Main Nav

We have an assortment of staffed and unstaffed parking lots on our campus with various kinds of pay stations in the unstaffed lots. 

Our parking director would like to have a comprehensive system for all lots that will allow for:
- 1. credit card payments
- 2. access via student ID cards with no payment
- 3. cash payments
- 4. payment via validation cards for special events and guests

When he has brought this up over the years, various offices on campus have waved the PCI flag and frustrated his efforts.

Perhaps they assumed that such a system would result in credit card information traversing the campus network.  

Our parking director knows parking, not IT so our CISO and I met with the parking director this morning to try and decide what he needs to get this project moving. 

I'm guessing that the PCI aspect of campus-wide parking systems is a problem that has already been solved in any number of ways by the vendors that are out there.  

Has anyone had to build a PCI-compliant infrastructure specifically for a parking system or are the vendor solutions more or less self-contained?

Thanks very much!

- David

David Stack, PhD
Chief Operating Officer and Deputy CIO
University IT Services
University of Wisconsin-Milwaukee

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at


We have no solution that meets anything this comprehensively, but I would offer one review point.  You would want to configure any payment system that connects with a student ID card system very carefully, and probably with you PCI auditor up front.  Connections can extend PCI scope into areas you didn't originally intend.  We've changed directions a couple times when we found that the tie in extended PCI compliance scope in ways we could not financially or technically scope.

Best wishes

CIO Digest - 17 Jan 2014 to 19 Jan 2014 (#2014-12)

Good morning! Excellent points!


Many colleges and municipal entities are dealing with this issue. There are kiosks that allow such payments of all types and would meet the needs of the school. These systems need not necessarily go across the school network for authorization, but it is likely each one would need a phone line.


In theory, you  COULD provide pre-paid cards for special events, and maybe the students could use their IDs for swiping – although that would require connection to the school. Building such a system would be cost-prohibitive and likely not pass PCI.


You might want to consider self-contained, pre-approved units. During vendor selection, you can verify that the kiosk hardware in the kiosk is PCI compliant (go here) as well as the software (go here).


I hope this information helps in addition to Theresa’s advice!




Verna Lynch | Senior Consultant

d: 207.739.9540 |


Thanks very much Verna and everyone who has responded on this thread!

I'm making a list of the responses that I'll share back to the group in a few days.

- David

David Stack, PhD
Chief Operating Officer and Deputy CIO
University IT Services
University of Wisconsin-Milwaukee