Fiscal Note
The proposed resolution authorizes a contract (non-competitive) with Baker Tilly to carry out a scope of work to establish Payment Card Industry Data Security Standards. The total cost of the proposed contract is $90,000. These costs will be split between funding sources; under this allocation the General Fund share will be $50,000, the share for each enterprise fund will be $5,000 per fund. The General Fund share will be funded through existing appropriations in the Finance Department (Service-Treasury, Major-Purchased Services).
Failure to develop the plan outlined in this scope of work, will result in a $5,000 monthly penalty until the plan is finalized.
Title
Authorizing the sole source Payment Card Industry Data Security Standards (PCI DSS) consulting contract to Baker Tilly.
Body
WHEREAS, the City of Madison processes over one million credit card transactions per year and exceeds $28 million; and,
WHEREAS, the City utilizes many different systems to process these transactions; and,
WHEREAS, transactions are accepted in person, over the phone and online; and,
WHEREAS, the majority of transactions relate to the Parking Utility with the increase in card enabled pay stations and street meters; and,
WHEREAS, the major credit cards brands created the PCI Security Standards Council in 2006 to implement the Payment Card Industry Data Security Standards (PCI DSS) aimed at preventing liabilities and losses related to credit card data; and,
WHEREAS, a breach of cardholder data reduces customer confidence, creates liability from fraud loss and legal actions subjecting a merchant to fines, penalties and potential loss of card acceptance; and,
WHEREAS, the PCI DSS requires a merchant to create and maintain systems to safeguard cardholder data that includes maintaining a secure network, protecting cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test the network and maintain an...
Click here for full text