Case Study: Transport for London achieves PCI DSS-compliant contactless payments with NCC Group

Transport for London - Customer Case Study

Transport for London (TfL) partnered with NCC Group to support the rollout of its contactless payment technology while ensuring the system operated within PCI DSS scope. The challenge was to create a security and compliance framework for a new payments project across multiple transport services, including buses and the wider TfL network.

NCC Group worked with TfL and its supplier to develop a suitable framework covering PTS v3.1 for devices, P2PE v1.1 for data transmission, and PCI DSS v2.0 for the data center, alongside gap analysis, remediation guidance, assessments, and penetration testing. The solution was approved by the card schemes, the bus launch went live in December 2012, and TfL was commended for its security approach, with NCC Group’s independent assessment helping provide confidence that the solution was sound.

Transport for London