Eight days after a critical report by KPBS, San Diego representatives on the Metropolitan Transit System Board of Directors called on the agency Tuesday to issue new payment cards that include advanced consumer safeguards.

San Diego City Councilwoman Lorie Zapf. Photo by Chris Stone

Known as Compass Cards, the fare collection system allows trolley passengers to make faster payments at transit stations. Riders tap the cards on a scanner before boarding.

KPBS reported that the cards don’t meet payment card industry data security standards, leaving passengers vulnerable to credit card fraud.

“From the multitude of students riding to school, to those who go to work, professionals who are traveling, and even tourists who come to our city — placing them at risk is unacceptable and needs to be remedied as soon as possible,” said Councilman David Alvarez. “MTS should immediately upgrade its payment processing system.”

Technology used by public agencies needs to be the best and safest possible, Alvarez told reporters.

Councilwoman Lorie Zapf called for new cards that also include “stored value,” which passengers can fund with a certain amount of money and draw down as they take rides.

“These stored value cards are already being used in almost every major transit system in the United States,” Zapf said. “It is really important to encourage safe, reliable and functional compass cards that don’t just have a few options.”

Compass cards are used for monthly and day passes, but aren’t convenient for those who ride only occasionally, such as to sports events.

Alvarez and Zapf sent a letter to agency CEO Paul Jablonski last week asking for an update on the issue at the board’s next meeting, scheduled for March 17.

MTS spokesman Rob Schupp told City News Service that staff is already working on the problem.

“We have made significant progress already, well in advance of this news conference,” Schupp said. “MTS continues to invest in its fare collection system to address PCI compliance, stored value and other major enhancements.”

The data security standards, known as PCI DSS, are a set of rules and best practices developed by credit card companies to prevent fraud, and include encrypting cardholder data, maintaining firewalls and testing security systems.

KPBS notes that the Compass Card was developed by San Diego-based Cubic Corp. in the mid-2000s, and MTS spokesman Schupp said the transit agency “had an inkling the system needed security upgrades before July 2014, but only later did agency officials become fully aware of the problem.”

— City News Service contributed to this report.