July 9, 2021

MeterFeeder's Security Management System

MeterFeeder's Security Management System

A recent data breach by one of our competitors has opened many consumers' eyes to moving yet another function of their lives to the digital world. Parking is no longer run by loose change and rusting meters, it’s connected with our phones, our cars, and our municipalities who monitor digital parking meters. At MeterFeeder, we remove the burden, fees, and frustration that surrounds parking. We put the power into your hands (or your phones or cars) to make sure you never get a late fee again. But, with such great power comes responsibility.

The Competitor’s Data Breach

A data breach in a pay by phone parking app was discovered on March 26th, 2021. A New York based threat intelligence firm first discovered a sales thread on a Russian-language crime forum that included more than 20 million app users’ account information. The information included license plate numbers, vehicle types, email addresses, and phone numbers but thankfully, no credit card information. After there were no buyers for the initial “sale” of stolen information, the hacker released the information online for free to whoever may be interested. That’s where it remains today.

So what can be done for the users who are now left in a vulnerable position? They can change their passwords (for this app and every website or app that uses the same password) and cross their fingers that it doesn’t happen again.

Data breaches are becoming more and more complex. That’s why we’ve created a robust commitment to security.

MeterFeeder’s Commitment to Security

Our approach to security was crafted by our Chief Technology Officer, Daniel Lopretto. Daniel has over twenty years of experience as a programmer, software developer, and consultant for a variety of clients looking to expand their digital offerings and cloud resources. Not only does he understand what it takes to create seamless and integrated software solutions, he understands the importance of managing and protecting user data.

Instead of storing data with a third-party provider, all personal data is stored within the user’s phone. This removes any vulnerability to it being hacked or stolen online. Our Security Management System also ensures that controls are put in place to:

  1. Develop and maintain a framework to identify and measure attainment with security-related objectives;
  2. Manage customer assets in a mutually agreed manner
  3. Maintain the confidentiality, integrity, and availability of customer assets
  4. Ensure information assets and software are protected against unauthorized access, misuse, and disclosure at all times
  5. Ensure that the requirements, as identified by information owners, for the availability of business assets and processing facilities required for operational activities shall be met
  6. Ensure all relevant security-related legal obligations shall be met
  7. Ensure disposals of any media or paperwork containing sensitive information are conducted in an agreed secure manner
  8. Investigate all known breaches of business security, actual or suspected in line with our security management controls and procedures
  9. Provide robust formal methods for risk assessment, management, and treatment;
  10. Apply appropriate risk controls in all relevant situations
  11. Ensure suppliers, partners, and vendors of products and/or services required of the Security Management System have either signed-up to this policy and its requirements or a suitable risk assessment has been undertaken
  12. Ensure all relevant security communications are made to stakeholders (internal or external) to inform, advise, and encourage best practice
  13. Develop, maintain, and exercising business to business continuity plans

Our Security Management System is proactive, not simply reactive. Our mission is to provide a low-cost payment and enforcement solution for small to mid-sized governments. We aim to take the burden of parking violations away from individual drivers, fleet management companies, and municipalities, never to place an additional burden or vulnerability to their data.

Want to learn more about all we are doing to protect your data against hackers and breaches? Contact our team!

Recent Articles