Madison, WI Header
File #: 83213    Version: 1 Name: Authorize PCI Compliance Contract
Type: Resolution Status: Passed
File created: 5/1/2024 In control: TRANSPORTATION COMMISSION
On agenda: 6/4/2024 Final action: 6/4/2024
Enactment date: 6/7/2024 Enactment #: RES-24-00376
Title: Authorizing the Mayor and the City Clerk to enter into an agreement with Windcave Inc. and Synovus Financial Corporation for payment services on behalf of Madison’s Parking Utility, including PCI compliance.
Sponsors: Dina Nina Martinez-Rutherford, Michael E. Verveer
Attachments: 1. Windcave - Non-Competitive Selection Request - CC Approval Required April 2024.pdf
Fiscal Note
The proposed amendment authorizes a non-competitive agreement with Windcave Inc. and Synovus Financial Corporation for services related to preventing credit card data liabilities and losses in the Parking Division. The cost of the contract will be based on a percentage of credit card payments made and the Parking Division estimates it will be approximately $200,000 per year. The contract is for a term of two years with automatic two-year renewals to be approved by the Parking Division Manager. Funding for 2024 is included in the Parking Division’s operating budget. No appropriation is required.
Title
Authorizing the Mayor and the City Clerk to enter into an agreement with Windcave Inc. and Synovus Financial Corporation for payment services on behalf of Madison’s Parking Utility, including PCI compliance.
Body
WHEREAS, the major credit cards brands created the PCI Security Standards Council in 2006 to implement the Payment Card Industry Data Security Standards (PCI DSS) aimed at preventing liabilities and losses related to credit card data; and,

WHEREAS, a breach of cardholder data reduces customer confidence, creates liability from fraud loss and legal actions subjecting a merchant to fines, penalties and potential loss of card acceptance; and,

WHEREAS, the PCI DSS requires a merchant to create and maintain systems to safeguard cardholder data that includes maintaining a secure network, protecting cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test the network and maintain an information security policy; and,

WHEREAS, a merchant is required to document these elements and provide an attestation of compliance and assessment questionnaire to the card brands as evidence of a system and related maintenance; and,

WHEREAS, the City of Madison Parking Utility processes a high volume of card transactions per year at Parking Utility garages, with such transactions totaling app...

Click here for full text