Annex A: Terms of Reference RFP/2017/798 Global Online Payment Gateway

Transcription

1 Annex A: RFP/2017/798 Global Online Payment Gateway Reference: RFP/2017/798

2 Table of Contents 1 Introduction Background Statement of Purpose & Objectives... 4 Core requirements Wide variety of payment methods Multi-currency payments Merchant Accounts Transactional s Notification s Donor Management Hosted e-commerce option Security Other services, required for the performance of the key requirements Reporting and recording of donor accounts Hosting Integration with third party systems Service Levels and Support The Expected Role of the Bidder Risk Management Customer Responsibilities Content of the Technical Offer Company Qualifications Proposed Services Personnel Qualifications Vendor Registration Form Applicable General Conditions Evaluation Technical Evaluation Key Performance Indicators Performance Evaluation Page 2 of 12

3 1 Introduction 1.1 Background The Office of the United Nations High Commissioner for Refugees (UNHCR) was established by the U.N. General Assembly in 1950 to provide protection and assistance to refugees and Internally Displaced People (IDPs). In more than five decades, the agency has helped tens of millions people to restart their lives. Today, UNHCR is one of the world's principal humanitarian agencies. Its staff of more than 7,190 personnel is helping more than 36.4 million people in more than 127 countries. Staff members work in a diversity of locations and conditions including in our Geneva-based Headquarters (HQ) and more than 100 field locations. For more information, please see UNHCR's Public Sector Partnerships (PSP) Section raised over USD 208 million in 2015 which is almost entirely funded by voluntary contribution. In 2016 our international online fundraising programme raised donations of over $9 million USD. Donations are sought every year for UNHCR's Annual Programme Budget, which includes the support of regular operations. But the agency also launches supplementary appeals throughout the year, seeking extra donations for new emergencies that cannot be forecast in advance. PSP has two key fundraising programs, Individual giving (Face to face, DRTV, Digital) and Leadership giving (corporates, foundations and major donors). We are actively fundraising in Europe (Spain, Italy, Germany, Sweden, UK, France, Netherlands) North America (Canada, US), Latam (Brazil, Mexico, Argentina, etc.) Asia (Hong Kong, Thailand, Philippines, Japan, South Korea, China, India) Australia, MENA (UAE, Saudi Arabia, Kuwait etc.), Africa (Kenya, South Africa, Nigeria etc.), However, our International website accepts online donations from anywhere in the world. Our international donation landing page: UNHCR are looking to develop a global payments provider with locally tailored payment solutions. This payment gateway is intended to bring significant benefits to the UNHCR fundraising programmes, streamline our online giving process, and make it quick, easy and secure for supporters to make an online donation from anywhere in the world in whatever currency and language they choose. It is also intended that this system will be a best of breed system that is flexible enough to cover all international markets and is supported by a long term development roadmap for new features and investments. UNHCR are aiming to boost online contributions to UNHCR globally to deliver long term sustainable solutions that provide security, dignity and a future for refugees. With our strategy of Digital First we will look first for digital opportunities in everything we do, locally and globally. Our global investment will prioritize rapid expansion of digital supporter engagement and online donations are expected to deliver dramatic and sustained growth of donor recruitment programmes. This project has been initiated by UNHCR s Division of External Relations (DER) in order to ensure that UNHCR has a frame agreement/s in place with a payment gateway provider/s to enable our rapid growth of online donations. Page 3 of 12

4 1.2 Statement of Purpose & Objectives UNHCR is a global organisation, and as such any new solution and payments mechanism will need to provide a fully flexible country specific/currency/payment method as payment methods/credit cards and banking arrangements will be different according to region. The system would need to be a secure, hosted, easy to use (both internally and for the donor), error free, flexible and quick payment system that has the potential to substantially increase conversion rates and number of transactions globally. The payments provider should have the following requirements as standard: Fully PCI DSS level 1 compliant Fraud screening and risk management to prevent fraudulent transactions/duplicate payments Ability to accept online donations in multiple currencies Enable regular credit card transactions (one off payment and regular giving) Ability to collect regular payments on an annual, monthly, quarterly basis - flexible Enable payment by direct debit (where country appropriate) and/or ability to capture banking details for offline processing. Support payments for international credit cards, PayPal, local debit cards and prepaid credit cards Support non UTF8 characters (such as Arabic and Chinese) Tokenization capabilities Advanced payment reporting Ability to transact and report in real time Enables multiple Merchant Accounts Mobile responsive Mobile payments Compatible with main international web browsers (Google, IE, Firefox, Safari, Opera etc) An internal team within the PSP unit in Copenhagen will be assigned to the project; as such there may be multiple contacts for the agency. The role of the internal team will be to provide input and approval on platform functionalities, to act as intermediary between national offices and the bidder and to bring functional and/or technical knowledge of UNHCR to the bidder team as needed. The successful bidder is expected to be awarded a Frame Agreement for the duration of three years, with a two year possible extension. DER has an ambitious five-year engagement and fundraising strategy that endeavors to capitalize on support and funds from the public and private sectors through a variety of online channels, including digital, television and social media. As part of their digital fundraising strategy most of the UNHCR offices accept online donations (both single and regular donation). Many UNHCR PSP fundraising offices use locally procured payment gateways, and others currently use a common international payment gateway (Worldpay). UNHCR international donation pages are managed via a custom CMS and are integrated with a global payment gateway. UNHCR are looking to develop a global online payment provider with locally tailored payment solutions. This payment gateway is intended to bring significant benefits to the UNHCR fundraising programmes, streamline our online giving process, and make it quick, easy and Page 4 of 12

5 secure for supporters to make an online donation from anywhere in the world in whatever currency they choose. It is also intended that this system will be a best of breed system that is flexible enough to cover all international markets and is supported by a long term development roadmap for new features and investments. Agency vendors are invited to respond to the core service areas required from this RFP. It is essential that any vendor responding to this RFP is able to provide UNHCR with: 1) Ability to accept international and local payments in multiple currencies that can interface with multiple languages 2) Level 1 compliant with the Payment Card Industry Data Security Standard (PCI DSS) 3) API that is easily integrated with database s 4) Excellent support capabilities 5) Fraud protection and screening tools UNHCR therefore invites quality agency vendors to make a firm offer for the establishment of Frame Agreement(s) for the provision of a global online payment gateway or gateways. UNHCR would like to establish Frame Agreement(s) with one or more selected agency vendor s areas for three (3) years extendable for another two periods of up to one (1) year each. The successful bidder(s) will be requested to maintain their quoted pricing model for the duration of the Frame Agreement(s). UNHCR may choose to appoint more than one vendor within this RFP, based on the vendor s relevant expertise, global and/or regional coverage and experience. 1.3 Core requirements UNHCR would select a specific banking counterparty to facilitate the payment gateway integration. Payments would be regularly credited directly and automatically to dedicated UNHCR bank account (unless offline processing is in place). Within the same agreement UNHCR requires the flexibility to select additional local banking counterparty according to specific countries legal requirements. Specifically we are seeking a provider(s) with a flexible, safe and reliable online payment system which is able to provide the following: Wide verity of payment methods International Credit card (one off payment and regular giving)(visa, Amex, MasterCard) Debit cards (one off payment and regular giving) Direct Debit payments PayPal Mobile payments Checkout by Amazon ewallets (Alipay) Prepaid Solutions Prepaid credit/debit cards Real-Time Bank Transfers and Vouchers i.e. GiroPay Local payment methods as required specific to country Ability for UNHCR staff and external suppliers to directly upload/input payment details taken over the telephone and from direct mail. Page 5 of 12

6 1.3.2 Multi-currency payments The system will need to have the ability to accept payments in multiple currencies Multi language The system will need to be compatible with English, Chinese (simplified and traditional), Arabic, Russian, French, Thai and other languages that may be requested in the future Supports right to left display Merchant Accounts Ability to create and maintain multiple merchant accounts and local banking solutions Transactional s All transactional (if provided) should be fully customizable (including template, content, subject line and sender) from the system interface Ability to provide receipt of payment Ability to personalize transactional s with donor and payment information Notification s Enable merchant notification when a payment fail, card is expired or is cancelled by the donor Donor Management Ability to manually set up payments and refunds Hosted e-commerce option The global payment gateway provider is expected to provide also the option to store the payment pages on the merchant local server but still be linked to the payment gateway to manage transaction and deposit funds into the merchant account. Full reconciliation & reporting XML integration (direct and re-direct) Hosted Payment Pages Recurring payments Tokenisation Security NGO s are often targeted by fraudsters who trial transactions on stolen card details to check if the cards are working. As a result, the following fraud prevention methods are important to ensure the reliability and integrity of the service is upheld. The system would need to be a secure, easy to use (both internally and for the donor), error free, flexible and quick payment system that has the potential to substantially increase conversion rates and the number of transactions globally. The payments provider should have the following requirements as standard: in the address bar SSL certification the padlock icon (double click to see details of security certificate) logos from third party verification services Option to use 3D secure authentication where appropriate Verified by Visa MasterCard Secure Card J/Secure Page 6 of 12

7 Standard card validation services CVN and CVV2 Address Verification Service (AVS) Conditional rules for filtering out fraudulent transactions (based for example on address and IP) should be in place. Risk management should be applied to every transaction to prevent fraudulent transactions/duplicate payments. Third party providers should operate in accordance to the following standards: ISO International standard for Information Security Management Systems PCI DSS PCI Security Standards Council The basic requirement is secure data collection and ensures that sensitive data is securely. Some local requirements may exist in each market, e.g., the UK banks require account validation software to be integrated. The third party payment service provider will secure the payment data on behalf of UNHCR. All companies must detail: How they ensure that donor s financial details are secure (PCI) What measures they take to ensure donor details are held according international data protection laws 1.4 Other services, required for the performance of the key requirements Reporting and recording of donor accounts Enable reporting of payments by: Status of donation and regular payment Full reporting on card decline rates per country and reasons Single donations and regular gifts Amounts Country Payment type (PayPal, credit card etc.) Payment provider batch details for payments - auditing purposes Date responsive payment reporting Flexible ability to search for donors i.e. name, amount, date, address, etc. Enable reporting of: Card expired Regular payment cancelled by donor Payment failed Refunds Disputes Real time reporting Based on payment form fields Different time frames (not only monthly) Data from the system in different format such as CSV or Excel Scheduled reports to a custom defined address in different file formats such a CSV or TSV Ability to pull donor data based on batch reports of income banked Page 7 of 12

8 Internal Ability to store information on the type of campaign a donor gave to and also the marketing source. Ability to process refunds Ability to manually change regular payment amounts and cancel Ability to manually change dates of regular amounts - flexible Hosting The provider is expected to provide as a minimum requirement: A web-based solution with minimal technical implementation efforts required. Robust hosting capacity able to process high volume of payments (up to 1,000 transactions per minute for large appeals) A strong service provision in relation to downtimes/response times A full and robust disaster recovery process and procedure (documented) Regular and thorough load testing Integration with third party systems Most UNHCR offices would prefer to have a payment system that passes data securely to their systems automatically. We expect the global payment provider to have an API to enable easy integration with multiple third party systems and enable to process transactions directly from the local donor database, website or online fundraising Service Levels and Support Full specifications will be required on appointment of supplier the following is a basic guide only. Agile and expert technical support and full prioritisation processes for bug fixes and technical queries Automated and fully documented process/procedure for error monitoring and logging Training for UNHCR staff on the product Regular reporting and support on improving card declines Fully documented user specifications updated regularly 24 hour support desk on request (for larger appeals and campaigns) The Expected Role of the Bidder The bidder is expected to submit a written proposal outlining how the product matches the requirements listed above (see paragraphs 1.3 and 1.4). The bidder is expected to provide a Focal Point/Account Management Team to lead collaboration with the UNHCR regional teams/ Global Project Managers. Similarly, the bidder will be asked to assist the UNHCR team with the transfer of applicable functional and technical knowledge to UNHCR resources. The bidder is also expected to give details of the skill sets to support the project including on going requirements from UNHCR. The bidder is requested to clearly state any assumptions of deliverables, facilities or resources they expect UNHCR to provide. The desired provider should have: Relevant experience with non profits and/or organizations with similar goals Relevant experience in integration with third party country specific systems and databases Relevant experience of international e-commerce and online payments legislations Page 8 of 12

9 1.4.6 Risk Management The bidder will assume a direct responsibility for risk management to the extent that project deliverables should not be imperilled. To this end, the bidder will work with UNHCR project management to ensure that risk is at all times identified in a timely manner, and managed to ensure that the project is not adversely impacted. Appropriate documentation will be maintained for UNHCR project management. 1.5 Customer Responsibilities The UNHCR is responsible for providing the following: - Liaising with the Contractor(s), attends regular project management calls and meetings - Reconciling reports submitted by the Contractor(s) - The Digital Engagement team will be the main point of contact initially, with other teams being introduced as needed. Other regional fundraising around the world will be the main point of contact for the agenc(ies) local account service teams. Page 9 of 12

10 2 Content of the Technical Offer Your Technical proposal should be concisely presented and structured in the following order to include, but not necessarily be limited to, the following information: 2.1 Company Qualifications - A description of your company with evidence of your company s capacity to perform the services required, including: Company profile, registration certificate, security certificates, and last audit reports - Year founded - If a multi-location company, please specify the location of the company s headquarters, and the branches that will be involved in the project work with founding dates; - Experience in the business or the number of similar and successfully completed projects - Number of similar projects currently underway; - Any relevant experience working with UNHCR, other UN Agencies or International/global companies and NGOs should be included; - Total number of clients, please provide a list; - You are requested to provide three (3) references that we may contact from your current client list; - Full PCI certification is mandatory 2.2 Proposed Services Bidders are requested to provide written proposal describing how you provide the services as outlined in section 1.2, 1.3 and 1.4 including your SLA s. 2.3 Personnel Qualifications A list of the core staff including short resumes to be assigned to this project for any technical support/set up, ongoing account management, and global payment authorization optimisation support. 2.4 Vendor Registration Form If your company is not already registered with UNHCR, please complete, sign, and submit with your Technical Proposal the Vendor Registration Form (Annex C). 2.5 Applicable General Conditions Please indicate your acknowledgement of the UNHCR General Conditions of Contract for the Provision of Services (Annex D) on the RFP Checklist Form (Annex E) and including it in your submitted Technical Proposal. Page 10 of 12

11 3 Evaluation 3.1 Technical Evaluation The Technical offer will be evaluated using inter alia the following criteria and percentage distribution: 70% from the total score. Company Qualifications - General Liability / Capacity of the Company - Overall experience/time in business - Presence / Experience in the market - Security of proposed service Proposed Services - Comprehensiveness of written proposal - Quality/clarity of interpreting and presenting the required services as outlined in section Experience of completing similar projects internationally Presentation via WebEx presentation - Experience of core people and support teams including Service Levels and Support. - Quality of proposed services and all other services offered and demonstrated in the presentation Agencies passing a minimum of 35 out 50 combined score for total of Company Qualifications and Proposed Services elements will be invited to participate and deliver a WebEx presentation of their proposal as outlined in Personnel Qualifications. This is expected to be one hour maximum. This presentation will form part of the technical evaluation. The minimum passing scores is 35 out of 50; if a bid does not meet these minimums it will be deemed technically non-compliant and will not proceed to the next stage presentation. If a minimum score of 45 out of 70 is not reached cumulatively after the Presentation stage it will be deemed technically non-compliant and will not proceed to the financial evaluation. Page 11 of 12

12 4 Key Performance Indicators 4.1 Performance Evaluation UNHCR expects to monitor the performance of the selected supplier on a monthly basis according to the following KPIs: - Amount of successful donations (declines and authorized) globally and by country - Response time to enquiries, setting up new Merchant accounts and new currencies - Security of the system - Number of technical incidents - Enhanced reporting tools for monitoring system Page 12 of 12