This document explains ParkSmart’s credit card security requirements as required by the Payment Card Industry Data Security Standard (PCI DSS) Program. ParkSmart management is committed to these security policies to protect information utilized by ParkSmart in attaining its business goals. All employees are required to adhere to the policies described within this document.
Scope of Compliance
The PCI requirements apply to all systems that store, process, or transmit cardholder data. Currently, ParkSmart’s cardholder dataflow includes only paper media. Electronic storage of cardholder data is not conducted or permitted. Due to the limited nature of the in-scope environment, this document is intended to meet the PCI requirements as defined in Self-Assessment Questionnaire (SAQ) A ver. 1.2, October, 2008. Should ParkSmart implement additional acceptance channels, begin storing, processing, or transmitting cardholder data in electronic format, or otherwise become ineligible to validate compliance under SAQ A it will be the responsibility of ParkSmart to determine the appropriate compliance criteria and implement additional policies and controls as needed.
Physically Secure all Paper Containing Cardholder Data
Hard copy materials containing confidential or sensitive information (e.g., paper receipts, paper reports, faxes, etc.) are subject to the following storage guidelines:
Destruction of Data
All media containing cardholder data must be destroyed when no longer needed for business or legal reasons. (PCI requirement 9.10)
Hardcopy media must be destroyed by cross-cut shredding, incineration, or pulping so that cardholder data cannot be reconstructed. Any containers storing hardcopy media designated to be destroyed must be secured by lock or otherwise to prevent access to the contents of the container. (PCI requirement 9.10.1)
ParkSmart will implement policies and procedures to manage service providers. (PCI requirement 12.8) This process must include the following:
ParkSmart does not generally issue refunds under any circumstance, and ParkSmart reserves the right to refuse a refund request at any time. To request a refund due to overpayment or a duplicate payment, contact ParkSmart by mail within thirty days of the disputed payment, identifying the date, amount, and purpose for the payment, a detailed explanation for your refund request, and your mailing address.
The determination of whether a requested refund is warranted is solely in the discretion of ParkSmart. ParkSmart will issue a check by mail no later than thirty days after determining a refund is warranted. ParkSmart will not issue a refund in any manner other than by check, regardless of how the payment to be refunded was made. If your refund request is found to be unwarranted, ParkSmart will not necessarily contact you in any way to communicate its denial of your request.
No refund request will be considered unless full payment was received for parking charges and any outstanding parking fines have been paid in full.