The URL can be used to link to this page

#18-7266 (Masabi, LLC Amended #4) r....IL • masabi ,....., May 23rd 2024 Collier Area Transit 3295 Tamiami Trail East, Building C-2 Naples, Florida, 34112 Attn: Vanessa Diaz Dear Ms. Diaz, Letter of Authorization I, Craig Rattray as General Counsel of Masabi LLC, hereby authorize Brooke Duffy,VP, Customer Experience, to enter into contract variation with Collier Area Transit on behalf of Masabi LLC. I confirm that Brooke Duffy, has full consent and authority to act on behalf of(and bind) Masabi LLC in accordance with Masabi's internal corporate governance and authorizations policies. Please contact me if you have any questions or concerns regarding this letter of authorization. Yours faithfully, Digitally signed by Craig Rattray rq Date:2024.05.23 18:09:17 +01'00' Craig Rattray General Counsel Masabi LLC Email: craig.rattray@masabi.com FOURTH AMENDMENT TO AGREEMENT#18-7266 FOR Mobile Ticketing,Trip Planning Application and On-Board Wi-Fi THIS FOURTH AMENDMENT made and entered into on this i q day of Mo►y , 2024 by and between Masabi, LLC (the "Contractor" or "Masabi") and Collier County, a political subdivision of the State of Florida, (the "County") (collectively, the "Parties"): WHEREAS, on May 14, 2019 (Agenda Item 16.D.5), the County entered into Agreement No. 18-7266 (the "Agreement") with Contractor to provide a comprehensive end-to-end Mobile Ticketing System to its existing fare collection technology in the amount of $614,312.71 (the "Agreement"); and WHEREAS,on July 29,2019,the County administratively approved the First Amendment to the Agreement revising Annex 2, Payment Schedule and Charges, to correct a scrivener's error to Total amount under Implementation Project One-Time Cost from $65,169.00 to $67,138.00; and WHEREAS, on October 31, 2019, the County administratively approved the Second Amendment to the Agreement updating milestone tasks, correcting a minor calculation error to the retainage amount, and deleting the phrase "beginning one (1) year" from the Reoccurring Annual Fixed Fees tables to be consistent with Section 8.2 (d) of the Agreement; and WHEREAS,on June 1,2020,the County administratively approved the Third Amendment to the Agreement for the purchase of two Validators and mounting kits to include installation and Iicense fee for the additional hardware totaling $5,305.60 and to correct a scrivener's error to the amount reflected under the "Implementation One-Time Cost Summary"table; and WHEREAS, the Parties desire to further amend the Agreement to: (a) include additional services (namely SVA, Cash Digitization and ABT expansion), (b) upgrade electronic validation hardware, (c) extension of existing services (Justride White Lable rideCAT, Mobile application, mobile ticketing, and web portal) under the Agreement for a period of five years, and (d) additional modifications related to additional and upgraded services. NOW, THEREFORE, in consideration of the mutual promises and covenants herein contained, it is agreed by the Parties as follows: 1. The above recitals are hereby incorporated into this Fourth Amendment as if fully set forth herein. 2. The Parties agree to include additional services and necessary electronic validation hardware as set forth in the attached Exhibit 1-Additional Services and Validation Hardware, attached hereto and incorporated herein by reference, which will be added to the Agreement as Annex 1A. Annex IA is intended to supplement the existing Annexes 1, 2, and 4 of the Agreement. 3. The Parties agree that the County will continue to pay the current charges for the existing services until such time that the additional services have been delivered and implemented for full operational use. When the additional services are installed and operating correctly, the County shall pay the fees and charges for all services as depicted in the attached Exhibit 2 — i Page 1 of 4 Fourth Amendment to Agreement#18-7266 1p _ Additional Services and Validation Hardware Pricing,attached hereto and incorporated herein by reference, which will be incorporated into the existing Agreement by replacing the existing Annex 2 -Payment Schedule and Charges upon full implementation of the additional services. 4. The Parties hereby delete the existing Annexes 6 and 7 and replace with the new Annex 6 - Warranty Plan for Validation Hardware Equipment, Annex 6A — Validation Hardware IAT Procedure, Annex 6B — Masabi Payment Card Industries Hardware Compliance Plan, and Annex 7 - Masabi Service Level Agreement and Support Services, as set forth in Exhibit 3, attached hereto and incorporated herein by reference. The Parties further intend to incorporate certain revisions and additions to existing provisions within the Agreement, as depicted in Exhibit 3, for consistency in the implementation of the new Annexes. 5. Further, the Parties hereby extend the Agreement for an additional term of five years with an expiration date of May 13, 2029. 6. This Fourth Amendment shall take effect upon the date of approval by the Collier County Board of County Commissioners. 7. All other terms and conditions of the Agreement, as previously amended, shall remain the same. Signature page to follow Page 2 of 4 Fourth Amendment to Agreement#18-7266 C40 IN WITNESS WHEREOF, the Parties have executed this Fourth Amendment on the date and year first written above by an authorized person or agent. ATTEST: Crystal K.K.inzel, Clerk of the Circuit BOARD OF COUNTY COMMISSIONERS Court and Comptroller COLLIER COUNTY,FLORIDA By: "'""� . 'G By: Chi1/4„,&„ i.' all, Chairman Dated: __. DUO Z y (SEAL) 'Att•st as to Chairman's signature only Approve s o Form and Legality: Carl anne Sanseverino Assi tant County Attorney ,,t,,lffl C Contractor's Witnesses: " ,l• '.ssion�...U� .. ,Z. �mi • T'EONTRACTOR: go, N1 ,SABI, LLC J First Witness y ,_ v :,.�o•.lb -�Gam,! ignature TType/print witness Darnel' ,,.`'��TH OEff�.��, 11 �it t� t- 1 �.'� i TType/print signature and thief Second Witness MET FATEL � , Date CType/print witness namet Page 3 of 4 Fourth Amendment to Agreement #18-7266 EXHIBITS TO FOLLOW THIS PAGE Exhibit 1 Additional Services and Validation Hardware Exhibit 2 Additional Services and Validation Hardware - Pricing Exhibit 3 Additional Amendments to the Agreement • Annex 6-Warranty Plan for Validation Hardware Equipment • Annex 6A-Validation Hardware IAT Procedure • Annex 7- Masabi Service Level Agreement—Masabi SLA and Support Services Page 4 of 4 Fourth Amendment to Agreement#18-7266 C40 Exhibit 1 Additional Services and Validation Hardware The following new Annex 1A will be added to the Agreement after Annex 1: Annex IA-Additional Services and Validation Hardware SVA, Cash Digitization, ABT Expansion and JRVs New Features and Functionalities • Account-Based Ticketing • Stored Value Accounts • Smart Cards • New Validation Hardware • Ticket Sales and Cash Digitization a Vendor Portal o Partner Portal o Retail Locations Scope The graphics below illustrate the new scope of work to be provided in accordance with the High Level Plan set out in 'High Level Plan' section below. Account-Based Ticketing Electronic Best Fare Finding Funding Smart Cards Validation Source pops 0 YALIO • • # SVA justride JRV Validators ABT Fare Engine SVA Accounts MIFARE DESFires Ticket Sales and Cash Digitization S incomm - ''' --� payments ' • Vendor& Partner Portals Retail Locations Fo.; Account-Based Ticketing Account-Based Ticketing (ABT) enables riders to no longer need to buy a ticket in advance or understand fares before traveling as they would be charged the most favorable fare within the tariff based on their actual usage of the transit services. Riders can move around the transit system, securely identifying themselves during each leg of the journey (for example, by tapping a smart card or scanning a QR/barcode), with each journey either paid for directly after or authorized via an already-acquired pass. Achieving this requires two things - riders must have some means of securely identifying themselves and a source of funds to pay for journeys. Justride implements a core ABT Fare Engine that is agnostic of how identification and payment occur, supporting a range of tokens: ©'^ 513700 4 !')justride > .t; n 1 fl,id twn.e 4 OWN 50) justride 1234 SblB 2345 1023 a$7Day Pass t , tziia ` �// pH ItTHOMPSON Limited use cards MIFARE smart cards Mobile QR/barcodes Apple/GooglePay c-EMV bank cards Funded from a Justride Stored Value Account Funded by the payment card The ABT Fare Engine enables a "Tap & Go" experience - the rider only needs to tap the identity token on a validator which ensures funds are available. The back office calculates the appropriate fare to charge after travel. Rider equity can be guaranteed by Fare Capping (aka Best Fare Finding), which, if configured, ensures that the rider is always charged the lowest amount defined in the tariff rules for their recent travel history. This functionality allows regular riders to benefit from the price discount of, for example, a monthly pass, even if they cannot afford to purchase it at the start of the month. The Fare Engine is the component that executes the fare rules as defined by an agency to determine the fares to be paid by riders based on their usage of the services. The fare calculations honor any entitlement to discounted travel that the rider may have - for example, riders can register as seniors or veterans and the appropriate fares will be applied. Registered users can also view their trip history consistently across the Justride mobile app, web portal, and any MaaS app that supports token registration.. The Fare Engine takes as inputs the taps from riders on validation devices and the fare products defined in the agency's tariff to determine the most favorable applicable fares for riders. Products are defined by such things as Cost, Number of permitted uses, and Time of expiration from first usage. CAO In order to be allowed to travel, the rider's SVA needs to be in good standing, with the minimum balance to travel configurable by the agency. The validation devices will allow the rider to move around the network. Taps are sent to the Fare Engine, which goes through the following process when it receives a tap from a validation device: 1. It checks if there is an existing fare product already earned by the rider that can absorb this new tap without additional payment. If this is the case, it will attach this tap to the existing fare product. 2. If not, the Fare Engine creates all possible fare options for the rider, considering their existing fares earned within a relevant time window. 3. The Fare Engine provisions the product with the best value for the customer based on price and number of trips. 4. The Fare Engine charges the SVA (product cost - absorbed fares). a ti U $4 t td S3, f ,'"� m;1 S2. Si 5. Stored Value Accounts A Stored Value Account (SVA) is a transit credit balance, or ledger, held in the Justride ( . ,uytTap o. back office against a rider's account that can be used by the rider to pay for travel at a later point. It acts as a funding source for transit rides with the agency or other mobility services. The balance is held against the rider's account, and the Justride platform acts 1 $137.00 as a ledger recording additions, deductions, and the balance of the transit credit. © Top Up Aetln Balance © ViewmstTap rory 9 This balance can be used by riders to purchase tickets or passes and fund their trips when used under the Account-Based Ticketing modality. Depending on each country, an appropriate banking structure to hold funds in trust may be required, appropriate policy and terms and conditions for the agency need to be created, and a mechanism for apportioning and settling funds to agencies following the use of credit for payment by the rider. The Justride platform offers reporting capabilities that the agency can use to apply apportionment rules and settle funds. ^•....nxtabi ./ CAO Justride Validators Masabi will deploy its Justride Validator (JRV) devices to CAT for onboard electronic validation — in the volumes and for the pricing set out in the SVA, Cash Digitization and ABT Expansion) and validation hardware (JRVs) ("Additional Services and Products") section of Annex 2 (Payment Schedule and Charges). The JRV is a fixed validation device leveraging Masabi's significant experience in } Not Valid onboard validation hardware and software. It is designed to provide unparalleled functionality in a robust form factor. It possesses the necessary onboard storage, processing capability, and connectivity options to support any type of deployment. The JRV comes complete with various wired and wireless network interfaces to allow for flexible data connectivity. JRVs automatically boot up and connect to the Justride back office when powered on, automatically picking up any new configuration, requiring no bus driver interaction. Both the Inspect business logic and the Operating System can be remotely updated safely and reliably, and the device sends back a wide range of telemetry data to enable rapid fault diagnosis and alerts when problems occur. As a multi-format validator, the JRV is capable of accepting smart card media such as MIFARE/ISO14443, QR barcodes presented on mobile devices and paper, and Near Field Communication (NFC). A simple traffic-light system communicates validation results to the driver and passenger. The screen shows one of three responses every time a ticket or token is tapped or scanned on the validator: Valid (green), Valid Discounted Fare (yellow), or Invalid (red). The yellow screen indicates to the driver and passenger that an ID or other proof of eligibility is required. The JRV is a pole-mountable device compatible with all commonly found pole diameters, with a forward-facing large color screen for displaying fully customizable passenger feedback. cq0 Features Sound Alerts " ` 1 0 Robust design 'Colour Screen O —11— Horizontal pole mount option GP5 — Optical Scannner Vehicle-wide and network-wide IS pass back protection L' Simple installation and minimal Tactile Guide maintenance 15014443/NFC ®® Designed to meet accessibility 2 SAM sockets standards including US ADA EMV Level 1/2 jusrride PCI PTS V4.O4.0 Account-based ticketing ready Mobile Barcode Validation QR/barcode validation verifies a cryptographic signature from the server, evaluates the ticket- specific rule data that was signed inside the payload, and then, for limited-use tickets, checks whether the ticket has been seen before - all of which can be handled rapidly and reliably offline. LVerify Validate Check Z I® Signature Rules History 0 - Use public key to Can this ticket be used According to local sti 13 determine if we can on this date,at this database,has the Issuing server trust the validity rules time,in this place? ticket already been encodes validity rules inside the barcode used? into barcode,signing payload with private key jusrride Continuously synchronize local usage database state s. with rest of system Smart Card Validation When presenting smart card media or NFC tokens to an electronic validator, the first step is to identify its fare type (MIFARE, contactless EMV payment card, or any other supported type). Once completed, the validator verifies the associated cryptographic signatures of the fare media. If passed,the validator then determines the status of the token (acceptance, lack of funds, etc.) S Verify Check Validate MIFARE card with a Token ID Status Rules Justride signed ID on it Use MIFARE key to Is this ID enabled for Are there any validate the ID read travel In the current context-specific rulesrill from card,then check context? applying to this token justride Justrideign ure of ID In this location y at this signature of ID time ,litr Continuously synchronize token state database and tap data with rest of system Cash Digitization The Justride platform provides agencies multiple options to accept cash (or other outside payments) in exchange for tickets or to top up a stored value balance. The two most relevant to CAT are presented in the section below. State Park Crew Retail Locations Beach Bcmta Lake[,© WdtlGe Audubon and Environmental Area Corkscrew Swamp r tit Sanctuary ONLINE_ Masabi has partnered with InComm Payments, a leadingglobal payments onuaBcach9 Y a Y Everglades® CREW Flint Wonder Gardens Peo Strand Trail technology company, to utilize their "-3. BonitaSpr,ngs existing retail network to top-up riders' p"h"' " 9 ew.,<.,.F na sw� unl © CREW Bird Rookery Stored Value Accounts (SVA) usingteggais Pass Quad net GollQ floe CountrNahony Club InComm Swamp Esruanne R Country Cluu InComm Payments' Vanilla Direct Afedan° 2o Area[cnee f:,a Bonita Bay Club Naples payment platform. Cocohatchee 9 River Park Ma ® Orangetree Pubic.Super Market DelnorWiggins Golisano Childrens at The Shoppes at Retailers don't need to invest in any Pass State Park Mn of No �J aValencia Trailsv additional hardware or bespoke N*aple9 integration beyond their existing Mercator 9 �j Tiburon Golf Club integration with the payment network, o and neither agencies need to invest in Bras»Supermarkets hardware to be deployed in retail Co:.rcoWhole:ale9 V„Q,ds ` outlets or any integration and get GIampas access to an extensive list of retail NGALA Wildlife outlets within Incomm's network. Greyoaks9 Golden* Preserve '- Naple52ooat w Riders can visit any participating retail �9t,arbheanGardens c� fill outlet to preload cash onto their stored Q ©moot col Gate Blackburn N k Roofing R Sht=9 value accounts. Retailers add credit to • riders' accounts by accepting a cash ,410 .4- Mb payment and scanning the barcode in .. the user's Mobile app or printed on their Naples ..'rrlera Apartments Physicians Regional smart card. Riders can then use the cash Botanical © Calker Blvd Garden rely deposited to use their Justride ABT Naples Manor Verona Walk 9 Lely Resort KeIsland n island Wes ReserveQ h CA O. account to ride and be charged the most favorable fare within the tariff according to their transit usage. If they prefer to purchase tickets in advance, to buy, store, and display tickets in their in- app wallet. Vendors are not responsible for any additional development beyond their existing integration with the payment network, though agencies are limited to vendors with a relationship with a given network. Justride captures the value of the top-up, but reimbursement is facilitated between the agency and the payment network, with Masabi as an intermediary, as defined by contracts. The participating retail outlets in the CAT's area of operation can be seen on the map to the right. Vendor Portal The Justride Vendor Portal is a retail solution designed for ticket office windows and smaller stores that have a Web- capable computer available to run the user interface. It allows riders to deposit cash into their Justride SVAs for O • future use or to pay cash to purchase mobile tickets in the store. I:01 Eli ECM Participating retail stores are given login credentials II=11 created by CAT staff in the Hub, a web page URL, and training documentation. A transaction is carried out as Q follows: • Riders have a menu option within the app that displays a barcode and human-readable ID number that they show to the retail staff in- store. • Retail staff scan the barcode or type the ID directly into the Vendor Portal to identify the account and show available options. • Riders hand over an appropriate amount of cash, and retail staff use the Vendor Portal to push the requested credit and tickets into the rider's account. • The rider receives an email receipt, and the new funds/tickets are available immediately within their app. • At the end of the day, the retail staff runs the Cash Out report on the Vendor Portal, informing them of sales made since the last Cash Out report. The Vendor Portal is designed as a lightweight system, which assumes that the retailer has an existing mechanism for taking payments from the rider - it does not provide any cash drawer or card processing facilities or direct interface into the retailer's systems. All sales data is collected inside the Justride Data Warehouse, and various cash reports are available to ensure that all income can be collected from retailers. Below are the steps involved in selling mobile tickets through the Vendor Portal. CA0 1 0 2 • 3 ' . p .. ... �; !imam 1110 pact an xs, NAbbry . i.. raaane Passenger presents Sales Agent identifies user Sales Agent Accepts Passenger can just ride! Account Identifier Account payment and top-ups account through the portal Hardware Requirements • Device able to run a modern web browser such as a computer or tablet • Current and previous major two versions of modern browsers (Chrome, Firefox and Microsoft Edge) • Internet access • Barcode scanner Partner Portal Ojustride p pea . p Fa a_. orre„ The Justride platform offers the Partner Portal to support transit sponsors, enabling R er a,agea.m F,.w Op<rarnns P atable T¢Fets sponsor organizations to manage travel on behalf of their members and administer Rider Management Ycu san aaseaae ricers to o hem here AaoNaPa9xhewmu. y ur parse.program men manage e ticketing options for multiple individuals. It is part of the web-based Justride Hub. It enables any number of authorized third- party users of sponsor organizations (e.g., uae.name n.v.uoo _..,n, Pa.a...... ..arat„ Is:oe Dan. ssarc Dam ern Date social services, NGOs, universities, or takpabal@masabi... ("'IRegistranon Complete - No Pass businesses) to issue tickets, passes, or stored value to accounts registered with You're "eW1"R'of1.ef MCeL"ts Justride. This can support student travel and employee pre-tax benefits. Justride's institutional support includes: ° oiUSfriae • Web-based partner management portal to support account administration • Siloed partner data for institutional partners Associate Rider Account • Batch management activities, including importing card activations and deactivations, et<.Ne<r,tm.a.aar for example, for university enrollment CAO • Reporting and data categorization. All products issued by partner users are recorded alongside the partner that the partner user is assigned. To see the full record of tickets issued by a partner organization, an agency can download daily, weekly, or monthly reports in the Hub at any point. The onus is on the agency and partner organizations to reach a commercial agreement for Partner Portal, likely to include the price of tickets and the method and frequency of payments. For example, CAT can allow a local social services department to issue stored value to users of their services, or, in the case of businesses, issue tickets to their employees, or a university to permit and deny students' smart cards to access the mobility services. Justride offers complete access to partner card usage data via aggregate reports and direct API access, enabling a wide range of billing models -for example, billing by unique cards used during the month or per tap. Additionally, CAT can use the Justride APIs to build a tailored solution to integrate the platform into pre-existing or newly created services specific to their needs. Solution Components This chapter details the functional and non-functional requirements which will be addressed by this Statement of Work. Functional Requirements Justride Fare Engine The Justride Fare Engine is the component of the Justride platform that executes the fare rules as defined by an agency to determine the fares to be paid by riders based on their usage of the transit services. The Fare Engine takes as inputs the taps from riders on validation devices and the fare products defined in the agency's tariff to determine the most favorable applicable fares for riders. Justride HUB The Justride HUB is the component of the Justride platform that enables an agency to perform customer service, and have access to reports and analytics. Justride Contactiess EMV Back Office The Justride contactless EMV back office is the component of the Justride platform that enables an agency to benefit from open loop transit by complying with Mobility and Transport Transaction (MTT) rules defined by the card schemes. Justride Validator The Justride Validator (JRV) is a transit validation device for fast, economical and robust barcode, smartcard and (where the service is paid for by the Agency customer) contactless EMV (cEMV) validation. The Justride Validators with cEMV capability allows contactless debit/credit cards and mobile wallets to be used to tap and ride, in addition to NFC smartcards and mobile barcodes. Key Management Masabi will provision unique security keys to each Justride Validator which will be used to protect credit card details when transmitted through to the Justride Platform. The unique security keys will be generated from a CAT specific master security key provisioned by the payment service provider(Cybersource). The master security key will not be stored within the Justride Platform. S Non-functional Requirements Security and Compliance Masabi does and will comply with the Payment Card Industry Data Security Standard (PCI-DSS), which is required for organizations that handle or process credit card payments. The PCI-DSS compliance applies to the Justride Validators, which accept the tap from the contactless credit card or mobile wallet. CAT will be required to fulfill its obligations around security of the Justride Validator as outlined by Masabi in the Validation Hardware PCI Compliance Plan at Schedule 9 of the current CAT/Masabi Agreement). Masabi will perform regular software and firmware updates as needed to ensure PCI compliance. JRV Availability MTT rules require a deny list be made available to the JRVs to ensure that cards that are in debt are blocked to ensure the rider is not allowed access to transit services. In order to ensure the JRVs receive the deny list update, the JRVs must be connected to the Justride Platform to download the deny list. The JRVs will download the updated deny list when a scan of a fare media is done on the JRV or in an idle scenario every 300 seconds. The JRVs must also be online to ensure updates to software and firmware can be received as and when available and required to address vulnerabilities. C,qo Exhibit 2 Services and Validation Hardware-Pricing SVA, Cash Digitization and ABT Expansion and electronic validation hardware (JRVs) ("Additional Services and Products") All amounts are in USD. The following pricing is split into two main components, implementation and operation. A summary of the implementation costs is included in the table below, and a full cost breakdown for implementation is included at the end of this section: Deployment Costs: Ref Description Subtotal Price 1 Cash Digitization $10,000.00 2 Account Based Ticketing $36,100.00 3 Smart Card Implementation* $11,600.00 4 Smart Card Sample Test Stock $5,000.00 5 On board Validation Hardware $68,021.00 On Board Hardware Management, 6 Commissioning, and Installation Support $33,866.00 7 On Board Validation Install Services $30,330.00 8 Partner Portal Implementation $5,000.00 9 AVL Integration for ABT $25,000.00 Subtotal Deployment Costs $224,917.00* * Implementation Cost does not include smart card initial stock * Does not include optional extended warranty JRV Extended Warranty: Ref Description Subtotal Price 1 Extended Warranty(Two Year) $12,110.00 2 Extended Warranty Year 3 $10,400.00 3 Extended Warranty Year 4 $10,400.00 4 Extended Warranty Year 5 $10,400.00 Subtotal Deployment Costs $43,310.00 Recurring Monthly Operational Costs: CAO Ref Description Subtotal Price 1 Cash Digitization Monthly Fee $1,000.00 2 Account Based Ticketing Fee $3,000.00 7 Validation Hardware Inspect Fee $1,250.00 Partner Portal and Web Portal Support 8 fee (up to a maximum of 10 portals) $1,000.00 Subtotal Deployment Costs $6,250.00 Full cost Breakdown for each element of the Additional Services and Products eCommerce: Account-Based Ticketing and Stored Value Accounts NOTE:These two features enable the Best Fare Finding functionality • Implementation Costs: $36,100 (thirty-six thousand one hundred US dollars) • Operational Costs: ■ Subject to $3,000 monthly fee; The monthly fee is subject to an annual 3% increase throughout the Term of the Agreement. The 3% increase will be applied first on 14 May 2025 and each anniversary of that date thereafter throughout the Term. Smart Cards NOTE: Smart cards require ABT deployment • Smart Card Security Implementation Costs: $11,600 (eleven thousand six hundred US dollars) • Initial Sample Stock: o maximum 100 test cards, one type, including programming and shipping: $5,000 (five thousand US dollars) • Initial Stock(including programming and shipping): o batch up to 5,000 units: $3.524 per card. o From 5,001 to 10,000 units: $3.393 per card. o From 10,001 to 25,000 units: $3.263 per card. o From 25,001 to 100,000 units: $3.197 per card. Justride Validators Deployment of the following hardware: o JRV Validator: 34.00 units o JRV Validator - spares: 6.00 units o JRV Validator- UAT unit: 1.00 unit • Implementation Costs: o On-board Validation Hardware - purchase price for the units: $68,021.00 (sixty- eight thousand and twenty one US dollars) o On Board Hardware Management, Commissioning, and Installation Support: $33,866.00 (thirty-three thousand eight hundred and sixty six US dollars) S o Onboard Validation Installation Services: $30,330.00 (thirty thousand three hundred and thirty US dollars) • Operational Costs: o Monthly support fee: $1,250 (one thousand,two hundred and fifty US dollars) o Inspect fee $25 per additional JRV above the quantity provided in this offer • Extended Warranty o Two-year warranty- $12,110 o Year 3 Warranty(Option) - $10,400 o Year 4 Warranty(Option) - $10,400 o Year 5 Warranty(Option) - $10,400 Warranty fee for all equipment installed and purchased for CAT Mobile Ticketing. The warranty fees are to be charged beginning one (1) year following the Customer's Final Acceptance of all equipment purchased for CAT Mobile Ticketing. Cash Digitization - onto Smart Cards • Implementation Costs: $10,000 (ten thousand US dollars) • Operational Costs: o Payment Processing Fee: ■ 5% payment processing fee for all InComm transactions. o Cash Digitization Fee: 1% of the total gross receipts of funds added to SVA accounts ■ Subject to $1,000 monthly fee; The monthly fee is subject to an annual 3% increase throughout the Term of the Agreement. The 3% increase will be applied first on 14 May 2025 and each anniversary of that date thereafter throughout the Term. Partner Portal • Implementation Costs: $5,000 (five thousand US dollars) • Operational Costs: o Monthly Support fee: $1,000 (one thousand US dollars) for every 10 partners or fraction. ■ The Monthly Partner Portal support fee is subject to an annual 3% increase throughout the Term of the Agreement. The 3% increase will be applied first on 14 May 2025 and each anniversary of that date thereafter throughout the Term. AVL for ABT Integration • Implementation Costs: $25,000 (twenty-five thousand US dollars) Payment Milestones Phase 1 Account Based Ticketing and JustRide Validators CAO Ref Description Payment Amount M1 Mobilization and Kickoff Meeting $34,010.50 M2 Design Review $12,803.90 M3 Configuration Complete $12,803.90 M4 Hardware Receipt $68,021.00 M5 UAT 1 $12,803.90 M6 Hardware Installation Complete $33,866.00 M7 AVL Integration Complete $25,000.00 M8 UAT 2 $12,803.90 M9 Go-Live $12,803.90 Pricing Notes & Assumptions Definitions 1. Agency. Transit agency client of Masabi 2. Customer. The passenger of the transit agency Pricing Notes & Assumptions: All pricing and commercial proposals provided within this document are subject to the following assumptions: 1. Any applicable sales taxes are excluded from the above pricing and will be passed to the Agency. 2. No import duties or levies are included in this pricing. 3. No travel expenses are included in this proposal except for installation if explicitly quoted. 4. Where Masabi acts as the merchant of record, payment processing fees are charged on the following basis: a. Third-party interchange and assessment payment processing fees are passed through at cost. The payment networks, i.e., Visa, Mastercard, Amex, and Discover, set interchange and assessment fees. They are made up of fixed and variable rates and may vary based on card type, transaction volume, transaction size, level of chargebacks, and any future rate changes as set by card companies, together with; These third-party interchange and assessment payment processing fees are made up of fixed and variable rates and are set by the payment networks (e.g. card schemes like Visa, Mastercard, Amex and Discover) and may vary based on card type, transaction volume, transaction size, level of chargebacks. As such there may be future changes in the interchange and assessment payment processing fee rates as set by card companies or due to other external factors outside Masabi's control ("Third Party Rate Changes"). Masabi therefore reserves (and has)the right to amend the interchange and assessment payment processing fee rates to reflect any future changes in rates due to Third Party Rate Changes. For the avoidance of doubt the Customer's consent is not required for Masabi to amend the interchange and assessment payment processing fee rates due to Third Party Rate Changes, but Masabi will provide the Customer with written notice of any amended rates/fees. CAO b. 7 cents per authorization fee covering gateway and acquiring services for ecommerce. This 'per authorization fee' shall be subject to annual United States Consumer Price Index CPI increase effective throughout the Term of the Agreement. The CPI increase will be applied first on 14 May 2025 and each anniversary of that date thereafter throughout the Term. Collectively("Payment Processing Fees") 5. Chargebacks shall be processed as follows: a. Any credit card chargebacks initiated by an end user for any reason concerning fare product shall be charged back to the Agency. b. A challenge disputing a chargeback may be initiated by Masabi directly or the Agency. c. Masabi shall present chargebacks on a timely basis to the Agency for review. Should the Agency wish to challenge a chargeback, the Agency shall provide Masabi with details and information to support the challenge. Masabi will submit the challenge to the credit card processing company on the Agency's behalf. There can be no guarantee the claim will be successful. d. Successful challenges will be rebated to the Agency (less any fees as charged by the credit card processing company) on the subsequent remittance to the Agency. 6. Transaction fees (Variable fees): a. A Transaction is defined as the issuance of a product using the Justride platform, including the purchase or issuance of a ticket or pass, the use of stored value funds associated with an account-based token, and/or the use of a contactless credit card or digital payment wallet. b. Transaction fees shall apply to all products for which a transit agency receives revenue (less refunds and chargebacks), either directly from the passenger or through a third party. c. Transactions paid for by a third party instead of directly by a passenger (e.g., those that employers may sponsor) will incur a transaction fee to the Commercial Value of tickets or passes sold: i. Commercial Value is the value the Agency charges other entities and organizations for their products. The Agency will provide Commercial Value to Masabi to launch the Partner Portal for a partner organization. ii. Products with zero Commercial Value will not incur a transaction fee. d. Transaction fees are applied to products issued regardless of sales channel as long as the Justride platform manages them. To avoid doubt, this includes SDK partners, API integrations, the Web Portal, Partner or Vendor Portal, Points of Sale, and any other additional sales channels not listed here. e. Transaction fee monthly totals, if included, are estimated using an adoption assumption. Actual transaction fees charged per month will be based on actual platform usage. 7. Monthly Maintenance and Support Fee: a. A fee for the maintenance, hosting, and support of a set of features of the Justride platform charged monthly. 8. Retail Networks Sales through partners a. If the Agency chooses to deploy InComm, this will incur a 5% per transaction fee instead of credit card processing fees. Masabi transaction fees will remain in place. b. If the price charged by InComm for their services changed during the agreement term, Masabi would update the price charged to the Agency accordingly. CAO c. Masabi does not add any markup to Transit's Maintenance and Support Fees. If these fees change during the contract's life, Masabi will update its pricing accordingly. 9. Fees Annual Pricing Updates a. Masabi reserves the right to update the Monthly Maintenance and Support fees and any other platform fee priced in nominal terms, and not as a percentage, annually using the Consumer Price Index (CPI). 10. Deployment Services, Goods, and Materials a. The Initial Deployment Services and associated goods and materials included in the deployment are quoted and priced based on the proposed project schedule, scope of services, and proposed milestones as outlined in the original proposal or within the contract agreements. b. Optional or additional services are not subject to the initial scope of services. They will be priced and quoted using the rate card rates in effect for the year when these services would be requested for execution and will be included as tasks or change orders to the contracted agreements. c. In the case of goods or materials, if a delay materially affects any third-party supplier quotes as part of the original timeline, or those quotes elapse for the supply of goods and materials. the original pricing will be updated using the Consumer Price Index (CPI) for the period of the delay, or with a new updated quote from the subcontractor or manufacturer, whatever is deemed more appropriate by Masabi. d. For additional goods or materials not included in the original scope of work, a new quote will be provided to the Agency for its approval. 11. Change Orders a. Masabi reserves the right to charge additional fees if the following occurs: i. Material changes of scope or additional options executed. ii. Project delays are caused by the Agency or by a third party of the agency. iii. The Agency requests that the project implementation is delays or extended. 12. Smart Cards a. Based on Masabi's experience, there is a need for additional smart card stock on an annual basis with a 20-30% replenishment factor. b. A setup and provisioning fee of $5K will be applied to each smart card batch purchased via a Masabi provider c. The smart card design fee assumes the agency will use a template file provided by Masabi. Should the agency wish to create a different design, they could provide it to Masabi. d. Smart card sample stock prices are for one card type and include programming and shipping if ordered in advance. e. Smart card initial stock prices include programming and shipping for one card type. f. Smart cards may be purchased at lower per-unit rates in larger batch sizes. 13. Free Fare Days a. If the Agency decides to implement a period during which fares would not be charged to passengers, Masabi reserves the right to charge the agency a fee for stopping and reinstating the ticketing service during that period equivalent to the price paid by the agency for a similar day from the last invoicing period. 14. Pricing - Changes to Scope of Fares Available for Sale a. The pricing assumes that all fare types are made available for sale through the CAO Justride Platform from initial deployment unless otherwise made clear to Masabi that the Justride platform is the only fare payments platform (except legacy systems that could be in place before contract execution), and that the fare policy is the one in operation as at the date of this document. Significant changes in fare policy and/or the fare types made available through the Justride Platform may affect the pricing structure. 15. Payment Terms a. Masabi's pricing has been submitted, assuming payment milestones will be negotiated and agreed within fourteen (14) days of the Purchase Order being issued by CAT. Hardware pricing assumes payment of 50% upon order of the hardware by Masabi. Masabi will confirm in writing when the hardware order has been made. As Masabi makes monthly bulk orders of hardware it cannot provide the Agency with an Agency specific copy of an invoice from its hardware supplier. b. If Masabi acts as the Merchant of Record (MoR), platform fees will be deducted from the monthly remittance of revenues to the operator. Masabi will provide the agency with a detailed reconciliation between the remitted fare revenue and any charges and permitted deductions that are deducted. c. All other payments are on strict 30-day terms from invoice, with payments made through ACH or wire transfer. Checks are not accepted. d. Fund remittance will be performed every month 16. Debt Recovery a. This is the process whereby Masabi attempts to recover the debt incurred on a card that was allowed to travel but where their issuer declined the authorisation request. The Agency is liable for any declined transactions and any associated fees. Further, Masabi cannot guarantee any debts can be recovered. All debt recovery is carried out in compliance with the card schemes' rules. CAO Exhibit 3 Additional Amendments to the Agreement Clause 1 - Definitions: A. Insert the following new definitions: "App" or "Justride Retail Mobile App" means the component of Masabi's Justride Platform that is a white- labelled mobile application provided to the Customer and branded for the Customer for the purpose of selling Tickets to End Users. "Justride Hub" means Masabi's responsive web back-office called the 'Hub' or `Justride Hub' which offers its customers a self-service consumer-grade user experience for securely operating the Justride Platform. Hub functionality encompasses tariff administration, customer services handling, all types of fare media, tariff setup, validation device management, reporting and analytics. "Licensed Products" has the meaning given in clause 5A.1 of this Agreement. "Masabi Hardware Warranty Plan" means the hardware warranty plan as set out in Annex 6 (Masabi Hardware Warranty Plan). "Term" has the meaning in clause 2.1. "Third Parties" means the payment card schemes like Visa, MasterCard, Amex and Discover. "Validation Hardware" or "JRV" or "Validators" means the Justride electronic validation hardware (and quantities) as described in Annex 1A (Additional Services and Hardware) and Annex 2 (Payment Schedule and Charges). "Validation Hardware IAT Procedure" means the Masabi Generic JRV Installation Acceptance Test (IAT) Procedure at Annex 6A(Validation Hardware IAT Procedure). "Validation Hardware PCI Compliance Plan" means the Masabi Hardware Justride Validator (JRV) Payment Card Industries (PCI) Hardware Compliance Plan set out at Annex 6B (Validation Hardware PCI Compliance Plan). "Warranty Period" has the meaning set out in clause 7A.2 B. Delete the existing definitions of: `Bank', 'Card(s)', `Customer Data', `Documentation', 'Net Revenue',' Payment Processing Fees', `PCA-DSS', 'Platform Services`, 'Platform Systems', 'Rates', `Support and Maintenance Services' and 'System' and replace them with the following: "Bank" shall mean or means a bank account maintained by the Customer to receive fund remittances from Masabi and/or to which Masabi will make correcting debits in the event of Chargebacks and/or returns. "Card(s)" shall mean either American Express, Visa, Mastercard, or Discover Network credit card, debit card, or other similar card that may or may not require a PIN for identification purposes, or pre-paid, stored-value or gift card. "Customer Data" means the data inputted by (or collected from) the Customer or End Users in the course of using the Services. "Documentation" means the written instructions, all manuals, user documentation, specifications, and other related materials pertaining to the Licensed Software provided by Masabi that Masabi customarily furnishes to licensees or purchasers of the goods and services covered by this Agreement. "Net Revenue" means the total gross transaction value per month processed and received by Masabi relating to the sale of the Products (`Gross Revenue') less each of the following items: (i) any or other applicable sales tax thereon included in the price; and (ii) any chargebacks, rebates, adjustments or refunds made to the End Customer (as defined above) or other third party fees (including any Payment Processing Fees. Collier County, Florida as a CAO political subdivision of the State of Florida, is exempt from the payment of Florida sales tax to its Contractors under Chapter 212, Florida Statutes, Certificate of Exemption#85-8015966531 C-1. "Payment Processing Fees" means the following payment processing fees that Masabi (as merchant of record) charges the Customer(and are payable by the Customer)on the following basis: A. eCommerce transactions (i) third-party interchange and assessment payment processing fees directly related to eCommerce transactions and passed through at cost. Interchange and assessment fees are set by the Third Parties. They are made up of both fixed and variable rates and may vary based on card type, transaction volume, transaction size, level of chargebacks and any future changes in rates as set by Third Parties , together with; (ii) 7 cents (USD) per authorization fee, covering gateway and acquiring services. B. Cash Digitization onto Smart Cards (i) 5%for InComm transactions as a payment processing fee From time to time, the above related payment processing fees are to be revisited and revised by written agreement between the Parties. "PCA-DSS" amended to "PCI-DSS" shall mean the certification of a Payment Application as within PCI DDS compliance standards as listed by the PCI Security Standards as listed by the PCI Security Council. "Platform Services" means the services described under that title in Annex 1, including but not limited to provision of the Masabi Justride mobile fare collection and Inspect mobile fare inspection services and the SVA, Cash Digitization and ABT services described in Annex 1A(Additional Services and Validation Hardware). "System" amended to "Platform Systems" "Justride Platform" or "System" means Masabi's IT systems and software-known as 'the Justride Platform'- used to provide the Platform Services. "Products" amended to "Products" or "Tickets" means electronic tickets for transport services provided by the Customer. "Rates" means Masabi's then standard time and materials rates provided to the Customer on request from time to time; "Software" means all proprietary or third-party software or other intellectual property rights, including the Documentation, provided or licensed to County or third-party users pursuant to this Agreement, including the computer programs (in machine readable object code form) listed in Annex 1A and Annex 3 and any subsequent updates, upgrades, releases, or enhancements thereto developed by Masabi as part of the Platform Services during the term of this Agreement. "Support and Maintenance Services" means Masabi's support services (and service level agreement) for the Services set out in Annex 8 (Masabi Support Services and SLA). Annex 8 outlines Masabi's support programs, the process for supporting and managing inbound Customer requests and also provides a detailed description of the Masabi 'Incident Support Management' process and the service level agreements (SLAs)for Masabi to respond and resolve critical incidents. Delete and replace clause 5.12 with the following: 5.12 Masabi will address any issues with the Justride Platform pursuant to the Incident Monitoring and Escalation procedures set out in Annex 7 (Master Service Level Agreement- Masabi Support Services and SLA). CAO New clause 5A(LICENSE)to be inserted after clause 5 as follows: 5A LICENSE 5A.1 Throughout the Term and subject to the Licence Restrictions set out in clause 5A.2, Masabi grants to the Customer a non-exclusive, royalty-free license to access and use (i)the Software and Platform Systems the Documentation and the outcomes of any Professional Services in the Territory in connection with the Services and as contemplated under this Agreement; and (ii) the App (the "Licensed Products"). The Customer shall have a right to use and receive all Updates free of charge during the Term of this Agreement. The Customer shall also be entitled to receive software Updates to onboard hardware, free of charge, as Masabi may release such Updates during the Term of this Agreement. 5A.2 License Restrictions: The Customer shall not: (a) copy any part or all of the Licensed Products except as and to the extent expressly required to be permitted by law or any regulation or pursuant to an order of any court or governmental authority (to the extent applicable), or as contemplated in (and expressly permitted by)this Agreement; (b) alter, adapt, modify, translate, reverse engineer, disassemble or decompile the Licensed Products in any way or for any purpose, including without limitation, for error correction, except as and to the extent expressly permitted by this Agreement or as required to be permitted by law or any regulation or pursuant to an order of any court or governmental authority(to the extent applicable); (c) except as permitted under clause 5A.2(b) above, remove, change or obscure any aspect of the Licensed Products identification or notice of proprietary rights and restrictions on or in relation to the Licensed Products; (d) incorporate any part or all of the Licensed Products, or knowingly allow them to be incorporated, into any other product or documentation other than strictly as and to the extent contemplated by and for the purposes of using the Licensed Products in accordance with this Agreement; or (e) load, use or sub-licence or otherwise make available any or all of the Licensed Products otherwise than as expressly permitted by this Agreement. New clause 5B (VALIDATION HARDWARE—cEMV PCI COMPLIANCE)to be inserted after the new clause 5A as follows: 5B VALIDATION HARDWARE—cEMV PCI COMPLIANCE 5B.1 The Customer shall at all times comply with all requirements of the Validation Hardware PCI Compliance Plan. cEMV Readiness 5B.1 A Masabi encourages the Customer to be ready for cEMV. If cEMV is planned by the Customer at some future date, the Customer must comply with the requirements of clauses 5B.2-5B.7 (inclusive) or risk additional costs should it require use of cEMV at some future date. 5B.2 The Customer shall (i) carry out self-service Chain of Custody and Security Awareness training prior as set out in the Validation Hardware PCI Compliance Plan or as otherwise notified in writing by Masabi at least once per annum throughout the Term; (ii) comply with its Chain of Custody obligations; and (iii) have secure locations to maintain access to the Validation Hardware. For the purposes of this clause, `Chain of Custody' is a process for receiving, using and storing cEMV equipment; and `Security Awareness' is explained in the CAO Validation Hardware PCI Compliance Plan and the Security Awareness training. The Customer shall, on written request from Masabi, provide Masabi with written confirmation (with supporting evidence in the form of a compliance certification) that the required Chain of Custody and Security Awareness training has been carried out. 5B.2 The Customer shall visually inspect each installed or stored JRV at least once per year, record details of the inspection and send that record of inspection to Masabi (the "Customer Submitted Records"). The Customer shall return all damaged/broken/decommissioned units back to Masabi within one month. 5B.3 The Customer shall store all Validation Hardware in a secure location when they are not fitted in a vehicle or otherwise in use, and shall provide details of the storage locations (per-device) to Masabi for its records. In the event that the Customer changes the secure location and relocates the Validation Hardware, the Customer shall notify Masabi in writing of the new location no later than five (5) Business Days of the relocation. 5B.4 Where Masabi provides a web-based audit support tool to assist the Customer in collecting the requested information in clauses 5A.2 to 5A.3 (inclusive), the Customer shall only use the web-based audit support tool to perform the required annual inspection and secure storage tracking activities. The Customer shall complete a self-assessment questionnaire/attestation annually via the software tool provided by Masabi. The self-assessment questionnaire/attestation needs to be completed by the Customer within ten (10) Business Days of Masabi's written request to do so. 5B.5 At any time during the Term, the Customer shall, on not less than five (5) Business Day's written notice from Masabi: (a) provide or procure access for Masabi to the premises at which the Validation Hardware is stored (in accordance with clause 6.4) and/or to the vehicles or platforms on which Validation Hardware is installed; and (b) provide reasonable co-operation and support to Masabi, for the purposes of Masabi conducting an on-site and/or on vehicle audit to verify (i) the Customer Submitted Records with the actual physical Validation Hardware devices; and/or (ii) the Customer's compliance with all of their obligations in clauses 5B.1 — 5B.4 inclusive. If the above requirements are not complied with, Masabi may give immediate written notice to the Customer and subsequently discontinue any cEMV service that may be being provided to the Customer. 5B.6 At any time throughout the Term, Masabi has the right to make PCI compliance and security vulnerability related software updates to the Validation Hardware. If the Customer has not accepted the software updates within three (3) business days' from written notice by Masabi (such notice given via either (i) an email from the Masabi account manager to the Customer; or(ii) a status update on the Masabi status page on the Justride Hub) notifying the Customer that if they do not accept the software updates the Validation Hardware will be taken offline, Masabi has the right to take the Validation Hardware offline. Masabi has no liability to Customer for (or arising out of) taking the Validation Hardware offline. Further, taking the Validation Hardware offline will trigger a mandatory Masabi audit and Customer training (given by Masabi) - all at Customer's cost. 5B.7 If at any time throughout the Term, the Customer becomes (or is made) aware of an actual (i.e. self- detected or due to third party notification) or suspected PCI compliance breach in relation to the Validation Equipment ("PCI Compliance Breach"), it shall immediately and within twenty-four (24) hours (i) notify Cq0 Masabi in writing of the actual or suspected breach by emailing Masabi at pcibreach@masabi.com and legal@masabi.com. Customer shall comply with the following post notification obligations: (a) provide detailed reporting about the nature of the PCI Compliance Breach as it becomes available, and further provide Masabi with all necessary information that Masabi reasonably requests in relation to such PCI Compliance Breach; (b) comply with its obligations in section 5 (Response on Discovering Tampered cEMV Hardware) in the Validation Hardware PCI Compliance Plan; (c) the affected Validation Equipment shall be (i) taken off line; (ii) removed from service; (iii) quarantined; and (iv) either(a) returned to Masabi or (b) an engineer will need to go out and inspect (at Customer's expense)the Validation Equipment to review status and decide the most appropriate course of action to resolve the issue; and (d) make available to Masabi all information necessary to demonstrate compliance with the obligations laid down in clauses 6.1-6.8 (inclusive) and the Validation Hardware PCI Compliance Plan, and allow for and contribute to audits, including inspections, conducted by Masabi or another auditor mandated by Masabi —all at the Customer's expense. 5B.8 PCI Compliance Breach Liability. Customer acknowledges and accepts it is responsible for (and liable to Masabi) all damages, losses and costs suffered or incurred by Masabi related to or arising from any PCI Compliance Breach, except to the extent such damages, losses and costs are a direct result of the acts or omissions of Masabi or its agents. New clause 7A Validation Hardware and Warranty 7A. VALIDATION HADRWARE AND WARRANTY 7A.1 Masabi shall provide the Customer with the Validation Hardware. Masabi shall be responsible for installation and/or configuration of the Validation Hardware, which shall be installed and configured by Masabi (or its appointed installation agent or subcontractor). Masabi shall carry out installation acceptance testing using and following the Validation Hardware IAT Procedure to ensure that installation has been completed satisfactorily and confirm the results of such installation to Masabi in writing. 7A.2 Subject to the remainder of this Clause 7A, Masabi warrants that the Validation Hardware is and will be free from defects in manufacturing or workmanship for a period of 12 months after delivery to the Customer or Agency(or its appointed installation agent or subcontractor) (the "Warranty Period"). 7A.3 Masabi provides a 'back to base' repair or replacement warranty as described in the Masabi Hardware Warranty Plan as set out in Annex 6 (Warranty Plan For Validation Hardware Equipment). The warranty cover is provided at no cost to the Customer during the Warranty Period. Where the Customer's warranty claim is identified by Masabi, acting reasonably, as falling outside either the scope or duration of the warranty, the costs of investigation and repair shall be borne by the Customer and/or Agency, with an itemized estimate provided to Customer prior to commencement of any work. 7A.4 The Customer and Agency are responsible for ensuring that the Agency has sufficient spares of the Validation Hardware in stock to ensure that there is no impact on the Agency's baseline service whilst any Validation Hardware is returned to Masabi for'under warranty' repairs. 7A.5 Masabi shall not in any circumstances be liable for any damage or defect to the Validation Hardware caused by: C, 0 (e) improper use of the Validation Hardware; (f) use of the Validation Hardware outside its normal application as specified in the Validation Hardware PCI Compliance Plan; or (g) damage to the Validation Hardware caused by the Customer, End User or any third party not affiliated or related to Masabi. 7B. CUSTOMER ADDITIONAL OBLIGATIONS 7B.1 The Customer (i) shall use all reasonable commercial endeavors to reduce levels of fraud and/or chargebacks in relation to the Tickets; and (ii) shall use all reasonable commercial endeavours to procure that the End Users shall not access or use the Platform Services other than as and to the extent reasonably required for the purposes of using the Services as anticipated by this Agreement. "reasonable commercial endeavours" includes: (a) preventing access to the App by an End User upon Masabi informing the Customer in writing of suspected fraudulent activity by such End User; (b) voiding Tickets where requested by Masabi from time to time due to Masabi having reasonable suspicion of fraudulent activity by the relevant End User; and provided that nothing in this section requires the Customer to do anything that is not in compliance with all Applicable Laws and regulations (which, for the avoidance of doubt, includes US consumer law). 7B.2 Masabi shall be entitled to suspend the Services in whole or in part at any time without liability to the Customer where Masabi reasonably considers that this is necessary to protect the Platform Services or the data held on it or the systems of any other customer of Masabi. 7B.3 Masabi shall notify the Customer in writing as soon as reasonably practicable of any suspension or restriction under clause 7A.2. Masabi shall also restore the Services promptly after the matter that led Masabi to restrict or suspend access has been resolved to Masabi's reasonable satisfaction. Cq0 New Clauses 8.6, 8.7, 8.8 and 8.9 8.6 Subject to clause 8.7, the Customer acknowledges and agrees that in any of the following circumstances Masabi has the right to vary the Charges and/or to charge additional fees: (a) for material changes of scope (including reductions in number of Validation Hardware units)or additional options executed; (b) for project delays outside of Masabi's reasonable control and directly caused by the Customer or by a third party engaged by the Customer, and which will include (where applicable) Masabi's actual lost revenue for each day the service is delayed based on Masabi's average daily revenue for the preceding 30-day period;; (c) for items priced as an option in Annex 2 (Payment Schedule and Charges), including but not limited to smart cards, Secure Access Modules (SAMs) and additional Validation Hardware, which may be subject to market condition pricing fluctuations when exercised. Masabi therefore reserves the right to amend the pricing of optional elements at the time the Customer wishes to exercise the option to purchase the optional elements; and for any material increase in the costs of providing the Services as a result of any change or increase in costs passed on by third party suppliers, costs of labour, insurance, or other variable costs to Masabi, supported by documentation provided to the Customer8.7 All amended Charges and/or additional fees in clause 8.5 above shall be notified by Masabi to Customer in writing in advance and agreed between the Parties in writing. However, if the Customer does not agree the amended Charges and/or additional fees Masabi (i) shall be under no obligation to continue to provide the goods or services in question; (ii) shall have no liability to the Customer for failing to provide the goods or services in question; and (iii) has the right to terminate the Agreement(without liability to Customer)on thirty(30) days'written notice. 8.8 Debt Recovery: This is the process whereby Masabi attempts to recover the debt incurred on a card that was allowed to travel but where their issuer declined the authorisation request. The Customer is liable for any declined transactions and any associated fees. Further, Masabi cannot guarantee any debts can be recovered. All debt recovery is carried out in compliance with the card schemes' rules. Annual Increase to Charges 8.9 Masabi is entitled to (without Customer consent) increase all of its recurring Charges as permitted and set out in Annex 2 (Payment Schedule and Charges). New clauses 13.4 and 13.5 13.4 Suspension or Termination for Excessive Chargebacks: Masabi may suspend the Services or terminate this Agreement on immediate written notice where, after reasonable efforts have been made with the Customer to reduce the incidence of chargebacks, Excessive Chargebacks are still occurring. "Excessive Chargebacks" means where there are more than 100 chargebacks in a month and where the total chargebacks are greater than or equal to 1.5% of sales recorded in that month. Masabi reserves the right to withhold funds at any time as necessary for the settlement of any disputed charges, End User complaints, allegations of fraud, chargebacks, expected chargebacks and/or other discrepancies. 13.5 Termination for Customer Fare Structure Changes. If Agency changes its ticket fare structure in such a way so as to, based on the Agency's amended type and/or level of ticket fare pricing, materially impact the level of Masabi's Transaction Processing Fee and Masabi is not duly and promptly compensated by the Customer for any lost Transaction Processing Fee as a result of such changes, then Masabi may terminate this Agreement on written notice to Customer, with termination being effective on the earlier of(a)thirty (30) days' after Masabi issues a written termination notice to Customer; or (b) the date that the amended ticket fare structure is effective (the "Effective Date of Termination"). Non-exhaustive examples of an Agency changing its ticket fare structure in such a way so as to materially impact the level of Masabi's Transaction Processing Fee include where a Customer (i) goes fare free; or (ii) substantially changes the fare structure, in such a way (for example a change in the fare structure to a pure distance-based tariff) so as to exceed Masabi's Justride Platform's capabilities, requiring additional development by Masabi to support the amended fare structure. C'q0 Replacement Annexes and New Annexes: • Annex 6 (Warranty Plan for Equipment) is deleted and replaced with the following: Annex 6 WARRANTY PLAN FOR VALIDATION HARDWARE EQUIPMENT . justride %No" , Copyright Copyright Masabi Ltd and Masabi LLC2024. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means electronic or mechanical, including photocopying, recording, or any information storage and retrieval system,without written permission of the publisher. CAO 1 Introduction This Warranty Plan contains the standard warranty terms applicable to hardware provided by Masabi, including the procedures for returning suspected faulty hardware for repair and/or replacement. 1.1 Glossary The provisions of this Warranty Plan will also apply during any Extended Warranty Period, i.e.where the Term Definition Customer has purchased an extension to the standard 12-month Warranty Period for an RMA Return Material Authorisation additional number of months or years as agreed between Masabi and the Customer/Agency in writing and for which payment to Masabi has been received in full. 1.2 References The contents of this document may be superseded 111, or supplemented by project, deployment, Customer specific warranty plan or other agreement. DP1-0001 08 CA0 CAO 2 Standard Warranty Terms (Hardware) # Definition 1 Masabi warrants that the hardware it provides shall be free from defects in manufacturing and workmanship-the"Warranty"-for the Warranty Period. 2 The"Warranty Period" is twelve (12) months commencing at 00:01 local time on the day following delivery of the hardware to the Customer. 3 Failed hardware shall be sent for investigation and repair on a return-to-base (RTB) basis. 4 Other than where an Exception applies, the failed hardware covered under the Warranty within the Warranty Period shall, at Masabi's sole discretion, either be repaired and returned, or the hardware replaced, free of charge to the Customer (including costs associated with return shipping, duty, etc.). 5 Masabi shall repair or replace any failed hardware covered under the Warranty within the Warranty Period provided no Exceptions apply. The Exceptions are set out in in Sections 5 (a)—(f) below: 5a The Customer, its staff, agents, subcontractors or other parties acting on its behalf or under its instruction either did not follow, or incorrectly followed, any oral or written instruction provided by Masabi as to the storage, installation, commissioning, use or maintenance of the hardware, or(if there are no such instructions)good trade practice. 5b The hardware is found to be either faulty or damaged as a result of an event outside the reasonable control of Masabi (a "Force Majeure" event). Such Force Majeure events include, but are not limited to, fire, flood, earthquake or similar natural disasters, riot, war, terrorism, civil strife, labour disputes or disturbances, industry-wide material shortages outside Masabi's reasonable control, an epidemic/pandemic or other viral disease outbreak, governmental regulations, communication or utility failures or any other events outside the reasonable control of Masabi. 5c The hardware is faulty due to general wear and tear or is damaged as a result of intentional vandalism or destruction. 5d The hardware is faulty due to mishandling or misuse by the Customer, its staff, agents, subcontractors or other parties acting on its behalf or under its instruction. 5e The Customer, its staff, agents, subcontractors or other parties acting on its behalf or under its instruction, alters or repairs the hardware without the prior written consent of Masabi. 5f The Customer, its staff, agents, subcontractors or other parties acting on its behalf or under its instruction improperly use the hardware or use the hardware outside of its normal application. Masabi shall not, in any circumstances, be liable under the Warranty where any of the Exceptions set out in Sections 5 (a)—(f) above apply. CAO 6 Repaired or replacement hardware will be shipped for return to the Customer within 25 business days of its arrival with Masabi, subject to any delays caused by the Customer. 7 Masabi will provide the Customer with a quotation to repair or replace failed hardware which falls outside the scope of the Warranty and/or Warranty Period, such repair or replacement to be carried out at the Customer's sole cost(including costs associated with shipping, duty, etc.). 8 On the expiration of the Warranty Period, Masabi will provide the Customer with a quotation for any repair or replacement of hardware, to be carried out at the Customer's sole cost (including cost associated with shipping, duty, etc.), unless Masabi has agreed in writing to extend the Warranty Period before its expiration. 9 Masabi may charge the Customer for investigating faults with hardware where it is subsequently determined that the hardware has no fault or, if there is a fault, it is not covered by the Warranty. Such charges will include a minimum handling fee of$100 (USD) and shall also include shipping, duty, etc. 10 For the purposes of determining validity of the Warranty, the suspected failed or faulty hardware shall be considered as being reported to Masabi at the date and time that this email referencing the fault or failure is received by Masabi. 11 Any damage to the hardware caused in transit due to the use of unsuitable packaging by the Customer shall invalidate the Warranty. 3 Returns/Exchange Process Any suspected faulty hardware must be returned to Masabi (at Customer's cost) for repair or replacement. The below process shall be followed to achieve this: 1. The Customer shall inform Masabi of the suspected faulty hardware by submitting a completed RMA Request Form (Appendix A)to support@masabi.com. 2. Masabi will raise a Zendesk ticket, verify whether the suspected faulty hardware is within the Warranty and Warranty Period and issue the Customer with a Return Material Authorization (RMA) number which must accompany the returned hardware. Note: The Customer shall be informed if the hardware is not within the Warranty Period. In such circumstances, return of the hardware to Masabi will be at the Customer's sole cost. 3. Upon receipt of the RMA number, the Customer will arrange for the unit to be suitably packed, preferably in purpose build or its original packaging. Note: Any damage caused to the hardware in transit due to the use of unsuitable packaging shall invalidate the Warranty. 4. Once packed, the Customer shall inform Masabi that the hardware is ready for collection and confirm: CAO a. the address for collection is as listed on the RMA Request Form; b. the weight of the package; and c. the dimensions of the package. 5. Masabi will arrange for collection of the package by a courier and the package will be collected. 6. After receiving the faulty hardware: a. if the part and/or failure is within the Warranty: at Masabi's sole discretion, it shall either repair the original hardware or provide a replacement; or b. if the hardware and/or failure is not within the Warranty: see Section 4 below. 7. Masabi will ship the repaired or replacement hardware to the address provided on the RMA Request Form with appropriate tracking information shared with the Customer. 8. Once the returned hardware is shown as having arrived by the courier with the Customer, the RMA is closed. Note: Low value parts such as cable assemblies, PSUs and Configuration USB Keys will always be replaced. 4 Out of Warranty Repairs Returned hardware will be deemed Out of Warranty if: 1. the suspected failure or fault is reported outside of the Warranty Period, or 2. The hardware is returned for a fault or failure which is outside of the scope of the Warranty as stated in Section 2 above. When returned hardware is determined by Masabi as being Out of Warranty, Masabi shall, at its sole discretion, either: 1. provide a quotation for replacement hardware; or 2. provide a quotation for the repair of the hardware. Such quotation shall be provided to the Customer who shall, within ten (10) business days, confirm to Masabi whether the quotation is accepted or rejected. Where a quotation is accepted, Masabi will process the repair or replacement and ship the hardware to the Customer in accordance with Section 3(7) above, along with its corresponding invoice for the repair/replacement. CAO x If the quotation is rejected, any hardware which has been returned to Masabi (or its appointed subcontractor) will either be recycled, destroyed or returned to the Customer at the Customer's sole cost. Any shipping, duty or tax costs incurred by Masabi associated with Out of Warranty hardware will be invoiced to the Customer, regardless of whether the quotation for replacement or repair is accepted. Note: When hardware is returned and subsequently found not to be faulty and/or Out of Warranty, the Customer will be charged for the cost of shipping and handling, as well as any duty or tax costs incurred by Masabi.A minimum handling free of$100.00 (USD)will be charged. Note: When the repair of hardware is anticipated to be uneconomical i.e. the likely cost of repair is approximately the same as, or more than, a replacement part, or where the original part is discontinued or considered end of life, Masabi will provide a quotation for a replacement. In this case, at the sole discretion of Masabi, the Customer may be requested to store the faulty hardware until such time as it can be collected (rather than arranging for it to be shipped to Masabi). Note: Cable assemblies, PSUs and Configuration USB Keys are uneconomical to repair and therefore will always be replaced. CAO Appendix A — RMA Request Form Please complete the below section of this form and send it to support@masabi.com to arrange for the replacement or repair of faulty hardware. Serial No. Part No. Station/Vehicle Username FCA&Turnstile Parent Serial No. Date Time Removed By Reported By Contact Name Return Address Contact Tel. Contact E-mail Reason for re.lacement/failure descri.tion: Health Monitoring state at time of failure: RMA No. Date Issued RMA Issued By ZenDesk No. 60) • Annex 6A(Validation Hardware IAT Procedure) is added as a new Annex as follows: ANNEX 6A Validation Hardware IAT Procedure er.) • 11 ..,,,,,... i us r e Masabi Hardware: JRV Installation Acceptance Test (IAT) Procedure Version: 01 Date: 2020-04-01 CAO Copyright Copyright Masabi Ltd and Masabi LLC 2024.All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without written permission of the publisher. CAO Section 1 - Introduction The Justride Validator(JRV) is a multi-format validator that is designed for transit environments and will be deployed by Masabi in various locations around the world. When furnished with an Internet connection, and provided with a suitable power source,the JRV can be used to validate barcodes and NFC media. The Installation Acceptance Test(IAT) procedure contains, herein,the necessary instructions,steps and scripts to follow in order to approve and commission a successful installation of a JRV. 1.1 Purpose The purpose of the IAT is to approve the successful installation of the JRV and verify that it fulfils the requirements set by the customer and Masabi. 1.2 Objective The objectives of the IAT are to: • Confirm that ticket validation functions correctly with all ticket types. • Confirm connectivity and expected behaviour between the JRV and the Masabi back-office via a wired Ethernet connection to the Internet. • Confirm that the JRV is fit for validation. 1.3 Prerequisites To complete the IAT the following prerequisites are required: • Installed JRV • Communication with the Internet (Masabi back office) available via Ethernet • Paper Configuration Barcode • Mobile Ticket Barcode • Paper Test Barcode • Smart Card Ticket • Access to the Hub via a Computer 1.4 Process Outline The IAT process is split into a set of tests as detailed below. The procedure includes the necessary instructions to confirm the correct installation and ticket validation functionality of the JRV. Each of the test cases is designed to focus on a particular aspect or function of the validation solution and should be completed as per the stated instructions with the results recorded in the IAT-R. If all Test Cases within this document pass,then the IAT passes. 1.5 Conventions Throughout this document the following format will be used for notes and important information: Important: Mandatory and important notes that must be fulfilled Note: Important notes regarding mandatory requirements that may affect correct operation but do not present a safety risk or danger of damage to equipment. CAO Recommendation:A non-mandatory addition to the instruction intended to highlight methods of completing actions that were previously found to be the most efficient or easiest. Throughout this document Masabi's Customer will be referred to as "the Agency",transit riders or End Users of the Agency will be referred to as "Cardholders". 1.6 Safety Precautions No particular safety hazards identified. Please ensure that all safety precautions required in the location and situation that the test is completed in are adhered to Glossary Note: Part and assembly names will be defined in the Orientation Section of this document. Acronym , Definition cEMV Contactless EMV EMV Europay Mastercard Visa HW Hardware IAT Installation Acceptance Test IAT-R Installation Acceptance Test Record JRV Justride Validator N/A Not applicable PCI Payment Card Industry SAM Secure Access Memory TBA To be announced Cq0 1.7 References Doc# Reference DT2-0010 JRV Installation Acceptance Test Record (IAT-R) (latest issue) DP3-0001 JRV PCI HW Compliance Plan (latest issue) Note:The JRV Electronics Enclosure contains a cEMV reader. If the JRV is to be used in a deployment which handles cEMV cards, or may in the future, applicable PCI handling procedures must be adopted and adhered to. In these cases, ensure that all handling is completed in accordance with the requirements laid out in the latest revision of DP3-0001 -JRV PCI HW Compliance Plan. Contact Masabi for further details. Note:All documents can be requested via support@masabi.com Section 2 -Graphical Display Screens These are the only messages that will be displayed during the demonstration. Image Accompanying Text Message Description • Valid Message used for instances when the ticket presented is valid for travel. Positive Message • Not valid Message used for instances when the ticket presented is not valid for travel. Not valid Message S • Show ID Message used for instances when a ticket with an entitlement(e.g. CI reduced fare) presented is valid for travel. Check Message • Scan your ticket Screen used when awaiting ticket media. 4 Ready Screen Section 3 - IAT Test Cases This section details the tests which form the IAT in their intended order.The purpose, objectives, prerequisites and the instructions to complete the test are detailed. • Test Case 1.—Visual Inspection • Test Case 2.—Power-On Self-Test (POST) and Configuration • Test Case 3.—Mounting • Test Case 4.—Internet and Back-Office Connection • Test Case 5.—Mobile Barcode Ticket:Valid • Test Case 6.—Paper Barcode Ticket: 'Not Valid' • Test Case 7.—Mobile Barcode Ticket:Warning • Test Case 8.—DESFIRESmart Card Ticket CA0 3.1 Test Case 1— Visual Inspection Purpose To verify that the JRV is undamaged and has not been tampered with Objectives Confirm that the JRV is not damaged and has not been tampered with Mandatory PCI Requirement:Any suspicion of tampering must be reported to Masabi immediately.The unit must not be used. Follow the procedure as described in DP3-0001 Masabi Hardware:Justride Validator(JRV) Payment Card Industries (PCI) Hardware Compliance Plan. Approximate 3min Required Time Prerequisites/ • Installed JRV Preconditions Procedure Start with the JRV Electronics Enclosure removed from the Mounting Kit. 1) PCI tamper inspection a) Check that Card Reader is present behind transparent SIM/SAM Cover at the bottom of the unit and Serial Number is consistent with Documentation b) Check for any marks, such as scratches, etc. that may indicate that the JRV Electronic Enclosure has been opened. c) Check for any unnecessary additional or suspicious wiring 2) Mount JRV Electronics Enclosure onto the JRV Mounting Kit 3) Checking for damage a) Check if JRV Electronics Enclosure is flush with the JRV Mounting Kit. b) Check for any unacceptable marks on the front glass of the JRV and on the plastics CAO Expected Results 1) JRV has not been tampered with a) Card Reader is present b) No marks that indicate that JRV was opened are present c) No suspicious wiring present Mandatory PCI Requirement: Otherwise follow DP3-0001. 2) JRV Electronics Enclosure flush with the JRV Mounting Kit 3) No damage Pass/Fail Criteria The test passes when all steps listed above are noted as passed. Results Results are to be recorded within the IAT-R. 3.2 Test Case 2— Power-On Self-Test(POST) and Configuration Purpose To verify that the JRV passes POST on initial power-up after installation Objectives Confirm that the JRV passes POST and is ready for functional testing Approximate 2min Required Time Prerequisites/ • A JRV connected to the Internet via Ethernet that has successfully Preconditions passed Test Case 1 • Configuration Barcode (if unit not already logged in) Procedure Start with the JRV in the powered down state, apply power and observe the booting process. Present the appropriate Configuration Barcode for the vehicle when prompted by the unit. Expected Results 1) The JRV screen will show a Justride logo and progress bar 2) The progress bar will move to show progress and the LED in the camera cone will turn on 3) The screen will briefly change to a black screen with a clock and loading message 4) The display will then show an information screen detailing the brand, username, IP address. No fault codes are displayed on the CAO screen. 5) The display message will read 'Scan Config Barcode'. Note: This screen will not show if the unit has previously been logged in. Skip step 6) 6) Present the correct log in barcode for the unit. A beep will sound to indicate a valid barcode. Not necessary if the unit has previously been logged in. 7) After a short wait,the screen will show the 'Scan your ticket' screen. Pass/Fail Criteria The test passes when all steps listed above are noted as passed. Results Results are to be recorded within the IAT-R. CAC) 3.3 Test Case 3— Mounting Purpose To verify that the JRV is mounted correctly and securely Objectives Confirm that the JRV is mounted securely onto the Stanchion and the JRV Electronics Enclosure is attached correctly to the JRV Mounting Kit. and JRV is reliably powered. Approximate 1 min Time Required Prerequisites/ • The JRV has successfully passed Test Case 2. Preconditions Procedure 1) Ensure that the JRV Lock is in the locked position and the Key is removed 2) Place a hand on the bottom of the JRV Electronics Enclosure and push upwards towards the display, i.e., in the same direction as an unlocked JRV would be pushed to remove the JRV Electronics Enclosure. Check if it slides and/or loses power/reboots 3) Attempt to move the JRV relatively to the stanchion. Check for unacceptable play between the JRV and the stanchion Expected Results 1) JRV is locked in position and the Key is removed 2) JRV does not slide. JRV does not reboot or lose power, as observed by monitoring the JRV Display. 3) JRV is securely attached to the stanchion. Neither Stanchion nor JRV move. Pass/Fail Criteria The test passes when all steps listed above are noted as passed. Results Results are to be recorded within the IAT-R. CAO 3.4 Test Case 4—Internet and Back-Office Connection Purpose To verify that the JRV is logged in with the correct credentials for the location of installation. Objectives Confirm that the JRV is logged in correctly and has a connection to our back-office Approximate 2 min Time Required Prerequisites/ • The JRV has successfully passed Test Case 3. Preconditions • Access to the Hub with credentials to view Asset Monitoring Procedure Log into the hub and check if the JRV is listed as online and healthy 1. Log in to the hub 2. Asset Monitoring-Validation 3. Apply Filter a. Username b. Contains c. Enter JRV Username 4. Check if JRV is listed, online and healthy 5. Check JRV software version Expected Results The JRV will be visible in the hub shown as online, healthy and has most recent software version. Pass/Fail Criteria The test passes when all steps listed above are noted as passed. Results Results are to be recorded within the IAT-R. CAO 3.5 Test Case 5—Mobile Barcode Ticket: Valid Purpose To verify that the JRV behaves as expected when presented with a valid barcode ticket. Objectives Confirm that the JRV presents expected indication to the user when presented with a valid barcode. Approximate 1 min Time Required Prerequisites/ • Valid ticket via app Preconditions • The JRV has successfully passed Test Case 4. Procedure 1) Ensure that the JRV is powered up, working and displaying the Ready screen. 2) Present the valid barcode to the JRV barcode scanner and observe for the below behaviour: a) JRV Graphical Display is green and displays "Valid" b) JRV Speaker plays the 'Valid Beep' Expected Results The JRV will present the user with the expected positive feedback: a) JRV Graphical Display is green and displays "Valid" b) JRV Speaker plays the 'Valid Beep' Pass/Fail Criteria The test passes when all steps listed above are noted as passed. Results Results are to be recorded within the IAT-R. 3.6 Test Case 6— Paper Barcode Ticket: Not Valid Purpose To verify that the JRV behaves as expected when presented with a 'not valid' barcode ticket. Objectives Confirm that the JRV presents expected indication to the user when presented with a 'not valid' barcode. Approximate Time 1 min Required Prerequisites/ • 'Not valid' paper ticket Preconditions • The JRV has successfully passed Test Case 5. Procedure 1) Ensure that the JRV is powered up, working and displaying the Ready screen. 2) Present the not valid barcode to the JRV barcode scanner and observe for the below behaviour: a) JRV Graphical Display is red and displays "Not Valid" b) JRV Speaker plays the 'Not Valid Beep' Expected Results The JRV will present the user with the expected positive feedback: a) JRV Graphical Display is red and displays "Not Valid" b) JRV Speaker plays the 'Not Valid Beep' Pass/Fail Criteria The test passes when all steps listed above are noted as passed. Results Results are to be recorded within the IAT-R. Cq0 3.7 Test Case 7— Mobile Barcode Ticket: Reduced Fare Purpose To verify that the JRV behaves as expected when presented with a valid barcode ticket with an entitlement (e.g. reduced fare ticket). Objectives Confirm that the JRV presents expected indication to the user when presented with a valid barcode with an entitlement (e.g., reduced fare ticket). Approximate 1 min Time Required Prerequisites/ • Valid ticket with a reduced fare (child or senior)via app Preconditions • The JRV has successfully passed Test Case 6. Procedure 1) Ensure that the JRV is powered up, working and displaying the Ready screen. 2) Present the valid barcode to the JRV barcode scanner and observe for the below behaviour: a) JRV Graphical Display is yellow and displays "Show ID" b) JRV Speaker plays the'Check Beep' Expected Results The JRV will present the user with the expected positive feedback: a) JRV Graphical Display is yellow and displays "Show ID" b) JRV Speaker plays the 'Check Beep' Pass/Fail Criteria The test passes when all steps listed above are noted as passed. Results Results are to be recorded within the IAT-R. S 3.8 Test Case 8—DESFIRE Smart Card Ticket Purpose To verify that the JRV behaves as expected when presented with a valid Smart Card travel card Objectives Confirm that the JRV presents expected message to the user when presented with a DESFIRE Smart Card Ticket Approximate 1 min Time Required Prerequisites/ • Valid DESFIRE Smart Card Ticket Preconditions • The JRV has successfully passed Test Case 7. Procedure 1) Ensure that the JRV is powered up, working and displaying the Ready screen. 2) Present the travel card to the JRV card scanner and observe for the below behaviour: a) JRV Graphical Display is green and displays "Valid" b) JRV Speaker plays the 'Valid Beep' Expected Results The JRV will present the user with the expected positive feedback: a) JRV Graphical Display is green and displays "Valid" b) JRV Speaker plays the 'Valid Beep' Pass/Fail Criteria The test passes when all steps listed above are noted as passed. Results Results are to be recorded within the IAT-R. CAO Supporting Justride Agencies and Riders masabi • Annex 6B (Masabi Hardware: Payment Card Industries (PCI) Hardware Compliance Plan) is added as a new Annex 6B (after Annex 6)as follows: ANNEX 6B Masabi Hardware: Payment Card Industries (PCI) Hardware Compliance Plan Copyright Copyright Masabi Ltd and Masabi LLC 2024. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without written permission of the publisher. S masabi Supporting Justride Agencies and Riders 1 Introduction In order to allow contactless EMV(cEMV) bank(debit)and credit cards to be used as tokens within the Justride platform it is necessary for validation hardware to be capable of interacting with these cards. To provide this functionality, some validators supported by Masabi contain a contactless smartcard reader with the necessary approvals to interact with cEMV cards, handle Cardholder data and contain the encryption keys needed to process payments. In order to minimise abuse or fraud, and increase controls around cardholder data, card brands, such as Visa, Mastercard and American Express, mandate that systems processing card payments or handling Cardholder data must fulfil the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS compliance is validated by periodical assessment by a Qualified Security Assessor(QSA). In addition, the hardware used to complete transactions must have Payment Card Industry (PCI) PIN Transaction Security(PTS) Point of Interaction (P01) device approval. At the time of writing, the hardware covered by this document includes: • On-Board Validators (OBVs): • Masabi Justride Validator (JRV) - which contains a XAC xNFC_C150-S ("C150S") or a XAC nNFC_C150-SE ("C150SE") contactless card reader that is certified to PCI PTS v4.0 or v6.0 respectively, as well as EMV contactless Level 1 and Level 2 for various card payment brands. Collectively these devices may be referred to as "C150". • Access IS / HID VAL100 fitted with ATR220 TripTik reader - this variant of the VAL100 contains an ATR220 reader that is certified to PCI PTS v5.0 as well as EMV contactless Level 1 and Level 2 for various card payment brands. • Platform Validators(PVs): • Masabi Justride Platform Validator (JRPV) - which contains a XAC xNFC_C150-S ("C150S") ora XAC nNFC_C150-SE ("C150SE")contactless card reader that is certified to PCI PTS v4.0 or v6.0 respectively, as well as EMV contactless Level 1 and Level 2 for various card payment brands. Collectively these devices may be referred to as "C150". • Handheld Devices: • XAC xCL_AT-150 ("AT150") mobile payment terminal which is certified to PCI PTS v5.0 as well as EMV contactless Level 1 and Level 2 for various card payment brands. As part of ensuring compliance with PCI DSS, and to prevent an invalidation of the PCI PTS POI device approval for a particular device, hardware must be handled and inspected in certain ways throughout its lifecycle. This document contains herein the generic process and procedures for the handling of the above hardware to meet these requirements. Warning: If Masabi reasonably determines that the Agency has failed to comply with the requirements set out in this document, it may, at the sole discretion of Masabi, result in the withdrawal of cEMV capability from the platform or other actions deemed appropriate to either return the system to a PCI compliant state or otherwise remove it from service to protect Cardholder data and/or Masabi's PCI DSS compliance, at the sole cost of the Agency. Note: For deployments which are not currently accepting cEMV cards, the requirements in this document must be observed for this capability to be enabled later. If they are not, each device must be returned to Masabi prior to their being used for cEMV interactions. Unless contractually agreed otherwise, this will be completed at the Agency's expense. CAO ma abi Supporting Justride Agencies and Riders 1.1 Purpose This document outlines herein the mandated handling requirements and procedures applicable to Masabi's customers deploying hardware that is or may be used to handle cEMV interactions with the intention to ensure that the deployment is compliant with the requirements of PCI DSS and the unit remains within its PCI PTS POI approvals. 1.2 Objective The intention of this document is to ensure that Agencies are provided with all necessary information so that cEMV enabled hardware deployments are compliant with PCI DSS. In order to achieve this this document will outline the below: - Handling and storage requirements - Inspection requirements - Personnel training requirements 1.3 Conventions Throughout this document the following format will be used for notes and important information: Important: Mandatory and important notes that must be fulfilled Note: Important notes regarding mandatory requirements that may affect correct operation but do not present a safety risk or danger of damage to equipment. Recommendation:A non-mandatory addition to the instruction intended to highlight methods of completing actions that were previously found to be the most efficient or easiest. Throughout this document Masabi's Customer will be referred to as "the Agency", transit riders or Customers of the Agency will be referred to as"Cardholders". 1.4 Glossary Acronym Definition cEMV Contactless EMV DSS Data Security Standards EMV Europay Mastercard Visa IAT Installation Acceptance Test JRPV Justride Platform Validator JRV Justride Validator OBV On-Board Validators PCI Payment Card Industry PIN Personal Identification Number POI Point of Interaction PTS PIN Transaction Security PV Platform Validators CAO QSA Qualified Security Assessor mar" • Supporting Justride Agencies and Riders i XAC Manufacturer of the C150S and C150SE card readers found in JRV and JRPV validators. 2 Responsibility With whom responsibility for PCI DSS compliance lies depends on who is the merchant of record and therefore may differ between deployments; however, in general: • The Agency is responsible for ensuring that the requirements set out in this document, and any supplementary documentation that may be applicable to the particular deployment, are carried out and appropriately documented. During the course of a project to deploy cEMV capable hardware, the Agency shall identify a suitable person, or position, within their organisation to act as the nominated responsible person and point of contact for PCI DSS compliance and compliance with the requirements set out in this document. That person or the Agency may also identify suitable deputies for this role. The nominated responsible person and their deputies will be recorded and shared with Masabi in line with the established governance for the project. • Masabi is responsible for ensuring that this document is kept up to date and new versions are provided to the Agency as and when changes in PCI DSS or internal processes require. 3 Delivery, Storage, Installation/Commissioning & Disposal Throughout the life cycle of any individual piece of cEMV capable hardware it must be handled in accordance with the requirements laid out in this section to ensure that it is still in compliance with PCI DSS. The key life cycle stages are delivery, storage, installation/commissioning, operation and disposal. This section provides an outline of the processes that are to be followed at the delivery, storage, installation and disposal stages. 3.1 Delivery Before hardware is deployed it is important to ensure that it has arrived at the Agency in the same state that it was shipped. Masabi therefore requires that the Agency perform an inspection of each consignment, and piece of hardware within it, to validate that security, and therefore PCI DSS compliance, has been maintained. Prior to shipment a consignment of hardware will be sealed with tamper evident bags, labels and/or tape. Masabi will inform the Agency of the expected design of these ahead of delivery. Upon delivery, or as soon thereafter as possible, suitably trained and authorised Agency staff shall verify that the seals are intact and that the consignment shows no other sign of tampering. If the seal is broken, or other signs of tampering are identified, the Agency shall inform Masabi via supportmasabi.com so that further instructions can be provided. Ultimately, if a shipment or piece of hardware is suspected of being tampered with, it will be returned to Masabi where steps will be undertaken to ensure the security of the cEMV card reader, e.g., by replacement, before the hardware is returned to the Agency. The above inspection shall be carried out upon the return of any hardware to the Agency. Once the packaging has been inspected, the units shall be stored within the sealed packaging and as specified in the following section until such time as they are needed for installation. CAO ma gbi Supporting Justride Agencies and Riders 3.2 Storage Whilst not installed, e.g., prior to installation, when being held as spare stock or after being removed from the field, cEMV hardware must be stored in a secure location to which access is restricted to appropriately trained and authorised Agency staff only. This can be in the form of, for example, a locked room or cabinet to which only authorised persons have keys. An accurate inventory of all hardware must be maintained by the Agency. The inventory shall include the serial number(s) of each piece of hardware as recorded during the delivery inspection. Each addition or removal of a piece of hardware to or from storage must be recorded with each instance including the date and time of the movement and who it was made by. Each instance of access to the secure location must be recorded with each instance including the date and time of access and who it was made by. The intention of these requirements is to ensure that the risk of devices being stolen, going missing or being tampered with is reduced as much as is practicable whilst they are out of service. Should it be identified that a piece of cEMV hardware is missing or otherwise unaccounted for, the Agency shall inform Masabi of this immediately via email to supportmasabi.com for further support. Important: Devices in storage shall also be subject to the Annual Audit as detailed in Section 4.2. 3.3 Installation/Commissioning This is the point at which the cEMV hardware is deployed for public service and is therefore exposed to Cardholders. It is therefore important that appropriate procedures are followed and checks made to ensure that the cEMV hardware is as it should be before this process is completed. Depending on the type of hardware the process differs slightly: • OBVs (JRVs and VAL100s)are installed and commissioned and tested. • PVs (JRPVs) are installed and commissioned and tested. • Handheld Devices (AT150s)are commissioned and tested. In this context these terms are defined thus: • Installation - the physical mounting of the equipment onto a vehicle or other installation location including associated mechanical supports, cabling, etc. • Commissioning - setting up hardware including providing it with the necessary connections and credentials to interact with the Masabi back office and other systems. • Testing - verifying the operation of the hardware, associated software and supporting connectivity or other systems prior to entering revenue service. Scripts or procedures for the installation, commissioning and/or testing of hardware, including inspections required under PCI DSS, shall be included as part of the project documentation, e.g., within the appropriate Installation Work Instruction, Commissioning Instruction and/or Installation Acceptance Test(IAT) Procedure. The following subsections provide a general outline of the device specific activities that need to be completed. CAO masabi Supporting Justride Agencies and Riders Important: cEMV hardware must not be left unattended in an insecure area between storage and completion of installation. 3.3.1 Justride Validator(JRV) In order to enter revenue service a JRV must undergo installation, commissioning and testing as defined within Installation Work Instruction and Installation Acceptance Test documents. Before installation, the JRV must be carefully inspected by an appropriately trained and authorised Agency employee to confirm that the unit is suitable for use, this inspection must look for: - Damage to the enclosure of the JRV - Damage to the enclosure of the integral cEMV card reader - Suspicious or extraneous wiring or parts - Damaged or otherwise non-functioning lock - Incorrect JRV serial number based on provided documentation - Incorrect integral cEMV card reader serial number based on provided manifest documentation and the JRV serial number that it is within The result of all inspections must be thoroughly recorded and provided to Masabi in accordance with the project governance for the deployment or via the Agency's Masabi account manager if installation is after initial deployment. The records, along with installation, commissioning and test records, must be marked correctly with date and (where required)time as well as the name of the person or people completing each inspection or activity. The Agency must inform Masabi of inspection failures which indicate potential tampering via support(a�masabi.com so that further instructions can be provided. If a JRV is suspected of being tampered with, it will be returned to Masabi where steps will be undertaken to ensure the security of the cEMV card reader, e.g., by replacement, before being returned to the Agency. Depending on the age of the reader and nature of the inspection failure, this may or may not be covered under warranty. At the conclusion of the installation, a final visual inspection to ensure that the JRV is properly fitted and is securely locked in position shall be completed and recorded. Again, records shall include date and, if necessary, time as well as the details of the person completing the inspection with copies provided to Masabi. The agency must maintain an accurate record of which JRV is installed on which vehicle and the home base of that vehicle. These records must be updated if, for example, the JRV is replaced due to a fault. Template forms for all these records will be made available to the Agency by Masabi. Note: Where records are not provided, are incomplete, inaccurate or otherwise unsatisfactory, Masabi may, at the Agency's expense, arrange for a team to visit to verify the inspections and/or replace the units. 3.3.2 Justride Platform Validator(JRPV) In order to enter revenue service a JRPV must undergo installation, commissioning and testing as defined within Installation Work Instruction and Installation Acceptance Test documents. Before installation, the JRPV must be carefully inspected by an appropriately trained and authorised Agency employee to confirm that the unit is suitable for use, this inspection must look for: - Damage to the enclosure of the JRPV CAO - Suspicious or extraneous wiring or parts ma abi Supporting Justride Agencies and Riders - Damaged or otherwise non-functioning lock - Incorrect JRPV serial number based on provided documentation The result of all inspections must be thoroughly recorded and provided to Masabi in accordance with the project governance for the deployment or via the Agency's Masabi account manager if installation is after initial deployment. The records, along with installation, commissioning and test records, must be marked correctly with date and (where required)time as well as the name of the person or people completing each inspection or activity. The Agency must inform Masabi of inspection failures which indicate potential tampering via suddort(a�masabi.com so that further instructions can be provided. If a JRPV is suspected of being tampered with, it will be returned to Masabi where steps will be undertaken to ensure the security of the cEMV card reader, e.g., by replacement, before being returned to the Agency. Depending on the age of the reader and nature of the inspection failure, this may or may not be covered under warranty. At the conclusion of the installation, a final visual inspection to ensure that the JRPV is properly fitted and is securely locked in position shall be completed and recorded. Again, records shall include date and, if necessary, time as well as the details of the person completing the inspection with copies provided to Masabi. The agency must maintain an accurate record of where each JRPV is installed. These records must be updated if, for example, the JRPV is replaced due to a fault. Template forms for all these records will be made available to the Agency by Masabi. Note: Where records are not provided, are incomplete, inaccurate or otherwise unsatisfactory, Masabi may, at the Agency's expense, arrange for a team to visit to verify the inspections and/or replace the units. 3.3.3 Access IS/HID VAL100 In order to enter revenue service a VAL100 must undergo installation, commissioning and testing as defined within Installation Work Instruction and Installation Acceptance Test documents. Before installation, the VALI 00 must be carefully inspected by an appropriately trained and authorised Agency employee to confirm that the unit is suitable for use, this inspection must look for: - Damage to the enclosure of the VAL1 00 - Suspicious or extraneous wiring or parts - Damaged or otherwise non-functioning lock - Incorrect VAL1 00 serial number based on provided documentation The result of all inspections must be thoroughly recorded and provided to Masabi in accordance with the project governance for the deployment or via the Agency's Masabi account manager if installation is after initial deployment. The records, along with installation, commissioning and test records, must be marked correctly with date and (where required)time as well as the name of the person or people completing each inspection or activity. The Agency must inform Masabi of inspection failures which indicate potential tampering via sur Dort(c�masabi.com so that further instructions can be provided. If a VAL100 is suspected of being tampered with, it will be returned to Masabi where steps will be undertaken to ensure the security of the VAL100, e.g., by replacement. Depending on the age of the VAL100 and nature of the inspection CAO failure, this may or may not be covered under warranty. masabi Supporting Justride Agencies and Riders At the conclusion of the installation, a final visual inspection to ensure that the VAL100 is properly fitted and is securely locked in position shall be completed and recorded. Again, records shall include date and, if necessary, time as well as the details of the person completing the inspection with copies provided to Masabi. The agency must maintain an accurate record of which VAL100 is installed on which vehicle and the home base of that vehicle. These records must be updated if, for example, the VAL100 is replaced due to a fault. Template forms for all these records will be made available to the Agency by Masabi. Note: Where records are not provided, are incomplete, inaccurate or otherwise unsatisfactory, Masabi may, at the Agency's expense, arrange for a team to visit to verify the inspections and/or replace the units. 3.3.4 XAC AT150 In order to enter revenue service, an AT150 must undergo commissioning and testing as defined within the appropriate commissioning document. Before commissioning, the AT150 must be carefully inspected by an appropriately trained and authorised Agency employee to confirm that the unit is suitable for use, this inspection must look for: - Damage to the enclosure of the AT150 - Suspicious or extraneous wiring or parts - Incorrect AT150 serial number based on provided documentation The result of all inspections must be thoroughly recorded and provided to Masabi in accordance with the project governance for the deployment or via the Agency's Masabi account manager if after initial deployment. The records, along with commissioning and test records, must be marked correctly with date and (where required)time as well as the name of the person or people completing each inspection or activity. The Agency must inform Masabi of inspection failures which indicate potential tampering via support(a�masabi.com so that further instructions can be provided. If an AT150 is suspected of being tampered with, it will be returned to Masabi or the OEM, XAC, where steps will be undertaken to ensure the security of the AT150, e.g., by replacement. Depending on the age of the AT150 and nature of the inspection failure, this may or may not be covered under warranty. The agency must maintain an accurate record of which AT150 is assigned to which person or location and the home base of that person. These records must be updated if, for example, the AT150 is replaced due to a fault. Template forms for all these records will be made available to the Agency by Masabi. Note: Where records are not provided, are incomplete, inaccurate or otherwise unsatisfactory, Masabi may, at the Agency's expense, arrange for a team to visit to verify the inspections and/or replace the units. CAO masabi Supporting Justride Agencies and Riders itivateunromf 3.4 Operation Operational cEMV hardware, i.e., those that have been installed, commissioned and tested such that they enter revenue service and handle Cardholder data, must undergo a regular and robust inspection regime to identify potential tampering. This is outlined in Section 4 of this document. During the operational stage of the hardware lifecycle, some hardware will be damaged or otherwise suspected of being faulty. In these cases the Agency must inform Masabi of the faulty unit by emailing support(cDmasabi.com as per the Warranty Plan. In the case of cEMV capable hardware, Masabi and the Agency must additionally make a determination of whether the fault or damage was caused during an attempt to tamper with the hardware in such a way to expose Cardholder data, or payment keys, et cetera. The Agency shall provide Masabi with any additional information requested to complete this assessment. Faulty or damaged hardware must still be handled with the same care, with regard to PCI, as those which are fully functional, i.e., faulty hardware must not be left unattended having been removed from service, must be stored in the same conditions as a working hardware (see Section 3.2)and must be shipped in tamper evident packaging (see Section 6) Where hardware is replaced due to being damaged or a suspected fault, the same process followed for initial installation, commissioning and testing, particularly with regard to the inspections outlined in Section 3.3, must be followed when installing or commissioning the replacement hardware. All records concerning storage and the details of where hardware is either installed on the vehicle or assigned to a user must be updated whenever hardware is replaced or assigned to another vehicle or individual or team to ensure their accuracy. 3.5 Decommissioning & Disposal When cEMV hardware reaches the end of its useful lifetime it must be securely destroyed. Depending on the specific contract agreed with the Agency, this may be completed by Masabi on their behalf, and potentially at their cost, or they may request approval from Masabi to use a third party. Approval will not be unreasonably withheld by Masabi; however, all parties must be confident that disposal will be completed appropriately to maintain the security of the deployment and hence PCI compliance. In all cases, hardware shall be shipped in packaging with tamper evident tape or labels, and shall be inspected upon delivery by the receiving partner. In the case of a third party being contracted, the destruction of each piece of hardware must be recorded with, at minimum, details including the serial number of the hardware, the date of destruction and who completed the destruction, thus forming a certificate of destruction. The certificate of destruction shall be provided to Masabi in accordance with the project governance for the deployment or via the Agency's Masabi account manager if it is after initial deployment. The following information must be captured during decommissioning: • Agency name • Device Serial Number • Device Model • Date of Decommissioning • Method used to erase sensitive data (i.e., tamper the device) • Name of the authorised Agency personnel who completed or oversaw the process • Title of the authorised Agency personnel who completed or oversaw the process • Signature of the authorised Agency personnel who completed or oversaw the process CAO ma abi Supporting Justride Agencies and Riders 3.5.1 Justride Validator(JRV) &Justride Platform Validator(JRPV) In accordance with XAC's PCI security policy for the C150S and C150SE, prior to shipment back to Masabi or disposal, the sensitive information within the C150 must be erased. This is achieved by intentionally triggering the reader's tamper protection following the below instructions: 1) If powered, power down the validator. 2) Open the enclosure of the validator to gain access to the C150 SAM slots. 3) Remove the battery from the holder in the rear of the reader. This battery provides an energy source to the tamper protection within the reader when it is disconnected from an external supply. ip ,• SgY-2. • t .. 4) Power up the validator, ensuring that the C150 reader is still connected to the validator(but with the battery removed), the validator is logged in and connected to the Internet. 5) Confirm that the validator displays an "Out of Service"screen after power-up and boot. 6) Navigate to the Asset Monitoring page on the Hub and confirm that the unit is reporting "Unhealthy"with "Card Reader Tampered"as the reason. 7) Power down the device and label it as decommissioned. The Agency must inform Masabi of inspection failures which indicate potential tampering via support(a,masabi.com so that further instructions can be provided. Note: Where records are not provided, are incomplete, inaccurate or otherwise unsatisfactory, Masabi may, at the Agency's expense, arrange for a team to visit to verify the inspections and/or replace the units. 3.5.2 Access IS/ HID VAL100 In accordance with Access IS/HID's security policy for the ATR220, all sensitive payment data should be erased from the reader during decommissioning. Where required, please contact Masabi via support(a)masabi.com to obtain further instructions and support. CAO masabi Supporting Justride Agencies and Riders 3.5.3 XAC AT150 In accordance with XAC's security policy for the AT150, all sensitive information stored on the device must be erased during decommissioning. This is achieved by intentionally triggering the device's tamper protection. This can be accomplished by following the steps listed in XAC's security policy, which is available from the PCI Approved PTS Devices website: https://listings.pcisecuritystandards.orq/assessors and solutions/pin transaction devices. 4 Device Inspections Following the successful installation, commissioning and test of cEMV hardware it will enter revenue service and then be available for use by Cardholders. In order to ensure that the hardware is not tampered with or otherwise compromised whilst in the field, it is necessary to regularly inspect the hardware. There are two types of inspection: 1) The Regular Inspection is intended to become part of a driver's or operator's pre-departure vehicle checks for On-Board Validators, checks to be made at the start of a shift for Handheld Devices or during routine cleaning and maintenance for Platform Validators. 2) An Annual Audit is a more in-depth inspection completed by appropriately trained and authorised Agency employees to ensure that the unit is unchanged since installation. The following subsections provide an outline of each of these inspections. 4.1 Regular Inspection 4.1.1 On-Board Validators (JRVs &VAL100s) This inspection, which is intended to become part of the driver's or operator's pre-departure vehicle checks and includes verification of the following: - Is the OBV present and correct? - Is the OBV securely fixed and locked onto the pole? - Are any new or strange cables, etc., running out of the OBV? - Does the OBV power up as expected?Are there any error messages? - Is there anything fixed to the OBV enclosure that is not expected, e.g., labels on the unit that are not sanctioned by the Agency? In the event that a driver identifies something that they believe is a sign of tampering, this should be raised with their supervisor for further investigation. Important: Where tampering is suspected, the cEMV hardware must be removed from service immediately and the incident reported to Masabi. The agency's appointed PCI responsible person or their deputy may be asked to periodically attest to Masabi or to a QSA that these visual checks of the OBVs are being undertaken as part of normal daily vehicle checks and/or maintenance checks by Agency operational staff. The Agency must inform Masabi of inspection failures which indicate potential tampering via support anmasabi.com so that further instructions can be provided. CAO ma abi Supporting Justride Agencies and Riders 4.1.2 Platform Validators (JRPVs) This inspection, which is intended to become part of maintenance staffs routine maintenance of the platform validator includes verification of the following: - Is the PV present and correct? - Is the PV securely fitted and locked onto the plinth? - Are there any new or strange cables, etc., running out of the PV? - Does the PV power up or is the PV powered up as expected?Are there any error messages? - Is there anything fixed to the PV enclosure or plinth which is not expected, e.g., labels on the unit that are not sanctioned by the Agency? In the event that a staff member or contractor identifies something that they believe is a sign of tampering, this should be raised with their supervisor for further investigation. Important: Where tampering is suspected, the cEMV hardware must be removed from service immediately and the incident reported to Masabi. The agency's appointed PCI responsible person or their deputy may be asked to periodically attest to Masabi or to a QSA that these visual checks of the PVs are being undertaken as part of normal daily vehicle checks and/or maintenance checks by Agency operational staff. The Agency must inform Masabi of inspection failures which indicate potential tampering via su000rt(a�masabi.com so that further instructions can be provided. 4.1.3 Handheld Devices This inspection, which is intended to become part of the operator's checks at the start of their shift or work day checks and includes verification of the following: ➢ Is the Handheld Device present and correct? ➢ Is the Handheld Device located where it was expected, i.e., securely stored? ➢ Are any new or strange cables, etc., running out of the Handheld Device? ➢ Does the Handheld Device power up as expected?Are there any error messages or strange pieces of software running? ➢ Is there anything fixed to the Handheld Device enclosure that is not expected, e.g., labels on the unit that are not sanctioned by the Agency? In the event that the operator identifies something that they believe is a sign of tampering, this should be raised with their supervisor for further investigation. Important: Where tampering is suspected, the cEMV hardware must be removed from service immediately and the incident reported to Masabi. The agency's appointed PCI responsible person or their deputy may be asked to periodically attest to Masabi or to a QSA that these visual checks of the Handheld devices are being undertaken as part of normal daily checks by Agency staff. III::O The Agency must inform Masabi of inspection failures which indicate potential tampering via suoport(a�masabi.com so that further instructions can be provided. ma abi Supporting Justride Agencies and Riders 4.2 Annual Audit In addition to the regular inspections in §4.1, an Annual Audit of all cEMV hardware, whether in storage or installed, must be completed. Masabi will provide templates that appropriately trained and authorised Agency staff will use to complete the Annual Audit. Inspections completed during the Annual Audit include: ➢ Inspection of the hardware enclosure for damage or changes that may compromise the security of the unit or otherwise indicate that the device has been tampered with. ➢ OBVs & PVs- Inspection of any mechanical locks to ensure that it works correctly and can be locked and unlocked with the correct key. ➢ Inspection of any tamper evident labels to ensure they are present and not voided. ➢ Inspection of the hardware for signs of additional or extraneous wires, circuit boards, labels or other parts which are not approved by Masabi and the Agency. ➢ Verification of the serial number of the hardware ➢ JRV only-Verification of the serial number of the integral cEMV C150 and the combination of C150 and JRV serial number. ➢ Verification that all pieces of cEMV hardware are present and correct. Important: Where tampering is suspected, the cEMV hardware must be removed from service immediately and the incident reported to Masabi. Important: As part of their Annual Inspection, all JRVs (i.e., deployed and in storage)and JRPVs that are in storage need to have their tamper protection battery, a coin cell battery which powers the tamper protection circuitry within the card reader when the device is not connected to an external power source, replaced. This must be done while the unit is powered in accordance with instructions that are available from Masabi Support. Failure to replace this battery before its energy store is depleted will result in the unit erroneously entering a tampered state which can only be remedied at the factory. The results of the above inspection shall be thoroughly documented, including evidence of the inspection having taken place, the date, time and location of the inspection as well as details of the person or people that completed it. The result of all inspections shall be provided to Masabi in accordance with the project governance for the deployment or via the Agency's Masabi account manager if the inspection is completed after initial deployment. The Agency must inform Masabi of inspection failures which indicate potential tampering via support(a,masabi.com so that further instructions can be provided. If a unit is suspected of being tampered with, it will be returned to Masabi where steps will be undertaken to ensure the security of the cEMV card reader, e.g., by replacement or re-flashing of firmware and keys, before being returned to the Agency. Depending on the age of the reader and nature of the inspection failure, this may or may not be covered under warranty. Note: Where records are not provided, are incomplete, inaccurate or otherwise unsatisfactory, Masabi may, at the Agency's expense, arrange for a team to visit to verify the inspections and/or replace the units. CAO ma abi Supporting Justride Agencies and Riders 5 Response on Discovering Tampered cEMV Hardware In order to minimise the potential exposure of Cardholder data it is important that instances of suspected tampering are dealt with quickly. An outline for the process that may be followed upon discovery of suspected tampering with cEMV hardware is given below. The precise response will depend on the nature and severity of the issue. Important: Where tampering is suspected, the cEMV hardware must be removed from service immediately and the incident reported to Masabi. 1. Remove the cEMV hardware from service and secure it. 2. If tampering is suspected but the person who has identified it is unsure, this should be passed to an appropriately trained and authorised Agency employee to verify. If uncertainty remains this should be escalated to the nominated responsible person within the Agency or one of their agreed deputies. Note: If there is any doubt if the unit is tampered the device shall be handled as a manipulated unit. 3. Inform Masabi of the issue via support(a�masabi.com with as much information as possible, including photographs if available. Note: Masabi may request that the tampered cEMV hardware is made available for inspection depending on the nature of the suspected tampering. 4. If necessary upon discussion with Masabi, the Agency and Masabi shall inform local law enforcement. 5. If, as determined by Masabi and the Agency, the Cardholder data environment may be affected, the implicated payment schemes must be informed by the Agency and Masabi. Important: If the incident has affected the Cardholder data environment, and has impacted the system components within this environment, the incident must immediately be reported, its severity and other essential information provided to the applicable payment brands. The following table shows links to the major payment brands and how to handle such incidents for each: Payment Brand Information on Incident Handling and Reporting VISA https://usa.visa.com/support/small-business/data-security.html MasterCard https://www.mastercard.com/content/dam/public/mastercardcom/alobalrisk/p df/ADC-Best-Practice-Manual.pdf https://www.masterCard.us/content/dam/mccom/en- us/documents/rules/SPME-Manual-February-2019.pdf CAO American Express https://www.americanexpress.com/us/merchant/fraud-prevention.html ma abi Supporting Justride Agencies and Riders UmmindIP Payment Brand Information on Incident Handling and Reporting Discover Card https://www.discoverglobalnetwork.com/solutions/pci-compliance/validation- reporti ng-requ i rements/ 6 Returning Faulty Devices Where a device is suspected of being faulty it will need to be returned to Masabi for repair. This is completed through our Return Material Authorisation (RMA) process as detailed in our Warranty Plan. Where returned materials include cEMV capable equipment particular security precautions are necessary to ensure that the chain of trust is maintained throughout shipping and repair of the equipment. While the Masabi Support team may make specific requests on a case-by-case basis as to how devices are to be prepared for return shipping, etc., the generalised steps to complete are as follows: 1. Once a faulty device has been identified, follow the steps in the Warranty Plan to contact Masabi and arrange for a return. 2. Package the device(s)securely in appropriately protective packaging, preferably the original packaging although other materials can be used where this is not available. 3. Secure all openings of the external box or carton with commercial-off-the-shelf tamper evident tape, i.e., packaging tape which can only be used once as removal causes the tape to be irreversibly and obviously altered, for example by displaying the word "VOID". Ensure that the tape sourced works effectively, i.e., that when removed it is irreversibly and obviously altered before sealing the box(es). 4. With a suitable permanent marker, the individual responsible for packing and sealing the consignment will sign their name over the tamper evident tape, ensuring that the signature goes beyond both edges of the tape, i.e., the signature is on the tape and box wall either side of the join being made by the tape. This serves to make it more difficult for a third party to obtain the same commercial-off-the-shelf tamper evident tape and reseal the boxes without detection. Repeat for each piece of tamper evident tape used on the box. 5. Take a photograph of each signature and send it to Masabi Support quoting your RMA number. This allows Masabi to compare the box, tape and signature on arrival to help ensure that it has not been altered in transit. Masabi will return repaired units, or send replacement units, in boxes sealed with the same Masabi- branded tamper evident tape that is used for the shipment of new units. Note: If in doubt, please speak with the Masabi Support team or escalate to your Account Manager. 7 Personnel & Training Agency personnel that are permitted to access stored cEMV hardware, complete installation, commissioning, testing or maintenance of cEMV hardware or complete inspections must have CAO undergone appropriate training and been explicitly authorised by the Agency. Records of training and ma abi Supporting Justride Agencies and Riders authorisation, and removal of authorisation, etc., are to be accurately compiled and maintained by the Agency and made available to Masabi upon request. Training requirements will be agreed between Masabi and the Agency during the project to deploy the cEMV capable hardware, but will generally consist of a `train-the-trainer' approach. Training for each member of Agency staff who have a responsibility for or involvement with cEMV hardware must be given training on the tasks they will undertake as well as the general requirements and importance of PCI DSS compliance, the consequences of not following the requirements and how they should report anything to which is suspicious or indicative of tampering. Note: The training must be refreshed every year. All instances of training, refresher or otherwise, are to be recorded by the Agency. Note: Where records are not provided, are incomplete, inaccurate or otherwise unsatisfactory, Masabi may, at the Agency's expense, arrange for a team to visit to verify their accuracy. 8 References Description Link Access IS ATR220 PCI PTS Security Policy https://listings.pcisecuritystandards.org/ptsdocs/ 4-60226ES-110 ATR220 Security Policy V2.1- 1655217338.84646.0df XAC C150S PCI PTS Security Policy https://listings.pcisecuritystandards.org/ptsdocs/ 4- 10192B20 Security Policy xCE C150S All 20210826-1632507978.9745.pdf XAC C150SE PCI PTS Security Policy https://listings.pcisecuritystandards.org/ptsdocs/ 4- 40326Security policy of C150SE A03 202204 15-1650661019.26705.pdf CAO masabi Supporting Justride Agencies and Riders • Annex 7 (MASABI SERVICE LEVEL AGREEMENT) is deleted and replaced with the following: ANNEX 7 MASABI SERVICE LEVEL AGREEMENT Masabi SLA and Support Services Copyright Copyright Masabi Ltd and Masabi LLC 2024. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without written permission of the publisher. CAO m sab• Supporting Justride Agencies and Riders i , _. DOCUMENT PURPOSE This document describes the service level guidelines for agencies for the overall monitoring, incident response and escalation protocols employed by Masabi to monitor an Agency's Justride Mobile Ticketing platform This document outlines the performance measurements for the entire Justride platform, its SDK, and critical path third party providers. It will describe the definitions and terms used to monitor and respond to any performance related issue and escalation protocols should any incident impact the normal operations of the Justride platform. These guidelines apply solely to an Agency's live production environment and do not cover other applications or environments, which, from time to time, may be made available to the Agency for the purpose of reviewing or testing new features and functionality, or which may be used to demonstrate features during a contracting process. INTRODUCTION Masabi provides a scalable, robust and responsive Incident Management process to administer an effective, highly redundant mobile ticketing platform for large metropolitan agencies. It utilises a combination of best-in-breed cloud hosting through Amazon Web Services (AWS) with multi-layered load balancing, immediate scalability, and high-level incidence response. As additional measures, Masabi applies independent monitoring services for the components that make up the overall Agency mobile ticketing platform. DEFINITIONS As used in this incident guidelines, the following capitalised terms will have the meanings defined here. In the event of any conflict between the definitions provided in this Incident Management Guide and those provided elsewhere in the guide, the definitions in this guide will control for purposes of this Incident Management Guide. • Dedicated Support & Service— Masabi has dedicated services and support personnel who are trained for Incident Response Management and who understand the protocols for triage, first response acknowledgement, troubleshooting and problem resolution. Due to the criticality of servicing a solution with high-touch point customer satisfaction and experience, this team is available 365 days a year, 24 hours a day. • Escalation— In addition, Masabi provides escalation and account management processes through a documented prioritisation, categorization and resolution program, which is focused on account management and communication in addition to handling the technical resolution, which allows for internal agency communication and understanding. • External Service—Any equipment or service or component being provided by a third party. • Formal Review and Reporting— Formalised Incident Reports are generated for any Incident that affects the level of service as agreed upon between Masabi and the Customer. An Incident Report involves teams across Masabi including IT Operations, Support, Account Management, Engineering, Product Management, Engineering and Quality Assurance. • Incident — An Incident is an unplanned interruption to the Justride service, or reduction in the quality of the service, affecting the Agency or its end-user experience. Failure of any item, software or hardware, used in the support of a system is also an Incident, even if the failure has CAO not yet affected or impacted service. For example, the failure of one component of a redundant, ma abi Supporting Justride Agencies and Riders service. • Live Status Notifications— Masabi will notify agencies through the live status page and will display a status per component as well as top-level status calculated based on all affected components: 11 `Major Outage'; 12 'Partial Outage'; 13 = 'Service Degradation'; and 14 = 'Degraded Performance' • Logging an Incident— If an incident should occur, an authorised Agency contact, using an Agency email account, will submit a support request using any of the methods as listed in the Support Guidelines documentation. If an acknowledgement is not received within 15 minutes, Agency has a secondary means of escalation through the Support IVR • Performance Uptime— In general, outside of scheduled maintenance windows and planned outages (system upgrades), the Agency mobile ticketing platform operates on a 99.95% uptime performance. It was designed to be highly redundant, integrated with elastic load balancing, which can direct traffic to redundant servers in case of a failure or it can increase capacity during high volume processing times. Additionally, it is PCI compliant and it adheres to all agreed upon standards for financial transaction processing. • Priority — Masabi's Incident Management guidelines stipulate as a standard performance measurement a 4-hour resolution for a Priority-1 (P1) incident and an 8-hour resolution for a Priority-2 (P2) incident. Interim timeframes are stated for acknowledgement and assignment to provide Customers with an understanding that their issues have been received and are in the process for resolution. • Resolution - An incident is considered resolved when the fix is deployed to production and/or end- users are no longer affected by the incident. For incidents which require App releases, an incident is considered resolved when the release is submitted to the App stores, Apple, Google Play or Testflight or Hockey App. Equally, SDK incidents will be considered resolved when the SDK revision has been updated. It will be assumed that if an app release is required, app releases required to fix P1 incidents will be automatically accepted by the Agency, however, if the agency chooses deployment to UAT prior to production, the incident will be considered resolved when deployed to UAT. • Response Time— Masabi's Response Time is formulated on a scaled basis determined by the categorization of the Incident Severity, which is measured by the degree of service limitation experienced by the Agency and other hosted customers. In addition, for Incidents relating to AWS services, which is a critical component for providing overall service availability, Masabi and AWS operate with a 60 minute Incident Management Response plan, supported by Masabi's own incident response time and processes. • Scheduled Maintenance— means maintenance scheduled by Masabi to implement generic or agency specific changes to, or generic or agency specific version updates of, any app, back office system and network (and associated software and hardware configurations) supporting the Justride system. • Severity — Agency's incident categorization that correlates to Masabi's Incident Priority. Incidents prioritised as P1 will be assigned a severity of, 'Critical'; P2 = `High'; P3 = `Med'; and P4 = `Low' • Up-Time Performance- A designation of Justride system performance by key system based on a monthly measurement excluding scheduled maintenance time according to Masabi's System CAO Maintenance policies. r 1YlgSgbl Supporting Justride Agencies and Riders ROLES AND RESPONSIBILITIES Masabi and the Agency will designate individuals within each respective organisation to perform the Incident Management tasks outlined in this guide. The Agency agrees to maintain and communicate the designated Incident Management roles as defined below. Details of the designated parties and their contact details will be provided by the Project Manager. MASABI ROLES & RESPONSIBILITIES To ensure that Incidents and requests are handled efficiently, Masabi has implemented a two tier support structure that includes both Masabi Support technical leads (typically based in the UK) and Account Support leads (typically based in North America). Masabi Customer Support Masabi Customer Support provides comprehensive customer and technical support during standard business hours via London, UK, New York and Denver, USA. Masabi Customer Support is responsible for responding to inbound agency inquiries and tickets, troubleshooting with agency staff and escalating issues to product engineering when required. Masabi Customer Support monitors all inbound support tickets, collects troubleshooting data that is helpful to development and quality assurance, and provides general answers to agency staff on common questions and functionality queries. Masabi Customer Support is supported by Masabi IT Operations Support for round the clock global support and response. Masabi IT Operations Support Masabi IT Operations Support operates 24 hours per day, 365 days a year. Masabi IT Operations Support has the primary goal of triaging, investigating and resolving technical incidents, in accordance with agreed SLAs. The Masabi IT Operations Support team is capable of resolving complex incidents and providing effective workarounds that allow business operations to be resumed with minimal loss. Masabi IT Operations Support activities include, but not limited to the following: • Contacts Agency in accordance with the Agency escalation contact protocol. • Acts as a point of escalation for Incidents or ongoing issues. • Creates an agreed-upon process for updates and notifications during the Incident Time Frame; and oversees the development of the official closing Incident Management Report • Contacts Agency IT for any requests to implement a system outage necessary to enact a corrective action. • Provides detailed updates and explanations to the Agency and Account Support, as recorded within the Incident Management Suite, including the Incident Tracking and Monitoring log. • Collaborates with other secondary-tier engineers to formulate a resolution, temporary fix, or workaround via the raised record within Incident Management Suite. • Ensures all development related fixes are recorded within the Product Development specific JIRA space. • Collaborates with other Masabi resources to formulate comprehensive outage reports detailing the root cause, impact and mitigating actions to prevent recurrence. • If required, attend regular incident review meetings with the Agency. The frequency of meetings will be as agreed per the Agency but shall be at least quarterly. • Once incidents are resolved, tests and provides confirmation of resolution. CAD ma abi Supporting Justride Agencies and Riders Account Management An Account Manager is assigned to each agency upon contract award. The Account Manager is the day-to-day owner of an agency and its contract with Masabi. The Account Manager is responsible for the relationship management and agency satisfaction with Masabi and the Justride platform. Account Management activities include: • Prime relationship management and contract management with Agency • Responsible for tactical weekly status reviews with stakeholders • Collates and distributes performance, financial and service reports. • Conducts regular stakeholder reviews with the agency for product strategy, account strategy, and customer satisfaction metrics • Acts as the Agency coordination point for any critical performance or service level disruption • Reviews financial performance and assists with identification of additional ticketing channels and partnerships with other local agencies. • Manages ongoing maintenance of the live-deployment and coordinates schedules of updates and new feature releases AGENCY ROLES & RESPONSIBILITIES To facilitate incident management performance, Masabi requests that an Agency designates specific internal owners of the Justride mobile platform, as recommended below. Agency Justride Application Owner • A designated owner of the Justride platform as known to all agency staff and stakeholders. It is recommended that this person shall have decision making authority for the Justride platform, and release authority for Apps to be submitted to the Apps stores. This role is typically a Director of IT or Fare Collection • Attends regular service review meetings with Masabi and, if necessary, attends incident review meetings. The frequency of meetings will be as agreed per the Agency but shall be at least quarterly. • Provides approval for any required outages that affect the system or product necessary to implement a corrective action. • Acts as a liaison between internal parties and Masabi for inbound and outbound incident reporting and coordination; coordinates internal team communication. • Notifies internal functions of the status of Masabi services • Notifies Masabi of any known hardware or operating system changes or updates. Primary Agency Contact - IT Service / Customer Support Desk • Responds to the Agency's customer reported issues and submits Support Tickets on Agency behalf to Masabi for investigation and resolution. • Acts as the single point of escalation for the Agency customer. • Manages and tracks any raised incidents or requests submitted to Masabi. • Raises known or discovered incidents through the Masabi Support process • Provides support to internal functions utilising Masabi services. • Provides symptoms, investigatory information and support to the Masabi Support function. • If required, attend regular incident review meetings with Masabi. The frequency of meetings will be as agreed per the Agency but shall be at least quarterly. CAO • Supporting Justride Agencies and Riders masab DEFINITION OF AN INCIDENT An Incident is an unplanned interruption to the Justride service, or reduction in the quality of the service, affecting the Agency or its end-user experience. Failure of any item, software or hardware, used in the support of a system is also an Incident, even if the failure has not yet affected or impacted service. For example, the failure of one component of a redundant, high availability configuration is categorised as an Incident even though it does not interrupt service. An Incident occurs when the operational status of a production item changes from working to failing or about to fail, resulting in a condition in which the item is not functioning as it was designed or implemented. The resolution for an Incident involves implementing a corrective action to restore the item to its original state. INCIDENT LOGGING & CATEGORISATION PROCESS Overview The priority and severity of an Incident are assigned during an initial triage as displayed in the 'General Process Flow Diagram' figure below. Incident Management Workflow Engineering/Ops Support Engineer External Inbound Client ,Inbound Client Inbound Client web Server \ Services Alen Can Email Help Center System Alen ED O Identify Idena y411* Yes Categorize Standard IncidentndtPgmze And Ptumize Process AM Prioritize A No \ 111011. No P3IP4 Incident Process No E I cam, 1 G \��r�/ NIMMESIMMINIMI Yes Yes Enpxte Proc." lotion « Initial Diagnosis Z amoommum, E R Live Statue ,— Repone Process •Notifications S �s T 0 Agency Designated Contact s eimminolmmt No C Confirm Resolution 40116000. Recovery L 0 Yes S^ 11 Confirm Resolution Post-Mwlem PbX"PostorAr ) �� and Deploy to Service 111111111111111 General Process Flow Diagram CAO ma pbi Supporting Justride Agencies and Riders The above defined process flow handles all levels of Priority Status (P1 through P4). In most cases, Incidents rated as P3 & P4 do not apply to core or support systems with high business impact such as the ability to purchase, store, validate and activate tickets. For P3 and P4 incidents, a general workaround is known and can be applied with a change to behaviour and/or the incident is isolated to one or a very small proportion of end-users. P3 and P4 incidents will be tracked and monitored in an Incident Tracking and Monitoring log; P1 and P2 incidents are logged here if, and only if, there are no short-term resolutions available. Incident Notification Types There are three channels for Acknowledging Incidents: email or phone call. Notification Type Frequency Details Live Status Page All P1-P2 Incidents All subscribers to this service will be (recommended) notified when a P1 or P2 incident occurs. Email Every P1- P4 incident An email will be sent to the original submitter of the ticket. Support can request that an email is automatically cc'd in addition to this. Phone Call For inbound reporting Scheduled conference calls for group of every P1-P4 incident communication and follow up on Incidents with agencies. CAO) ma abi Supporting Justride Agencies and Riders Incident Logging and Categorization If Masabi Identifies a P1 or P2 Incident Masabi's Justride system monitoring will immediately identify many Incidents. Should Masabi Support receive an alert that may indicate a P1 or P2 Incident, the engineer on-call will conduct the following: 1) Test the Service a) Is it available? b) Is it potentially a system-wide outage? c) Are key services responding? d) Can a ticket be purchased? e) Does redeploying service resolve issues? 2) Escalate a) Use instant internal messaging systems at Masabi to seek escalation and resolution guidance. b) Inform Masabi Account Services who will: i) Inform Agency Point of Contact(s) ii) Keep Agency Point of Contact Informed via email c) Initiate Technical Escalation Process i) Functional Experts: (1) Retail - Engineering (on-call) (2) Inspect- Engineering (on-call) (3) Hub - Engineering (on-call) (4) SDK- Engineering (on-call) (5) Hardware - Engineering (on-call) ii) VP of Engineering iii) CTO CAO Supporting Justride Agencies and Riders tYlq qbl If Agency Identifies a P1 or P2 Incident In the instance that Agency encounters a fault with the Agency service, product, or system, Agency will submit a request to Masabi Support by following the steps below. • Report the incident via any of channels recommended in Masabi's Support guide for agencies confirming the system or product, the symptoms experienced and where possible the quantity of users affected. Important: emails should be sent from an official Agency email account to validate the inbound request. • If an acknowledgement of the email is not received within 15 minutes, the Agency should call Masabi Support via the Support IVR provided in Support Guidelines Documentation. An on-call member of the Masabi Support team will be alerted following the P1 or P2 alerting channels. • Agency will follow its contact protocol to notify the affected operational areas. • Once the issue has been communicated to Masabi, by email, Masabi's Support Management Suite will automatically create an Incident ticket, corresponding ITN, Incident Record, and alert the necessary Masabi Support staff. The incident notification will contain the information that the Agency has provided, an ITN, and notes from Masabi Support once triage has commenced. If the incident is communicated by phone, the support representative will create an incident ticket with corresponding ITN, Incident Record. For All P1 and P2 Incidents • When alerted, the Masabi IT Ops Tier-One team will begin to triage the issue or incident and assign a priority based on the detail that the Agency has provided or from Masabi's automated monitoring systems. To further Masabi's progress in triaging or investigating the incident, Masabi may conduct a conference call with the relevant parties to discuss in detail the symptoms, impact, suspected cause and any known resolutions or temporary workarounds. • Should the investigation prove that the incident is of a complex nature or a resolution cannot be found within a timely manner, the incident will be escalated to subject-matter experts within Masabi. For example, if the issue is with the payment process, Masabi Support will immediately notify members of Masabi's Payments Team. cAO masabi Supporting Justride Agencies and Riders INCIDENT CATEGORISATION Once initial logging is complete, Masabi Support or the on-call engineer will categorise the Incident and define the impact level. Categorization of the incident is a factor in determining the prioritisation, the level of effort required for the Incident Resolution and response plan The table below represents the Incident Categorizations. Incident Description Category Customer Retail App Customer application not available to end-users. Incident SDK Incident Ticket purchasing via the SDK service is unable to provision new tickets Outage that affects the Hub back-office but no customer-facing Hub Incident components. Affects the Inspect app, handheld validation, onboard validators or gate Validation Incident kits. Please refer to the Hardware policy for more information on custom hardware integrations. Affects the Inspect app and electronic validation. Outage that prevents purchases and/or refunds, but does not impact Payment Incident activations, Hub, etc. Purchases of new tickets using a digital wallet e.g. Apple Pay are unable to Digital Wallet Incident complete purchases Accessibility or outage which affects prior ticket purchases or activation Ticket Usage Incident which affect a widespread customer base (e.g. not a user error on a single ticket activation). Full System Outage No system components available to agency staff or end users. Justride system components remain operational but below expected Platform Degradation performance thresholds or time-outs exceed standard expected levels Includes external outages affecting Rider actions such as Ticket payments, email receipts, Masabi will always provide an advisory notification and External Services Incident Priority Level. Where Masabi manages the relationship (MPGS, Mandrill and Chase Paymentech), Masabi engineering will work diligently with the service provider to resolve all incidents. Uncategorized Defect Any other anomaly that is not classified in one of the above. CAO • Supporting Justride Agencies and Riders masabi INCIDENT PRIORITISATION The priority (P-Value) of an incident is assigned during the logging and categorization (triage) phase; the level of priority is determined by the level of impact or service limitation experienced by the Agency. Support or the on-call engineer will perform an impact analysis on the Incident and define an Incident response plan, following which, Masabi Support will contact the Agency through the original submitter of the ticket. Additionally, if P1 or P2, all agency subscribers will be notified via the Live Status service. The support request or alert will also have an Incident Categorization assigned, as per the categories stated above. In order to assess a P1 or P2 priority level, during Masabi triage, it is expected that the reported incident is reproducible and to have received multiple occurrences of the same reported incident; e.g., verification of a single payment failure that is it not due to insufficient funds or typos in credit card details. If an incident is not reproducible, there are an isolated number of reports or only impacts support or minor systems, the incident should be classified as P3. In order to define level of impact, Masabi will measure the data in the present and compare it to the same measurement in a comparable period of time in the past, for example, 30% total transactions have failed between 9:00-10:00 AM UTC at the beginning of the month versus 0% transactions failed at the beginning of the previous month. If a live incident occurs during a non-peak period such as 3:00am and an incident may potentially affect 4 users out of 5 (85%), 14 will be applied. CAO ma r8.111abi Supporting Justride Agencies and Riders Impact Values • I1 -"Service" affected for more than 5% of criteria for analysis (users/payments/events) • 12 —"Service" affected for less than 5% of criteria used for analysis (users/payments/events) but more than 1% • 13—"Service" affected for less than 1%of criteria used for analysis (users/payments/events) • 14 - "Service" issue isolated to one or a very small proportion of criteria used for analysis (users/payments/events). However functionality may remain with a workaround. System Definitions Masabi looks at the area of the Justride platform and its components in addressing the Priority and Impact level. The following are the categories with examples of the functions Masabi uses for priority assignment: • Core Functions- Ticket Validation, Purchases, Scanning Share • Support Functions- Financial Data„ Data access e.g. TVD, Assets, reports, Hub CS Primary functions • Minor Functions - UI, Analytics, Reports, Hub Non-revenue related actions • External Services-Any third party services managed or monitored by Masabi. Priority Assignment Below is the priority assignment criteria that Masabi and the Agency use to classify priority of an Incident: Core Systems Support Minor Systems Systems I1—"Service" affected for more than 5%of criteria for analysis P1 P2 P3 (users/payments/events) 12—"Service" affected for less than 5%of criteria used for analysis P1 P2 P3 (users/payments/events) but more than 1% 13—"Service" affected for less than 1%of criteria used for analysis P2 P3 P4 (users/payments/events) or service disruption is intermittent 14-"Service" issue isolated to one or a very small proportion of criteria used for analysis P3 P3 P4 (users/payments/events)or functionality may remain with a workaround. CAO ma abi Supporting Justride Agencies and Riders Target Response Times Detailed below are the Incident Management targets for Masabi and the Agency; all timings are calculated from the moment the support request (Agency or automated) is received by Masabi's Support function. Standard Support specific to the maintenance schedule covered in this Agreement are as follows: • Standard support: 9:00 A.M. UK to 12:00 am UK. Monday— Friday • Email address for standard support: support@masabi.com • Emails for standard support received outside of office hours will be raised in our automated ticketing system, however no action can be guaranteed until the next working day Masabi Prioritization/ Guaranteed Escalation/ Priority Acknowledgement Resolution* Categorization Response Assignment **** P1 15 Minutes 25 Minutes <60 Minutes 30 Minutes 4 Hours P2 15 Minutes 60 Minutes <4 Hours 60 Minutes 8 Hours P3 15 Minutes 24 Hours <12 Hours 1 Business Day As Defined** P4 15 Minutes 24 Hours <24 Hours 3 Business Days As Scheduled** Priority 1's raised outside of support hours by following our Critical support process will be actioned on a 24/7 basis. (*) Resolution times are defined as the maximum time in elapsed minutes from the initial support request (e.g. total time) and includes time allocated to prior stage (**) As defined by the resolution plan agreed between Masabi and the Customer. Masabi will provide a working plan for a P3 incident which provides a timeline within 5 working days of the escalation and assignment. Total resolution time is based upon a number of factors that will be negotiated in good faith with an agency e.g. assigned to a specific app release on specific future schedule, providing an alternative workaround, and prioritisation of development resources. (***)As scheduled, pending requirements and evaluation performed on a case by case basis. (****) Incident response plans (aka, corrective action plans) are determined based on the assigned priorities and severities. The assigned priority dictates the time by which Masabi will provide the Agency with the details of their planned corrective actions. For example, "Priority" (P) P1 issues are responded to within a guaranteed response of<60 minutes. GAO ma abi Supporting Justride Agencies and Riders QUICK REFERENCE PRIORITY ASSIGNMENT EXAMPLES The following is a matrix providing a quick reference to help define priority levels for the most common categories: Critical-P1 Urgent-P2 Low-P4 Resolution:4 hours Resolution: 8 hours Resolution:As Resolution:As planned Guaranteed Response : Guaranteed Defined Guaranteed Guaranteed Response : <60 mins Response Response <24hrs <4 hrs :<12 hrs Example Scenarios • Tickets cannot •Tickets cannot be • Tickets cannot • Minor be purchased or purchased or be purchased by a cosmetic issue validated for high validated for low handful of • Hub • %of customers %of customers customers dashboard has • Outage on • Hub site • Can't data errors all systems down affecting download financial • Unable to • Scanned Tickets primary CS report download not syncing on DB functions i.e. • Unable to send validation report refunds receipt • Cannot pay • Unable to view using digital wallet In- App Help (must enter card Section details) CAO • Supporting Justride Agencies and Riders tYlgSgb INCIDENT ESCALATION OVERVIEW Masabi provides an Incident Management Process that offers 24/7 coverage 365 days a year. Masabi has the primary goal of triaging, investigating, developing corrective action plans, and resolving Incidents, in accordance with stated service level agreements (SLAs). To ensure that Incidents and support requests are handled efficiently, Masabi has a Support and Incident escalation management program which quickly addresses high priority issues (P-1 P2), while also providing more generalised support ticket response management (P3-P4 and other general inquiries). RESPONSE PROCESS Any Agency support requests should be raised through the proposed channels by Agency's authorised contacts. If the incident is perceived as a P1/P2, please call the support IVR or send an email to criticalsupportmasabi.com. Receipt of this email will trigger the Incident handling and tracking mechanisms to ensure a support engineer is assigned to triage and address the support request. Similarly, when Masabi's automated monitoring systems indicate a possible system outage; this will trigger the Incident handling and tracking mechanisms to assign a support engineer, too. If the Agency has not received an acknowledgement within 15 minutes of emailing the Masabi Support email address, the Agency should call the support number listed on the Masabi Help Center. Additionally, in either case, once the Incident Priority and Category have been established, the Agency escalation contact protocol should be followed to allow the Agency to inform the affected operational departments quickly. INCIDENTS RESOLVED BY RELEASE These Incident Response Guidelines apply as much as Masabi are in control of deployment/release of the service. For example, Masabi is unable to provide guarantees for App store approvals and release times as they are in the hands of Apple and Google respectively. CAO Supporting Justride Agencies and Riders ma qbl INCIDENT TRACKING AND MONITORING For all incidents, Masabi Support will generate an Incident Tracking Number (ITN) from Zendesk (Masabi's Incident Monitoring Suite) that is assigned to the incident record, incident log entry and incident response plan. The ITN number is used for any follow-up referencing, as well as Tracking and Monitoring the status of corrective actions. The Incident Tracking and Monitoring log will be reviewed as part of the regular service review meetings. INCIDENT CLOSURE Once the Agency and Masabi have confirmed the incident has been resolved, the incident record will be closed and the status of the incident log entry will be changed to resolved/closed. Additionally, the below steps shall be followed. Please note, if the Agency has not received confirmation from Masabi Support, but Masabi has documented that incident has been resolved and service has resumed, the incident record will be closed, and the Agency will be notified: • When the incident has been resolved, the incident record will be updated, and the Agency will be notified. • Upon resolution and closure, the incident will be reviewed by the Masabi Support function. The incident will then feature within Masabi's reporting system, should the nature of the incident appear within a trend; the incident will form a record within Masabi's Problem Management Process, leading to consideration for further enhancement to the product or system. • If any downtime or system outage is encountered a full report will be provided to the Agency within 10 (ten) business days; detailing the root cause, steps taken to resolve, and measures implemented to deter a repeat occurrence. Time to develop the full Incident Report is determined by the severity of the problem and the level of investigation, if development is required, and platform wide impact. The Incident Report is the official recording of the Incident Management Process and Resolution; however, it is not the only communication during an incident timeline. During an incident, customers can expect to receive frequent updates on the cause, steps being taken in the troubleshooting process, updates on new information that may affect the outcome and standard stakeholder briefings. Masabi will work collaboratively to define the interval of communication best suited to the incident category and prioritisation. For P1 and P2 category events, Masabi will communicate updates in 30-minute intervals. OcA0 �" • Supporting Justride Agencies and Riders masabi INCIDENT MONITORING PRIORITY CLASSIFICATIONS SYSTEMS DEFINITIONS MATRIX The following is a non-exhaustive list used priority assignment which is provided for information purposes. Masabi reserves the right to modify this table. For any assignments which are not covered, please contact the Support team. This is provided for informational purposes. Masabi reserves the right to modify this table. Incident Category Core Services Support Services Minor Services Login&Access Ticket Purchase Ticket Refunds External Links User Verification with each User Verification(no guest (guest Retail(Mobile) payment method Ticket accounts) accounts)UI anomaly Retrieval&Display Ticket Purchase with Saved Ticket Activation&Validation Cards Login&Access Ticket Purchase with each User Interface Profile Retail(Web payment method Download Manage Customer Account FAQs access Portal) Ticket Purchase with Saved Download Receipts Paper Ticket Cards Account Setup Web-Mobile sync Ticket Provisioning Ticket Purchase SDK/API N/A User Interface Ticket Retrieval&Display Account Authentication Financial Reports Machine Login Management Machine Login(validation Tariff configurati Data extracts download on Hub affected) Entitlement Provisions Analytics Dashboard Availability Asset Management Access and Login Pattern Fraud Detection(If Customer Services Search included) Customer Refunds Authentication Ticket Validation Watermarking Metadata User Interface Validation Validation data sync Record and manage Barcode Preferences (Mobile) (scans/deny/block lists) Ticket Scan Records Ticket Scan Actions Authentication Ticket Validation Watermarking Validation(Fixed) Validation data sync Passback Control Metadata User Interface (scans/deny/block lists) Record and manage Barcode Gates&Spot checks Ticket Scan Records Payments (Internal) Payment Processing N/A N/A ma abi Supporting Justride Agencies and Riders Full System Outage All Services N/A N/A Email Notifications Email Zendesk AWS SQS External Services Payment Processing via PSP Receipts Uncategorized Defect Any uncategorized defect Any uncategorized defect Any uncategorized defect SYSTEM UPTIME RETAIL PRODUCT SUITE Service Monthly Uptime Percentage* Functionality critical for travel Mobile application based ticket purchase 99.95% Mobile application based ticket retrieval and display 99.95% Mobile ticket retrieval and display 99.95% Mobile ticket activation and validation 99.95% Functionality not critical for travel Hub 99.9% Financial Reports 99.9% Customer Services User Interface 99.9% VALIDATION PRODUCT SUITE Service Monthly Uptime Percentage* Ticket Validation Database(ND) Availability of Scan Record data to other applications 99.95% Record and manage Barcode Ticket Scan Records 99.95% Distribution of Deny Lists 99.95% Inspect Handheld application Barcode Validation 99.95% Sync Scan records and Deny Lists with TVD database 99.95% Gate-line, on-board and spot check mode 99.95% Functionality not critical for ticket validation Raw Data Feed from TVD 99.9% Hub 99.9% Customer Services User Interface 99.9% Validator Scan Performance CAO ma abi Supporting Justride Agencies and Riders 200,000 max scans per hour based On board validator scan through-put upon moderate load *Subject to "Planned Maintenance" and emergency maintenance. Planned Maintenance is Scheduled Downtime for the purpose of performing system maintenance, security updates, and system upgrades. From time to time, Masabi may need to schedule maintenance of the Service. Masabi will always endeavour to conduct Planned Maintenance at a time that reduces the impact on the availability of the Services. If Masabi needs to suspend the Service for Planned Maintenance, Masabi shall provide reasonable notice. Scheduled Downtime is as follows: • Between 00:00 and 01:00 GMT for the UK and EU customers • Between 09:00 and 10:00 GMT for USA customers • Between 16:00 and 17:00 GMT for Australian and Singapore customers Cq0