Skidata Global Blog

SKIDATA Blog | Protect your own and your customers’ valuable business data

Written by Thomas Doppler | Nov 17, 2022 2:48:26 PM

Data security and availability are in increasing demand these days. The risks of cyber-attacks and other digital threats grow every year, and managing those risks is becoming more and more of a priority for all of us. To protect yourself from threats as a parking operator, it is imperative that your parking management system is running the latest operating system security patches and the latest parking system application patches.

 

Q: What does PCI DSS mean?

A: It stands for “Payment Card Industry Data Security Standard” and was developed by the PCI Security Standards Council (PCI SCC) to curb fraud in online credit card payments. The PCI Security Standards Council was created by American Express, VISA, Discover, MasterCard, and JCB in 2006. PCI SCC is responsible for developing and managing the Payment Card Industry Data Security Standard (PCI DSS). This security standard was developed to encourage and enhance cardholder data security and provide consistency in data security globally.

Q: Who has to be PCI compliant?

A: All companies that process cardholder data to enable payments for goods and/or services must comply with PCI DSS. They have to sign a ‘merchant contract’ with an acquiring bank. This agreement also includes an obligation to be PCI compliant. If a car park operator accepts credit card payments on site (this means they are acting as a merchant), then they are required to be PCI DSS compliant.

The SKIDATA parking management system supports several credit card acceptance methods

  1. Real Time Authorization using Credit Card Authorization Server via magstripe (outdated)
  2. Real Time Authorization using External Terminal Hardware (EMV/PTS Chip&Pin Solutions)
  3. Real Time Authorization via External P2PE Terminal Solution (P2PE Chip&Pin Solutions)

The obligation to be PCI DSS compliant comes with several requirements. Operators have to:

  • build and maintain a secure network
  • install and maintain a firewall configuration to protect cardholder data
  • refrain from using vendor-supplied defaults for system passwords and other security parameters
  • protect stored cardholder data
  • encrypt transmission of cardholder data across open, public networks
  •  regularly monitor and test networks
  • maintain an information security policy
  • maintain a vulnerability management program


 

Q: How does SKIDATA help simplify PCI compliance?

A: SKIDATA has over 15 years of experience with PCI. We offer several solutions that help our customers minimize the effort and cost of PCI compliance. One such solution is our Point-to-Point Encryption (P2PE) offering. This solution encrypts credit card data from the point of entry until it is securely decrypted at the bank or payment service provider. As a result, the scope of PCI compliance is significantly reduced, simplifying the annual PCI assessments and reducing the operational impact for parking operators.

Q: How does P2PE make PCI compliance easier?

A: P2PE solutions significantly simplify the compliance process by reducing the scope of PCI. This means only the P2PE solution itself falls within the compliance scope, while other parts of the system no longer need to meet the full PCI requirements. This not only reduces audit requirements but also lowers associated costs and operational burdens for operators. Ultimately, PCI-compliant parking systems can be run more easily and cost-effectively.

Q: How does SKIDATA ensure its systems are always up to date?

A: SKIDATA provides Digital Software Delivery (DSD), a highly convenient way to automatically receive software updates and security patches. Much like Microsoft’s automatic updates, DSD ensures that systems remain up to date without manual intervention. This saves time and costs, while also reducing the effort required for software maintenance. The benefit for our customers is an optimized, secure system environment without the need to worry about software update management.

Q: What is the benefit for parking operators who switch to P2PE?

A: For parking operators, switching to a P2PE solution means a significant reduction in the scope of their annual PCI assessments. Additionally, there is no longer a need for specific, PCI-validated payment applications, as P2PE fully covers the security of credit card data. This leads to fewer operational disruptions and lower compliance costs overall.

 

Sounds complicated? But there is good news:

As mentioned, SKIDATA already has a long history with PCI. We have been providing validated software versions for more than 15 years since the beginning of PCI. We have validated more than 12 major versions of our parking management software in compliance with PCI PA DSS.

It is important to know that PCI SSC has now ceased the PA DSS program and replaced it with a new standard called "SSF Software Security Framework."

Even if SKIDATA is not doing official PCI SSF validations for the parking management software, we have processes and security measures in place for the development group and the whole organization to ensure top-level quality and security for our parking management software and hardware.

SKIDATA strongly recommends migrating to P2PE solutions to achieve PCI site compliance more efficiently, cost-effectively, and with fewer operational impacts. That’s why SKIDATA offers different P2PE-validated solutions for its parking management solutions.

SKIDATA is here to support you: To protect yourself from threats, it is imperative to have an up-to-date system with the latest operating system security patches and parking system application patches. With SKIDATA’s DSD (Digital Software Delivery), a service to download and install software and patches online, like what Microsoft offers with automatic updates, we provide you with high-quality software from a trusted reliable source.