City of Portland Taking Steps to Meet Data Security Standards
Portland, OR – As part of a continuing Citywide process to protect customer information and to become compliant with Payment Card Industry and Data Security Standards (PCI/DSS), the City of Portland will be making changes to the way some of its payments are accepted and processed. Most of the these changes are to back-office processes that won’t affect how customers pay for services through bureaus such as Parks, Water, Transportation and Development Services. But some changes will limit options for accepting payments until the process can be fully compliant with the standards.
There has been no breach to the City’s payment gateways and no cardholder data has been compromised.
“Our system has been secure and our goal is to maintain the highest standards of security for the City and our community members,” said Fred Miller, Chief Administrative Officer. “We have been working very hard and these changes will ensure even greater security for our customers.”
The City is viewed as one merchant for meeting payment card standards so all City bureaus are working to achieve full compliance together.
As part of this ongoing effort, the payment gateway for services through City bureaus such as Parks, BDS, and payments for SmartPark garages will be migrated to NIC, the City’s new hosted, third-party gateway vendor, beginning September 30, 2015.
The City has also temporarily suspended its AutoPay process. Going forward, customers who currently pay by AutoPay will have the option to make payments through their financial institution, online, in person, or on the phone. The City is pursuing a compliant solution to replace the current AutoPay system next year.
The changes were announced in a memo to elected officials and City bureau directors on September 22. The City is working on meeting the current PCI/DSS standards and will work to maintain compliance as new standards are released. A copy of the memo is attached.