City of Madison, Wisconsin | Legislative Information Center
Share to Facebook Share to Twitter Bookmark and Share
File #: 60737    Version: 1 Name: Authorizing the sole source Payment Card Industry Data Security Standards (PCI DSS) consulting contract to Baker Tilly.
Type: Resolution Status: Passed
File created: 5/28/2020 In control: Finance Department
On agenda: 6/16/2020 Final action: 6/16/2020
Enactment date: 6/22/2020 Enactment #: RES-20-00468
Title: Authorizing the sole source Payment Card Industry Data Security Standards (PCI DSS) consulting contract to Baker Tilly.
Sponsors: Satya V. Rhodes-Conway
Attachments: 1. Baker Tilly Virchow Krause LLC - Non-Competitive Selection Request - CC Approval Required May 2020.pdf, 2. PCI DSS memo for resol 060420.pdf
Fiscal Note
The proposed resolution authorizes a contract (non-competitive) with Baker Tilly to carry out a scope of work to establish Payment Card Industry Data Security Standards. The total cost of the proposed contract is $90,000. These costs will be split between funding sources; under this allocation the General Fund share will be $50,000, the share for each enterprise fund will be $5,000 per fund. The General Fund share will be funded through existing appropriations in the Finance Department (Service-Treasury, Major-Purchased Services).

Failure to develop the plan outlined in this scope of work, will result in a $5,000 monthly penalty until the plan is finalized.
Title
Authorizing the sole source Payment Card Industry Data Security Standards (PCI DSS) consulting contract to Baker Tilly.
Body
WHEREAS, the City of Madison processes over one million credit card transactions per year and exceeds $28 million; and,
WHEREAS, the City utilizes many different systems to process these transactions; and,
WHEREAS, transactions are accepted in person, over the phone and online; and,
WHEREAS, the majority of transactions relate to the Parking Utility with the increase in card enabled pay stations and street meters; and,
WHEREAS, the major credit cards brands created the PCI Security Standards Council in 2006 to implement the Payment Card Industry Data Security Standards (PCI DSS) aimed at preventing liabilities and losses related to credit card data; and,
WHEREAS, a breach of cardholder data reduces customer confidence, creates liability from fraud loss and legal actions subjecting a merchant to fines, penalties and potential loss of card acceptance; and,
WHEREAS, the PCI DSS requires a merchant to create and maintain systems to safeguard cardholder data that includes maintaining a secure network, protecting cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test the network and maintain an...

Click here for full text