Motorcycle Parking - PCI Compliance

Response to this request is long overdue. By law, under all circumstances, Westminster City Council should have responded by now (details). You can complain by requesting an internal review.

Warren Djanogly

Dear Sir or Madam,

Background - When one first "pays-by-mobile-phone", the card-holders detail's would appear to be stored alongside vehicle details as part of what Verrus UK Ltd describe as REGISTRATION, so that when payment is attempted on future occasions, Verrus UK Ltd's computer system needs only the vehicle registration to flag up the card details.

Can you please answer the following:-

1) Which Company or Authority is deemed to be "storing" this data?

2) If it is an external body, can you supply full details of the NDA that is in place to avoid information leakages?

3) Exactly at what location the information is stored and on what system?

4) Please provide full details of all security measures in operation to ensure the card details are kept safe?

5) Please confirm that, if call-centre staff have access to these details "on-screen", that they have been Police vetted

Background - I am informed that, as of 1st June 2009, all card transactions identified as being "card-not-present" will need the CVV2 (Card Verification Value) in an unencrypted (plain text) format, and that, according to PCI-DCC standards, nobody is allowed to retain this information.

Can you please answer the following:-

6) As a Merchant taking card transactions, Westminster City Council needs to be PCI Compliant. Can you supply the name of the Company that conducted the PCI Assessment Screening, and the exact date(s) this was done?

7) Can Westminster City Council guarantee that, for each & every advertised methods of payment where a card is used, the CVV2 is stored absolutely nowhere once the transaction has taken place ?

8) If yes, please list the measures in place guaranteeing this?

9) Can you forward a copy of Westminster City Council's PCI-DSS Compliance Certificate, and indicate where on your website it is published?

Yours faithfully,

Warren Djanogly
Chairman, NTBPT Campaign

Westminster City Council

Confirmation of Freedom Of Information Request

Thank you for your request for information.

Your request details have now been recorded and will be passed on to the
appropriate Divisional Records Officer for action.

This Freedom Of Information Request was based on the following
information:

Name: Warren Djanogly
Address: see email address
Email: [FOI #12835 email]
Telephone:
Request Details: Background - When one first "pays-by-mobile-phone", the
card-holders detail's would appear to be stored alongside vehicle
details as part of what Verrus UK Ltd describe as REGISTRATION, so that
when payment is attempted on future occasions, Verrus UK Ltd's computer
system needs only the vehicle registration to flag up the card details.

Can you please answer the following:-

1) Which Company or Authority is deemed to be "storing" this data?
2) If it is an external body, can you supply full details of the NDA that
is in place to avoid information leakages?
3) Exactly at what location the information is stored and on what system?
4) Please provide full details of all security measures in operation to
ensure the card details are kept safe?
5) Please confirm that, if call-centre staff have access to these details
"on-screen", that they have been Police vetted

Background - I am informed that, as of 1st June 2009, all card
transactions identified as being "card-not-present" will need the CVV2
(Card Verification Value) in an unencrypted (plain text) format, and that,
according to PCI-DCC standards, nobody is allowed to retain this
information.

Can you please answer the following:-

6) As a Merchant taking card transactions, Westminster City Council needs
to be PCI Compliant. Can you supply the name of the Company that conducted
the PCI Assessment Screening, and the exact date(s) this was done?
7) Can Westminster City Council guarantee that, for each & every
advertised methods of payment where a card is used, the CVV2 is stored
absolutely nowhere once the transaction has taken place ?
8) If yes, please list the measures in place guaranteeing this?
9) Can you forward a copy of Westminster City Council's PCI-DSS Compliance
Certificate, and indicate where on your website it is published?

FOI Reference Number: 3892
Target Completion Date: 02/07/2009

Please do not reply to this email.
This is an automatic response to your request, and replies to this message
will not be actioned.

If you need to contact Westminster City Council regarding your request,
please contact:

mailto:[Westminster City Council request email]
Tel:020 7641 3921

show quoted sections

Dr Trustme left an annotation ()

Did this ever get answered?

Mr Thomas left an annotation ()

This has never been answered!!!!!!!