PCI DSS. How kentkart ensures the security of electronic payments

PCI DSS

The development of payment technologies and an increasing number of credit card transactions have pushed companies to enhance the security of payments and prevent fraud on any level. Public transport is not an exception. Thanks to Account-based Ticketing and its multiple media acceptance, kentkart processes more than 100 million credit card payments yearly. As an intelligent transportation systems provider, we value security and trust so all passengers can enjoy seamless traveling experience without worrying about the safety of their accounts and money. And here is where PCI DSS comes into play.

PCI DSS stands for Payment Card Industry Data Security Standard and it is there to safeguard all sensitive card information. kentkart is among the pioneers of public transport to get PCI DSS Level 1 Compliance. It is the highest and the strictest level. It requires successful on-site internal and external security screenings performed annually by an authorized independent audit institution.

What is PCI DSS?

PCI DSS is an information security standard used since 2004 to create a safer environment for organizations that work in the electronic payment sector and store, process, or transfer cardholder data. The standard protects cardholder data, ensures constant improvement of security, and prevents any kind of fraud. PCI DSS is a joint effort of the biggest financial services corporations like Visa, Discover, MasterCard, American Express, and JCB.

PCI DSS is important because it:

  1. Safeguards all sensitive card and personal information.
  2. Enhances payment security and prevents fraud at all levels.
  3. Guarantees that the security needs of each company in the payments industry remain up-to-date.
  4. Promotes constant improvement of standards, which is crucial to protect payment data.

What are the main requirements?

  1. Protection and encryption of sensitive information (like card number, its expiry date, or CVV/CVC code).
  2. Secure and maintained network.
  3. Constant network monitoring and regular security tests.
  4. Frequently updated anti-virus software and anti-malware solutions.
  5. Formal information security policy.
  6. Restricted and controlled access to system information and operations