https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
    • Latest videos
    • Product Guides
  • Resources & Events
    • Back
    • Resources
    • Webinars
    • White Papers
    • IWCE 2022
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
    • Latest videos
    • Product Guides
  • Resources/Events
    • Back
    • Webinars
    • White Papers/eBooks
    • IWCE Expo
    • Calendar of Events
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
  • Magazine
acc.com

Commentaries


Commentary

Ensuring customer data security

Ensuring customer data security

Mukesh Patel speaks on data security in municipal transactions
  • Written by contributor
  • 6th November 2013

By Mukesh Patel

Every municipal agency that accepts mobile credit card payments must adhere to the Payment Card Industry Data Security Standards Council’s 2.0 guidelines, released in October 2010. However, because it is easy for day-to-day demands to shift agencies’ focus to the issue of the moment, customer data security sometimes gets scant attention.

PCI compliance is critical to performing transactions securely. Credit card brands can impose fines, penalties and other costs if non-compliant agencies experience a data breach. Fines vary by card brand, but Visa and MasterCard are permitted to impose fines of $500,000 or more per event for any service provider that is not compliant at the time of a compromise.

Hackers’ targets aren’t limited to big banks or major online retailers. City and county governments – even smaller ones – are equally vulnerable. There are people who earn a living trolling for systems that have poor architecture or haven’t been sufficiently hardened. Their goal is to find vulnerable sites where they can slip in and steal private data, regardless of the organization’s size.

Local and municipal governments can take five key steps to minimize the risk of a security breach:

Encrypting Is Key. Some payment processing systems authorize and “batch” transactions on a server until day’s end, when the batch is cleared for transmission to the merchant service provider for settlement. Ideally, government agencies should process transactions for settlement in real time and never store card information anywhere on the system or network. At a minimum, batched transactions should be encrypted and isolated from the rest of the network to prevent leaving them open to unauthorized disclosure.

Take an Enterprise Approach. Governments often leave individual agencies the flexibility to contract with payment providers, risking that some will choose providers that aren’t appropriately secure. To avoid a fragmented, agency-by-agency approach to security, governments should take an enterprise approach. A single provider can implement security best practices across all departments.

Clean Out the Log. Developers who write test logs often use lines of code that are required to capture credit card data. Later, when the system or application moves from test into production, the developer must remove that code configuration to prevent the application from continuing to write credit card numbers to the log files, where it would be unprotected. To adhere with PCI standards, conduct proper quality assurance and documented tests that a) specifically look at logging levels and content before moving to production and b) validate after code is moved to production.

Control for Safety. Beyond log files, placing adequate controls around e-commerce applications can limit your exposure to cyber crimes. For example, consider creating a common checkout module that has been tested and scanned. All developers then should use this standard set of checkout pages. This step restricts developers from making code modifications that would introduce non-PCI-compliant checkout screens into the online transaction process.

Yes, This Applies to You. A surprising number of local governments don’t realize that they have to complete PCI Self-Assessment Questionnaires, which help demonstrate their PCI compliance. In general, if you store, process, or transmit cardholder data, you must meet PCI requirements, which vary by provider. Local governments with more than 6 million annual Visa transactions, for example, are required to conduct annual on-site reviews. A government with fewer than 6 million annual Visa transactions must complete a Self-Assessment Questionnaire and have a quarterly network scan performed by an Approved Scanning Vendor.

Your merchant services provider should be your partner in making sure your e-commerce system is PCI compliant. If your processor hasn’t raised questions about how you’re securing data or whether you’re adhering to the PCI requirements, consider it a red flag.

As President of NIC Services, a wholly-owned subsidiary of NIC, Mukesh Patel is responsible for NIC’s payment processing and financial management platforms. He speaks on payment processing best practices and trends in eGovernment services.

Tags: Smart Cities & Technology Commentaries Commentary

Most Recent


  • artificial intelligence
    Artificial intelligence for cities and counties
    It appears that artificial intelligence (AI) is everything, everywhere and in every product the vendor community would have us buy. However, despite the hype, few dismiss it as just another high-tech fad. Indeed, some believe it is the third (or fourth) wave, depending on how one is counting in the ever-evolving digital age. As early […]
  • dashboards
    Dashboards and software help simplify financial funding and reporting for cities and counties
    Governments are streamlining management of federal funds through technology, says Mike Bell, CEO of Envisio, which provides public dashboards, analytics and performance management software. About 150 local government, education and nonprofit organizations use his firm’s solutions to manage their strategic plans, improve performance and report on results. Envisio is helping local government agencies to satisfy […]
  • traffic
    Reimagining how cities can leverage holistic platforms for urban mobility solutions
    When it comes to designing transit and transportation solutions that reduce traffic congestion and improve on-time arrival rates, we seem to have a problem. It seems we are focused on all the wrong things. It’s not all about building a better vehicle, or the technology that is used inside the vehicle. And it’s not about […]
  • data
    Data: Your most overlooked asset
    If asked to think of a community’s most important assets, many would likely start by naming road networks, bridges, buildings, or possibly even transit and sanitary systems. But would data ever come to mind? As the foundation of everything, data is a vital asset—especially for public sector organizations. In order to have confidence in the […]

Related Content

  • North Texas alliance partners with Marketplace.city on smart government solutions
  • Harris County deploys next-generation security in 150 public buildings
  • Prioritizing rapid restore leads to stronger ransomware attack recovery
  • Today’s infrastructure needs greater than roads and bridges - It’s time to face our digital connectiveness

WHITE PAPERS


7 Resources to Level-up Your Federal Grants Administration and Compliance

5th September 2023

Elevator Phone Line Replacement Strategy | A Guide to Reliable, Code-Compliant Solutions

29th August 2023

2023 State of Public Sourcing Report: The Bright Future of Public Procurement

23rd August 2023
view all

Webinars


Grant Preparedness: Unlocking Funding Opportunities for Your Success

10th August 2023

2023 State of Public Sourcing: Taking Local Governments into a Bright Future

1st August 2023

Stop Playing with Fire: How to Manage Infrastructure Asset Risk So You Know You’re Covered

20th June 2023
view all

Podcast


Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020

Young Leaders Episode 2 – Christian Williams – Development Services Planner, Goodyear, Ariz.

1st July 2020
view all

GALLERIES


10 Safest Cities from Natural Disasters

29th September 2023

Gallery: Hottest temperatures recorded in American cities during July

12th September 2023

The top 10 Asthma Capitals for 2023

7th September 2023
view all

Twitter


Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.