It almost goes without saying: Data and transaction security is of the utmost importance in transit fare collection. That’s why it’s critical to ensure your fare collection partner is equipped and up to date with comprehensive security protocols to protect the volumes of sensitive data collected during fare collection.
“Identifiable data that comes from transit processes, like credit card information and rider routes, need to be handled with care to ensure that privacy, as well as financial security, is not compromised,” says Kuldeep Shinde, technical architect at Genfare. “Therefore, the fare collection security systems collecting and managing this data need to be bulletproof.”
Security components: What’s important?
Data and transaction security can be grouped into three features — all must-haves for your fare collection solution to ensure the safety and reputation of your system.
PCI certification
Ensuring that your transit agency’s payment processing solution is built on a secure foundation is essential. Prioritizing PCI (Payment Card Industry) certification when choosing a fare collection partner ensures that it strictly follows data security standards for safe payment handling.
PCI certification is considered the highest industry standard of security. It outlines essential criteria for organizations that process credit card payments and demands they remain compliant with these standards to keep payments safe.
For example, PCI mandates that organizations stay up to date with antivirus software, outlines specific policies on data storage and destruction, and requires that payment data is only available to those who have specific privileges. It asks that organizations recertify each year and regularly audit their systems to maintain compliance.
“The larger the business, the more compliance rules that an organization will need to follow; in other words, the more transaction data a business handles, the more stringent rules are applied by PCI,” says Kuldeep.
Another benefit of choosing a partner whose offerings are already PCI certified is that implementation of your fare collection system can happen faster. Transit agencies seeking to process payments directly with the bank they use could have to wait a year or more to get PCI certified before they can get the system up and running. GenPay can be implemented in just weeks because it is already certified.
GenPay – Genfare’s payment processing system — is Level 3 PCI certified, built to withstand attempted cyberattacks and avoid disruption.
“When businesses undertake the arduous process of becoming PCI certified, it shows their commitment to customer privacy,” says Kuldeep. “Payment security is one less thing you’ll have to worry about if you choose a partner who already has the industry-approved PCI certification in place. Having the PCI designation is the hallmark of a payment data-secure organization, and it should be the framework on which your fare collection solution is built.”
Data encryption + tokenization
You’ll also need to make sure that your fare collection partner’s system is equipped with deliberate methods to preserve privacy and anonymity of data. Fare collection systems gather all sorts of data from riders, including personal and financial information, so there is a responsibility to make sure this data is managed responsibly.
At a minimum, ensure your partner has all the necessary mechanisms in place for rider data protection, including data encryption. Data encryption is a method that secures data by ‘scrambling’ its contents, where only the recipient can decode information from the sender.
Genfare Link uses end-to-end data encryption, so only the banking institution and fare collection partner can access this sensitive information.
When a rider taps their card on a Fast Fare® farebox or Open Link Validator to pay their fare, Genfare Link passes the encrypted transaction directly to the payment gateway to prevent exposure of this payment information.
Data encryption goes hand in hand with data tokenization, which protects data by assigning it a unique, anonymous token that cannot be identified by anyone other than the merchant.
“If a rider has added their credit card to your Mobile Link transit app for recurring payments, and your payments are processed by GenPay, this information will be tokenized and therefore secure,” says Kuldeep. “This process adds another layer of security to further insulate sensitive data.”
Genfare also maintains additional security controls, including SOC II certification, and adheres to ISO 27001. In addition, its products are encrypted both at rest and in transit, so you can stay assured that your transit experience is secure no matter where riders are in their journeys.
Secure data storage
You’ll want to make sure that your fare collection partner has the procedures in place and means to safely store the data that your agency gathers, and that it is built on a secure cloud system.
Genfare Link is built on Amazon Web Services (AWS), the premier global cloud infrastructure. AWS utilizes security features like access control and security monitoring to ensure your organization can prevent data threats proactively.
“Genfare minimizes risk by storing only the most essential information to help your transit agency create reports and analyze factors important to improving the transit experience. It does not store sensitive payment information,” says Kuldeep.
AWS further protects this data by having data warehouses equipped with data redundancy stored across multiple locations. AWS also backs up data in real time to prevent against data loss and minimize downtime should one data warehouse falter.
Your fare collection partner should practice responsible data storage to safeguard against potential exposure, so ensure that its systems are built with comprehensive storage methods to avoid the possibility of a compromise.
What happens if your fare collection system isn’t secure?
Unwelcome as they are, data breaches do happen and can threaten your agency. There’s the major — and scary — risk of exposing your customer data and having financial information leaked. This could lead to reduced trust in your transit agency and decreased ridership, along with the possibility of revenue loss from breached fare collection.
Hackers who get into an unsecured system can also shut down the system entirely, resulting in major disruption to your operations. Additionally, encountering security issues may oblige your organization to undergo further measures and audits to become secure once again, which could set back progress your agency is making in the transit experience.
That’s why it’s important to lean on a reliable fare collection partner who is as airtight as possible, one who has thoroughly thought through security measures and enacted the necessary protocols to protect you and your riders. You’ll want to be meticulous about which partner you choose and ensure that they check off each of the key security criteria to insulate your organization in case of attacks.
In conclusion
It’s important that your fare collection solution has numerous, interconnected ways to protect your data and therefore, your riders. It must have key structural mechanisms in place to keep your systems secure and to protect from vulnerabilities.
Working with a fare collection partner who already has robust, compliant security infrastructure in place will allow your agency to move faster and focus on other parts of the transit experience. Knowing security is already taken care not only gives your agency peace of mind, it signals to your riders that you guarantee security for their personal data, helping turn them into loyal riders.
Genfare ensures security of data across its product suite especially its software platform, Genfare Link. Learn more about Genfare’s security measures and how Genfare can protect you and your riders.
