Station retailer

Published May 7th, 2015 | News

Merseyrail’s Payment Security Standard

Passengers can now be even more confident that the financial details they use when buying tickets and passes by card are in good hands, as the Liverpool city region-based train operator becomes fully compliant with the payment card industry-data security standard (PCI DSS). Merseyrail is the first rail company to achieve this milestone.

PCI DSS is a proprietary information security standard for organisations that handle branded credit and debit cards from major card schemes. It ensures that customers’ financial information is processed and transmitted in a much safer and secure manner, significantly reducing the risk of data theft by fraudsters. Under this initiative, Merseyrail will no longer store customer credit or debit card details.

To meet the standard, ticketing systems and chip and PIN units have been upgraded and staff have received training to ensure that the relevant security processes and procedures are carried out across the network. Two employees have also been trained as internal assessors to secure and maintain compliance.

Alan Chaplin, interim managing director at Merseyrail, commented: “We are determined to embrace advances in technology and this is an example of us acting as a trail-blazer within our industry for the ultimate benefit of customers.”

PCI DSS was rolled out a few weeks ago. In 2013, Merseyrail was the first rail operator in the country to introduce contactless payment for transactions of £20 and under.

Back to Top ↑