Menu

Policies

Credit Card Policies

Introduction

This document explains ParkSmart’s credit card security requirements as required by the Payment Card Industry Data Security Standard (PCI DSS) Program. ParkSmart management is committed to these security policies to protect information utilized by ParkSmart in attaining its business goals. All employees are required to adhere to the policies described within this document.

Scope of Compliance

The PCI requirements apply to all systems that store, process, or transmit cardholder data. Currently, ParkSmart’s cardholder dataflow includes only paper media. Electronic storage of cardholder data is not conducted or permitted. Due to the limited nature of the in-scope environment, this document is intended to meet the PCI requirements as defined in Self-Assessment Questionnaire (SAQ) A ver. 1.2, October, 2008. Should ParkSmart implement additional acceptance channels, begin storing, processing, or transmitting cardholder data in electronic format, or otherwise become ineligible to validate compliance under SAQ A it will be the responsibility of ParkSmart to determine the appropriate compliance criteria and implement additional policies and controls as needed.

Requirement 9: Restrict Physical Access to Cardholder Data

Physically Secure all Paper Containing Cardholder Data

Hard copy materials containing confidential or sensitive information (e.g., paper receipts, paper reports, faxes, etc.) are subject to the following storage guidelines:

  • Printed reports containing cardholder data are to be physically retained, stored, or archived only within secure ParkSmart office environments, and only for the minimum time deemed necessary for their use. (PCI requirement 9.6)
  • All hardcopy media containing cardholder data must be stored in a secure and locked container (e.g. locker, cabinet, desk, storage bin). (PCI requirement 9.6)
  • Hardcopy material containing cardholder data should never be stored in unlocked or insecure containers or open workspaces. (PCI requirement 9.6)
  • All hardcopy material containing cardholder data must be easily distinguishable through labeling or other methods. (PCI requirement 9.7.1)
  • All confidential or sensitive hardcopy material must be sent or delivered by a secured courier or other delivery methods that can be accurately tracked. (PCI requirement 9.7.2)
  • At no time is printed material containing cardholder data to be removed from any ParkSmart data center, computer room, or secured storage area without prior authorization from management. Any authorized removal of cardholder data will be noted in a tracking log maintained by ParkSmart. (PCI requirement 9.8)
  • Custodians of hardcopy media containing cardholder data must perform an inventory of the media at least annually. Results of inventories shall be recorded in an inventory log. (PCI requirement 9.9)
Destruction of Data

All media containing cardholder data must be destroyed when no longer needed for business or legal reasons. (PCI requirement 9.10)

Hardcopy media must be destroyed by cross-cut shredding, incineration, or pulping so that cardholder data cannot be reconstructed. Any containers storing hardcopy media designated to be destroyed must be secured by lock or otherwise to prevent access to the contents of the container. (PCI requirement 9.10.1)

Requirement 12: Maintain a Policy that Addresses Information Security for Employees and Contractors

Service Providers

ParkSmart will implement policies and procedures to manage service providers. (PCI requirement 12.8) This process must include the following:

  • Maintain a list of service providers (PCI requirement 12.8.1)
  • Maintain a written agreement that includes an acknowledgement that the service providers are responsible for the security of the cardholder data the service providers possess (PCI requirement 12.8.2)
  • Implement a process to perform proper due diligence prior to engaging a service provider (PCI requirement 12.8.3)
  • Monitor service providers’ PCI DSS compliance status (PCI requirement 12.8.4)

Refund Policy

ParkSmart does not generally issue refunds under any circumstance, and ParkSmart reserves the right to refuse a refund request at any time. To request a refund due to overpayment or a duplicate payment, contact ParkSmart by mail within thirty days of the disputed payment, identifying the date, amount, and purpose for the payment, a detailed explanation for your refund request, and your mailing address.

The determination of whether a requested refund is warranted is solely in the discretion of ParkSmart. ParkSmart will issue a check by mail no later than thirty days after determining a refund is warranted. ParkSmart will not issue a refund in any manner other than by check, regardless of how the payment to be refunded was made. If your refund request is found to be unwarranted, ParkSmart will not necessarily contact you in any way to communicate its denial of your request.

No refund request will be considered unless full payment was received for parking charges and any outstanding parking fines have been paid in full.