PCI Compliance: Is the Spark Plug Connected to the Steering Wheel?

My wife recently bought a new a car. We traded in a “well-loved,” 10-year-old Honda Pilot for a brand-new GMC Yukon. She loves her new car, but we both hated the car buying process. From the haggling over price, to the hours of sitting at the dealer waiting to sign all the paperwork, it’s just not a fun way to spend a Saturday. But you know what would make the process even worse? What if the dealer, instead of driving a shiny new car out front for us with keys in-hand, just handed us a giant box of parts, which we then had to take home and put the car together ourselves? I consider myself somewhat handy, however, I know my limitations. I am not capable of building a car in my garage. And I don’t think there is a YouTube video long enough to walk me through that project.

Now, this may sound like a ridiculous concept. Not only is it not possible, but who in their right mind would buy a high-end car, only to have to do all the work to make it drivable? Why wouldn’t you leave it to the experts to assemble the car for you, so all you need to do is buckle up and step on the gas?

As silly as it sounds, many companies are putting themselves in a similar situation when it comes to PCI compliance. PCI, or Payment Card Industry compliance, is the set of security standards by which all companies that process and manage credit card payments (including parking facilities) must adhere to in order to be authorized to accept credit card transactions.

Just look at companies like Target, Home Depot, and Kmart. They have all felt the sting of credit card information data breaches that cost Millions of dollars in penalties and significant damage to their brand. So, what are the ways to become secure and compliant, and ensure this doesn’t happen to you?

There are two primary paths to PCI compliance. One way you must “build the car yourself,” and the other path the experts take care of it for you.

  • The first method is PA DSS (Payment Application Data Security Standard) certification. This means that a system can achieve PCI compliance if you follow the hundreds of guidelines and on-going maintenance that is required by PCI. This type of system is hosted on-site and it is the parking provider’s responsibility to ensure the system is maintained properly to achieve PA DSS compliance. Simply put, the burden lies on the parking operator to maintain compliance. That burden includes dozens of tasks within the PCI guidelines, as well as documenting your process to do those tasks and confirming in documentation they have been completed. Finally, you must audit your system. This is an annual certification, meaning every 365 days this process begins again. This is no small task.
  • A PCI DSS Level 1 Service Provider, such as FlashParking, takes the worry and most of the burden of maintaining compliance off the operator’s shoulders and handles the responsibility for you. This reduces your PCI responsibility significantly, from dozens of tasks to only a handful, and allows you to focus on what you do best – driving revenue and exceptional service for your customer and guests – while the provider does the heavy lifting.
    So, what would you prefer?

PCI Compliance is one of the most critical elements of parking management to get right, but unfortunately it is also one of the least understood elements. Parking operators must constantly juggle the priorities of driving revenue for customers, while providing the best experience for parking guests. And without maintaining payment card industry compliance, you will be able to do neither. So, be smart about it. Find a vendor who will ensure you get it right, and allow you to focus on driving your business forward. Because after all, do you want your vendor to hand you the keys to a shiny PCI complaint operation, or would you rather have them hand you a big box of compliance parts and send you on your way to build your compliant operations in your garage?