Digitizing parking: how secure are customers’ telephone payments?


Any business that accepts credit or debit card payments is very aware of data security and compliance – as well as the potential financial and repetitional ramifications should a data breach occur.

Parking lot operators are under pressure to make sure data security policies and technologies are in place to protect consumer credit card data, no matter how the data is captured.

Of course, with car parking going digital and less cash or pre-payment meters now in parking lots, the way in which customer data is being handled should be continually reviewed.

Although it seems simple to use an app or automated payment phone line to the more tech savvy of us, for those who are unfamiliar with mobile technology or don’t trust making payments over the phone, it could act as a deterrent. So it is important for drivers to be offered a choice of how they pay to park.

Providers such as Mobon, PayByPhone, Dash and RingGo are all offering specialized services for customers that don’t carry cash with them. Although some offer the ability to pay using a debit card in a machine, others do not allow payment at a terminal and therefore, customers are instead required to download a phone app, pay online using a web browser or make a phone call in order to pay.

Therefore, ensuring customers’ payment processes are secure, systems are robust and reassuring users that it is safe to provide debit card information over the phone can have a significant positive impact on safeguarding revenues.

“If the call center staff have to process a parking transaction, security – and data security compliance – become a real concern,” says Dominic Newman, channel sales director at PCI Pal.

For example:

  • What method must the customer use to input their card data – telephone keypad, or do they need to speak the digits out loud over the phone?
  • Does the operator have access to the card information being inputted? If so, how can the customer be assured they are not going to use it elsewhere?
  • Can anyone intercept the phone call and breach customer data?
  • Is this payment data stored anywhere on the parking lot operator’s servers?
  • How secure is this data storage?

In the automated car parking payments industry, other sensitive information, such as the car registration and parking lot location pose a risk too. If a criminal is able to intercept the call, they will know exactly where the car is located and how long it’s likely to be there for, based on the parking session duration.


“Just like any other phone payment process, the data must be collected and stored securely to comply with PCI DSS and GDPR rules,” Newman explains. “Another option therefore is that the company de-scopes from PCI DSS, removing the sensitive cardholder data from the contact center when it comes to completing a transaction. Although the customer can speak to the operative, continuously throughout the interaction, the card details are instead provided using their telephone keypad. The dual tone multi frequency (DTMF) tones are masked so contact center staff do not know what the customer is typing in and the transaction details are sent directly to the merchant for secure processing.”

Importantly, when conducting payment transactions in this way, the data is never stored on a server – it is sent directly to the payment processor, making it a hugely effective option for businesses that don’t want the extra regulatory responsibility of storing customers’ sensitive data in-house.

Although some parking lot users may be a little hesitant to use cashless payments due to security reservations, it is crucial for parking operators to be as transparent as possible and do enough to reassure customers that their data and payment information will remain safe. Compliance to PCI standards demonstrates rigor in this regard.

Click hereto find out more about PCI Pal.

Share this story:

About Author