City misses deadline for credit card security reporter
Portland officials have missed a deadline to prove that the city meets security standards required by Visa, Mastercard and the credit card industry.
People use their credit cards to feed parking meters, take care of utility bills and pay for things like the Arts Tax more than 9 million times every year. But the city recently missed its own deadline to prove it keeps credit card information secure from hackers or thieves.
Were waiting just like you are, said Director of Audit Services Drummond Kahn.
Kahn and the city auditors office expected to see reports by an outside security auditor by now. Their findings will shed light on whether or not the city meets basic credit card security standards, known as PCI compliance. According to city documents, Portland officials set a Dec. 31 deadline to become PCI compliant, and work must be completed three months before the deadline so auditors will have time to audit the system.
That would have been last September. The city auditor released a report in November 2014 showing the city was failing in all three credit payment security standard categories.
Kahn says its now fair to ask where these reports are. At the same time, the folks weve spoken to who are experts in the payment card industry are telling us it sometimes takes merchants time to comply, he said. But we know that for the last 6 years the city didnt we understand big steps have been taken, the question is what will that report show once its available?
Mayor Charlie Hales says the city is fine when it comes to payment security.
Christopher Paidhrin was brought in nine months ago to guide Portlands quest for PCI compliance. Since his arrival, the city transferred the system that processes credit cards to an outside company. That means the city no longer stores customers credit card information, making it vulnerable to hacking attempts.
Despite the missed deadline, Paidhrin insists the city is PCI compliant. He says the deadline was simply a technicality. The bank is aware of it, the city leadership is aware of it and our city auditors are aware of it, Paidhrin said. We dont have the paperwork that says yes we are but we have the workflow that demonstrates weve done all the work.
Where does Portland stand on payment security now? Paidhrin said it is in an excellent position.
The city now says the outside auditors report wont be available until March or April. It will then be given to the city auditor to determine whether or not it is safe to use credit cards when doing business with the city.
If Portland passes, it will join 97 percent of similar merchants which already comply with PCI standards.
KOIN 6 News is a Pamplin Media Group news partner.