteen (15) days from the onset of such condition. [Early Termination clause here as an option. 5. Early Termination by City/Notice. Notwithstanding the time periods contained herein, the City may terminate this Agreement at any time without cause by providing written notice of termination to the Service Provider. Such notice shall be delivered at least fifteen (15) days prior to the termination date contained in said notice unless otherwise agreed in writing by the parties. All notices provided under this Agreement shall be effective when mailed, postage prepaid and sent to the following addresses: City: Service Provider: In the event of early termination by the City, the Service Provider shall be paid for services rendered to the date of termination, subject only to the satisfactory performance of the Service Provider's obligations under this Agreement. Such payment shall be the Service Provider's sole right and remedy for such termination. 6. Contract Sum. The City shall pay the Service provider for the performance of this Contract, subject to additions and deletions provided herein, per the attached Exhibit "C", consisting of ( ) page(s), and incorporated herein by this reference. 7. City Representative. The City will designate, prior to commencement of the work, its representative who shall make, within the scope of his or her authority, all necessary and proper decisions with reference to the services provided under this agreement. All requests concerning this agreement shall be directed to the City Representative. 8. Independent Service provider. The services to be performed by Service Provider are those of an independent service provider and not of an employee of the City of Fort Collins. SA 09/01/06 9 The City shall not be responsible for withholding any portion of Service Provider's compensation hereunder for the payment of FICA, Workmen's Compensation or other taxes or benefits or for any other purpose. 9. Personal Services. It is understood that the City enters into the Agreement based on the special abilities of the Service Provider and that this Agreement shall be considered as an agreement for personal services. Accordingly, the Service Provider shall neither assign any responsibilities nor delegate any duties arising under the Agreement without the prior written consent of the City. 10. Acceptance Not Waiver. The City's approval or acceptance of, or payment for any of the services shall not be construed to operate as a waiver of any rights or benefits provided to the City under this Agreement or cause of action arising out of performance of this Agreement. 11. Warranty. (a) Service Provider warrants that all work performed hereunder shall be performed with the highest degree of competence and care in accordance with accepted standards for work of a similar nature. (b) Unless otherwise provided in the Agreement, all materials and equipment incorporated into any work shall be new and, where not specified, of the most suitable grade of their respective kinds for their intended use, and all workmanship shall be acceptable to City. (c) Service Provider warrants all equipment, materials, labor and other work, provided under this Agreement, except City -furnished materials, equipment and labor, against defects and nonconformances in design, materials and workmanship/workwomanship for a period beginning with the start of the work and ending twelve (12) months from and after final acceptance under the Agreement, regardless whether the same were furnished or performed by Service Provider or by any of its subcontractors of any tier. Upon receipt of written notice from City of any such defect or nonconformances, the affected item or part thereof shall be redesigned, repaired or replaced by Service Provider in a manner and at a time acceptable to City. SA 09/01 /06 10