Fare Collection Solution

The Vendor is required to provide a mobile ticketing and fare collection system that will provide customers with the ability to purchase, validate and manage fares using a self-service application, while allowing multiple onboard fare payment options and the utilization of fare capping programs.
- Current fare technology is to allow for cashless and contactless fare payment options for our customers and to make fare payment quick and easy for all - frequent riders as well as infrequent “one time” riders/visitors.
- Pay for fares using credit cards and debit cards when boarding the bus.
- Ability to tap a phone or smart device on the bus to pay for a fare.
- Continue to tap a smart card on the bus for existing frequent rider programs such as the city resident pass program.
- Offer fare capping options to all riders and routes.
- Continue to enable our hotel partner program which allows for 3 day city local route service by showing or tapping a hotel specific pass/ticket.
- Integrate fare payment with current trip planning and schedule apps such as transit app, as well as accept and validate tickets created and managed by the city reservation and ticketing system.
- Allow for the ability to board passengers and validate fare payment at both the front and rear doors.
- To maintain a no-barrier boarding approach while ensuring fare compliance, the solution should enable real-time verification of fare payment status.
- The mobile ticketing and fare collection system shall be delivered as a Software-as-a-Service (SaaS), cloud-hosted, account-based platform. 
- The platform must run in a high-availability, multi-AZ public cloud environment (e.g., AWS, Azure, GCP) with automatic fail-over and horizontal scalability. 
- All production data must reside in centers (or other jurisdictions expressly approved by Roam Transit) with full data-residency controls.
- Provide both the system and any hosting services, either directly or through a third-party vendor.
- Technical Requirements:
•    Hosting facilities must incorporate levels of redundancy and resiliency to facilitate achievement of application and infrastructure availability, recovery, and other objectives.
•    Provide details on how the system functions in a similar manner regardless of the platform used (pc, smartphone, tablet etc.).
•    The system supports current operating systems and all browsers. Please provide details regarding OS and browsers supported.
•    Provide a list of requirements needed on the bus to support the proposed system. This includes the electrical requirements, connection/data requirements, hardware devices, mounting hardware etc.
•    All hardware should be provided by the vendor, explain in detail the hardware required for the solution and who and how the hardware is provided, installed, and configured.
•    Hosting facilities must hold an uptime institute certification or other industry data center recognition.
•    Provide a list of current financial institutions and/or payment processors that are compatible with the solution.
•    The system must be agency compliant, allowing for external authorization services, such as azure b2c, to authorize user access. Provide additional details for verification of compliance.
•    The system must integrate with roam’s current merchant of record for processing credit card transactions and can offer payment processing that is integrated or non-integrated with the current point-of-sale module and/or pin pad terminals (moneris).
- Security Requirements:
•    The system must accommodate authentication information passing in a secure manner from browser to server to authentication source. 
•    As such, Roam Transit requires HTTPS encryption before the data is transmitted by the browser. 
•    It is expected that this transmission will be at a minimum TLS 1.2/SHA2 with minimum 256-bit encryption. 
•    Data at rest should also be encrypted.
•    The system must have the capability to encrypt data transferred between application servers and database services.
•    The system must store authentication credentials on client computers after a session terminates.
•    The system must allow users to explicitly log out to terminate a session.
•    The system must enforce a session timeout after a configurable period of inactivity.
•    The system must have role-based security enabling the creation and management of user profiles within the environment including, but not limited to:
i.    Creation of a user with an associated user profile including security and access attributes appropriate to that user profile
ii.    Creating a group of users with common security attributes and profiles
iii.    Defining "roles" with role-specific attributes(e.g., Administrator)
iv.    Enrolling users into groups and assigning roles and attributes
v.    Removing users from groups
vi.    Modifying user attributes.

- Contract Period/Term: 1 year
- Questions/Inquires Deadline: August 22, 2025