Issue - meetings

Payment Card Industry Data Security Standards Compliance

Meeting: 16/09/2019 - Executive (Item 289)

289 Payment Card Industry Data Security Standards Compliance pdf icon PDF 481 KB

Recommendation on page 54

Decision:

RESOLVED  That Executive:

 

(i)   notes the contents of the report and acknowledges the potential cost implication outlined within the report;

 

(ii)    supports Option 1 as outlined in the report at paragraph 1.12 to replace the payment kiosks with like-for-like kiosks; and

 

(iii)    requests a further report on proposals for a future payment strategy.

 

Minutes:

Executive considered the report of the Portfolio Holder – Corporate Governance which informed Members of the potential cost and service implications in progressing towards Payment Card Industry Data Security Standards (PCI-DSS) compliance. It also sought Executive’s approval for necessary measures identified in order to achieve this.

 

The report set out the objectives and requirements of the PCI-DSS and the implications of a breach of compliance.

 

The Council had identified key areas that needed to be addressed in order to achieve compliance, which included the future use of the payment kiosks across the contact centres and the risks inherent within the current ‘cardholder not present’ payment processes.

 

In respect of payment kiosks in the contact centres, Executive supported the option to replace the current kiosks with like-for-like replacements.

 

The options to address ‘cardholder not present’ payment processes were outlined in the report and it was noted that further investigation was required of the feasibility of the preferred option – Civica ‘PCI Pal’ solution.

 

Members commented that the level of cash payments indicated the need for the Council to continue to provide this method of payment, however trends may evolve over time and should be monitored.

 

Moved by Councillor Duncan McGregorand seconded by Councillor Steve Fritchley

RESOLVED – That Executive:

 

(i)         notes the contents of the report and acknowledges the potential cost implication outlined within the report;

 

(ii)        supports Option 1 as outlined in the report at paragraph 1.12 to replace the payment kiosks with like-for-like kiosks; and

 

(iii)       requests a further report on proposals for a future payment strategy.

 

 

REASON FOR DECISION:

To provide a practical and economical solution to ensure Payment Card Industry Data Security Standards Compliance, whilst maintaining or enhancing the customer experience and trust in the Council when it comes to personal and sensitive data.

 

OTHER OPTIONS CONSIDERED:

The options to replace the payment kiosks with card only payments and to move to cashless operation at all Contact Centres were rejected. A further report was to be provided to present the implications and progress of driving down demand for kiosk usage and future Cardholder Not Present solutions.

(Head of Partnerships and Transformation)