Featured Stories

Other Pamplin Media Group sites


City misses deadline for credit card security reporter

Share

COURTESY PHOTO - Portland city officials have missed a Dec. 31 deadline to comply with national credit card security standards.Portland officials have missed a deadline to prove that the city meets security standards required by Visa, Mastercard and the credit card industry.

People use their credit cards to feed parking meters, take care of utility bills and pay for things like the Arts Tax more than 9 million times every year. But the city recently missed its own deadline to prove it keeps credit card information secure from hackers or thieves.

“We’re waiting just like you are,” said Director of Audit Services Drummond Kahn.

Kahn and the city auditor’s office expected to see reports by an outside security auditor by now. Their findings will shed light on whether or not the city meets basic credit card security standards, known as PCI compliance. According to city documents, Portland officials set a Dec. 31 deadline to become PCI compliant, and “work must be completed three months before the deadline so auditors will have time to audit the system.”

That would have been last September. The city auditor released a report in November 2014 showing the city was failing in all three credit payment security standard categories.

Kahn says it’s now fair to ask where these reports are. “At the same time, the folks we’ve spoken to who are experts in the payment card industry are telling us it sometimes takes merchants time to comply,” he said. “But we know that for the last 6 years the city didn’t… we understand big steps have been taken, the question is what will that report show once it’s available?”

Mayor Charlie Hales says the city is “fine” when it comes to payment security.

Christopher Paidhrin was brought in nine months ago to guide Portland’s quest for PCI compliance. Since his arrival, the city transferred the system that processes credit cards to an outside company. That means the city no longer stores customers’ credit card information, making it vulnerable to hacking attempts.

Despite the missed deadline, Paidhrin insists the city is PCI compliant. He says the deadline was simply a technicality. “The bank is aware of it, the city leadership is aware of it and our city auditors are aware of it,” Paidhrin said. “We don’t have the paperwork that says ‘yes we are’ but we have the workflow that demonstrates we’ve done all the work.”

Where does Portland stand on payment security now? Paidhrin said it is “in an excellent position.”

The city now says the outside auditor’s report won’t be available until March or April. It will then be given to the city auditor to determine whether or not it is safe to use credit cards when doing business with the city.

If Portland passes, it will join 97 percent of similar merchants which already comply with PCI standards.

KOIN 6 News is a Pamplin Media Group news partner.