Questions abound when choosing an open payment system for a public transit organization. After all, you have to be certain you are selecting the best system — otherwise you’re faced with wasted time and money spent on an inadequate and often non-compliant system. Moreover, your new open payment system could put your customers’ data in jeopardy, which will cripple your entire public transit agency.
So where do you start?
Begin with finding an open payment system that is PCI certified. This is the gold seal of approval you are looking for to ensure your riders’ data will be protected.
PCI Certified Overview
What exactly is PCI Certified? PCI security standards are designed by the Payment Card Industry Security Standards Council. The goal of PCI certification is to ensure cardholder data is safe and secured. The PCI security standards include several categories:
- PCI DSS (Data Security Standard) that is required for businesses that process or accept payment cards
- PCI PTS (PIN Transaction Security Requirements) applies to any business that uses a personal identification number for processing payment card transactions
- PA-DSS (Payment Application Data Security Standard) is for any entity that stores, processes or utilizes customer data
For your open payment system you must have each of these aspects in place to protect your riders’ personal information. Failure to comply with PCI standards will lead to hefty fines by your banking institution. Even more damaging is the fact that your riders will be aware that your transit system isn’t taking proper precautions to protect their personal information. The backlash of this happening can devastate the public’s trust in a city’s public transit system, leading to loss of use, as well as local, state and federal funding.
As big data is becoming increasingly vital for organizations to understand their consumer pool, it’s imperative that you protect customer data. More importantly, an open payment system is dead in the water if the payment system is not set up to be PCI certified. If you want to succeed with an open payment system move forward with the following steps to meet PCI certification.
How to Achieve PCI Certification
The first step is to identify the main goals for compliance as determined by the PCI Security Standards Council. These include:
- Have a secure payment network that includes proper firewall configuration and secure passwords.
- Protect your riders’ data. This involves choosing a PCI certified hosting provider that can properly encrypt cardholder data in public networks. Part of this involves never storing PIN numbers or card validation codes even if the authorization data is encrypted.
- Implement a system that monitors for vulnerabilities and protects against viruses.
- Place protective restrictions around registered cardholders’ data. These can include assigning each user a unique ID or restricting access to data.
- Monitor access to cardholder data, as well as network access. This will give you a starting point for identifying any breaches in security.
- Test your open payment system regularly to ensure data is secured at all times. This includes a regular evaluation of the system to identify weak areas that need updating or redesigning.
These are just a few of the compliance requirements of a PCI certified system. To remain up to date with your system you need to choose a reliable provider.
Choosing a PCI Certified Open Payment System
The first step is finding a provider that is PCI certified. This will ensure you are dealing with a reputable host that will protect your public transit system from being non-compliant. A PCI certified provider will also keep up with the latest issues and PCI SSC requirements. You are assured your organization is going to be compliant, while also reducing any possible risk of data breaches among your riders.
Learn more about how to choose the right open payment system, while sorting through the myths surrounding this innovative approach to public transit payments. To help you get started, check out “The Myths of Open Payment Fare Collection—Debunked!” to get to the truth of the matter. Discover why it’s a myth that all systems are PCI certified, along with other falsehoods about the open payment system approach.
About the Author
Vice President for Fare Collection, Public Transit North AmericaMore Content by Sanford Weinberg