The highest level of security in public transport

4 december 2019

The Mint of Poland has been certified with PCI Data Security Standard (PCI DSS), Merchant Level 1. This document confirms compliance with the restrictive requirements set by international payment organizations in terms of processing cardholder data.

A certified entity guarantees that our data will be used only to carry out a specific transaction in the public transport payment process. Guidance for maintaining payment security is provided in PCI security standards, which set the technical and operational requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.

PCI DSS certification means that all data connected with a bank card, including cardholder’s data and PIN, are stored, processed or transmitted according to the highest standards of data protection. Thus, public transport users and city authorities are certain that the entity providing the new conveniences of public transport system guarantees the maximum level of security, says Adrian Frąckiewicz, Head of Implementation of Electronic Payments Projects at the Mint of Poland.

The certificate has been issued for the period from 25th November 2019 to 24th November 2020 and will be subject to validation afterward.

Cardholder data is processed not only in the ticket machine or in the validating machine. Such a process also occurs when the travel card is read by the handheld ticket machine used by the conductor. In the process of tokenization, our travel card becomes the identifier necessary to confirm the validity of the purchased "ticket" stored in the central IT system. In every situation our customers can be sure that their data is stored, processed and transmitted in accordance with strict standards set by the international payment organizations Visa and MasterCard, says Jacek Sieński, Head of the Sales of the Electronic Payments Department at the Mint of Poland.