Solvinity awarded PCI DSS certification for successor to OV-chipcard
Translink check-in infrastructure ready for use in OV-pay program
Amsterdam, 6 july 2021 – Solvinity has achieved PCI DSS certification for the new OVpay environment, Translink‘s generic back-office system. This means the environment is certified to process payment data from the successor to the existing OV-chipcard, which is expected to be phased out in 2023.
PCI DSS certification is a prerequisite for transmitting, processing or storing PIN or credit card data. The high-security standard has been drawn up by a consortium of banks and credit card companies to protect this sensitive data. Unlike other compliance standards, PCI DSS certification is issued for specific environments – in this case, Translink’s OVpay environment.
Recently we passed passed an SOC 1 and SOC 2 report with flying colours as well, for not only the private cloud but also the Azure public cloud, a first in the Netherlands. “Thanks to our ISO standards and SOC audits, the basis for PCI DSS had already been laid for a large part of our environment,” says Martin Maas, Manager Data Privacy & Compliance at Solvinity. “Involving the auditor from the design phase enabled us to go through the audit process quickly and efficiently.”
Translink has been working on new, customer-focused payment methods for public transport for some time. These include checking in with payment cards that comply with the EMV standard (the international payment method used by Europay, Mastercard and Visa) and smartphones. In the case of the OV chipcard, loading occurs in an environment separate from the check-in infrastructure. But with these new methods, payment data is processed during the check-in process. That’s why this environment now also requires PCI DSS certification.
We regards this certification as the first of many. “The PCI DSS certification for the Translink environment demonstrates that we can also be compliant in the basic area of payment processing,” says Maas. “Our employees are now familiar with the tricks of the trade and know exactly what they need to take account of in keeping our customers’ systems secure. This means we can obtain these certifications more smoothly for our other environments as well.”
Translink securely bringing OV transactions to the public cloud
Read how Translink created more flexibility in a scalable, highly secure IT environment through a controlled transition to the public cloud.