Payment industry and licences

- Fare-Collection-Systems

Find out the most important facts about the different security standards in the payment industry

Approval of contactless credit cards for public transport systems

To enable contactless credit cards for use and payment in public transport, new rules had to be created. The basis for the use of cEMV cards in public transport via a validation device is provided by Visa's "Mass Transit Transactions" (MTT) and Mastercards "Contactless Transit Aggregated Transactions" (CTAT). Validation devices can be validators in the vehicles or at the station, barriers that are less common in Germany or mobile devices.

Security standards

Credit and debit cards contain sensitive data that is specially protected. The financial services industry has developed very high security requirements for the processing of these cards, especially protecting the card number in conjunction with the expiry date. Our solutions meet the security standards defined by Payment Card Industry (PCI) and EMV and is certified accordingly.


The PCI Data Security Standard (PCI-DSS) defines the security requirements for IT systems that process credit and debit card transactions and summarizes them in twelve areas:

  • Requirements for firewalls
  • Specifications for setting up and maintaining passwords
  • Protection of sensitive data
  • Secure transmission of sensitive data in public networks
  • Ensuring virus protection
  • Security requirements for the processing IT applications
  • Restriction and management of access authorizations
  • Personal identification of accesses
  • Physical access restrictions
  • Logging of all security relevant accesses
  • Regular checks of all relevant systems and processes
  • Establishment and observance of guidelines for information security


EMV security standards are defined by EMVCo, an organization of American Express, Discover, JCB, Mastercard, Union Pay and Visa. Together with the associated approvals, the set of rules defined by EMVCo ensures interoperability and acceptance of secure chipcard based payment systems. Our solutions like BONNsmart complies with EMV Level 1 standards for the device hardware, Level 2 for the device software and Level 3 for the complete processing chain from card reading to the submission of a payment to the payment service provider. The EMV Level 2 approval can be fulfilled by a comprehensive EMVCo certification for all card schemes or for each card scheme to be processed individually, such as Visa, Mastercard, JCB etc.