Specifications include, but are not limited to: Standalone PCI-validated P2PE point of sale solution including devices for card-present and mail order/telephone order (MOTO) transactions meeting the following specifications: 3.1 Solution is listed on the PCI Point-to-Point Encryption (P2PE) Solutions web site with a reassessment date that is not in the past. For clarification, 1. If reassessment dates are in orange or red, provide expected resolution of issues. 2. If reassessment date is within six (6) months, include current status of reassessment and provide plan for Offeror to complete an approved reassessment prior to reassessment date. 3. Provide plan for continuing to list solution on PCI Point-to-Point Encryption (P2PE) Solutions web site with an unexpired reassessment date. 3.2 Device is listed on the Approved PTS Device web site with an expiry date that is not in the past. For clarification, 1. If expiry date is within six (6) months, include current status of device update. 2. Provide plan for continuing to provide devices that will be listed on the Approved PTS Device web site as the expiry dates for current devices are reached. 3. Provide plan for replacement of deployed devices in the field that are approaching the expiry date. Include what types of advanced documentation or notifications are provided. 3.3 Solution meets all relevant PCI DSS requirements, as needed to provide the goods or services requested under this informal RFP, both at implementation and in the future. For clarification, 1. Provide copy of most recent PCI DSS Attestation of Compliance (AOC) or Self-Assessment Questionnaire (SAQ). 2. Provide plan for continuing to meet relevant PCI DSS requirements, both now and as requirements change. 3. Contractor will be required to continue to meet all relevant PCI DSS requirements under the terms of the Contract and to provide proof of such compliance upon a SDBOR campus request. Proof may include but is not limited to providing detail around Contractor meeting current and ongoing PCI DSS, PCI-validated P2PE, and PA DSS. Contractor also to provide their PCI DSS AOC or SAQ when requested by a SDBOR campus but no less than annually in order to support SDBOR’s PCI DSS attestation process. 3.4 Solution operates in real time, 24 hours per day, 7 days per week. 3.5 Solution can be used in multiple locations and location types, including: 1. Multiple locations and buildings on campus locations across the state. 2. Remote static locations not on a SDBOR campus, such as County Extension offices. 3. Mobile untethered use without a static location, similar to use of a cellular wireless device. One example use would be for merchants such as Bookstore merchants, whose staff may conduct sales during various events held across the state and country. 3.6 Solution supports Payment Card data entry via: 1. EMV card insertion chip reader. 2. Swipe. 3. Manual key pad. 4. NFC/contactless. 3.7 Solution supports the following Merchant ID capability: 1. Uses existing SDBOR merchant IDs issued via Elavon. 2. Ability to use multiple devices with a single SDBOR merchant ID. 3. Ability to use multiple merchant IDs on a single device. 4. Ability to programmatically complete a merchant-managed service fee transaction during a customer transaction which allows a service fee, for example, a tuition payment. 3.8 Device can connect via: 1. Wired ethernet. 2. Wireless internet. 3. Cellular wireless. 4. Analog phone line.
