Card brands receive trillions of dollars in payments worldwide (VISA data 2021) and these figures are based on the trust that the cardholder has to place their card data for purchases of goods and services in present and non-present card channels.

IQ Information Quality has fourteen years of experience in providing security services in digital payments for Latin America and the Caribbean, approved by the PCI SSC (PCI Security Standard Council), to perform the evaluation of compliance with international standards (PCI DSS, PCI PIN, PCI 3DS) that protect payments made with cards (VISA, Amex, Master, Discovery) in card present (POS) and card not present (e-commerce and telephone) environments.

PCI standards are industry best practices to protect any electronic transaction where sensitive data must be protected and can be used to secure other payment ecosystems such as:

  • Private Cards
  • BNPL (Buy Now Pay Later)
  • International Wire Transfers
  • Person-to-Person P2P payments
  • Toll Payment
  • Loyalty points
  • Cryptoassets.

In any payment your customers make, there is sensitive card data information that must be protected.


Yes, the main objective of electronic tolls is to improve mobility, but their technological platform is also to "guarantee the security, privacy and transparency of information",

How does this payment technology work?

It consists of the use of an on-board device or TAG in the form of a sticker affixed to the vehicle's panoramic window, which enables the user to pay electronically.

The sticker is read by the electronic toll and the payment is processed through the payment method configured by the user in the mobile application or on the website.

For this, you need to recharge the device, in the same way that prepaid phones are recharged, and you will be ready to pass through the tolls without having to use cash.

This innovative system allows the toll to be deducted from any bank account or wallet.

Registering your payment method has sensitive card data that must be protected.

The risks associated with this type of payment ecosystem are related:

  • Leakage of sensitive information of personal data and data of means of payment with which recharges are made.
  • Compromises in the systems that carry out transactions associated with recharges and send them to the entities for authorization processes. These compromises may lead to unauthorized changes in users' recharge balances.

Services that support the protection of toll transactions in digital form:

  • Identification and documentation of information flows in processes where sensitive customer information is used.
  • Identification and validation of scope
  • Identification of controls that apply to the scope in accordance with PCI best practices.
  • Diagnosis with respect to PCI standards.
  • Validation and support in the action plan to close the findings.
  • Third party audit to validate compliance with controls.

Your mission:

Start NOW to protect your customers and your business.