The theft of credit and debit card data from Target stores
during the Christmas shopping season is a reminder of the necessity for
merchants to incorporate rigorous safeguards into their payment acceptance environment.
The City of Decatur and any other government entities that
accept credit card payments qualify as “merchants” under payment card industry
(PCI) standards.
Decatur handles over 10,000 credit card transactions representing over
$1 million annually across different departments and facilities. Although this is a tiny volume of
transactions compared to big chain stores like Target, and although we do not
use point-of-sale devices such as those suspected
in the Target breach (keypads with magnetic stripe readers and digital
signature pads), the City is not immunized from the risk of breaches.
We have been working over the past several months on
enhancing protections of credit card data for our taxpayers and other paying customers, and have begun receiving vulnerability scans on a monthly basis.
Funds were approved in Decatur’s FY13-14 budget to have a formal PCI gap analysis conducted by a an approved scanning vendor, and we are close to entering an agreement for the service. This analysis would be performed under new, more comprehensive payment card standards (PCI-DSS 3.0) standards that go into effect tomorrow.