MTS urged to issue new cards amid security concerns

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

SAN DIEGO — The San Diego City Council’s representatives on the Metropolitan Transit System Board of Directors called Tuesday on the agency to issue new payment cards that include advanced consumer safeguards.

Known as “compass cards,” the fare collection system allows trolley passengers to make faster payments at transit stations. Riders tap the cards on a scanner before boarding.

An investigation by KPBS reporter Andrew Bowen showed the security issues with the Compass Cards and prompted Circulate San Diego and the Council Members David Alvarez and Lorie Zapf to act.  KPBS pointed out that whether used online or at ticket machines the cards put consumers at risk.

The KPBS report revealed that the cards don’t meet payment card industry data security standards, leaving passengers vulnerable to credit card fraud.

“From the multitude of students riding to school, to those who go to work, professionals who are traveling, and even tourists who come to our city — placing them at risk is unacceptable and needs to be remedied as soon as possible,” said Councilman David Alvarez. “MTS should immediately upgrade its payment processing system.”

Technology used by public agencies needs to be the best and safest possible, Alvarez told reporters.

Councilwoman Lorie Zapf called for new cards that also include “stored value,” which passengers can fund with a certain amount of money and draw down as they take rides.

“These stored value cards are already being used in almost every major transit system in the United States,” Zapf said. “It is really important to encourage safe, reliable and functional compass cards that don’t just have a few options.”

Compass cards are used for monthly and day passes, but aren’t convenient for those who ride only occasionally, such as to sports events.

Alvarez and Zapf sent a letter to agency CEO Paul Jablonski last week asking for an update on the issue at the board’s next meeting, scheduled for March 17.

MTS spokesman Rob Schupp told City News Service that staff is already working on the problem.

“We have made significant progress already, well in advance of this news conference,” Schupp said. “MTS continues to invest in its fare collection system to address PCI compliance, stored value and other major enhancements.”

The data security standards, known as PCI DSS, are a set of rules and best practices developed by credit card companies to prevent fraud, and include encrypting cardholder data, maintaining firewalls and testing security systems.

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.