Islington Council has come under fire for asking residents to share their debit and credit card details over email.
Officials asked people applying for a parking bay suspension to share their card details, including security codes, through an attached Word document.
The BBC reported that the payment process is now under review. A council spokesperson confirmed to NS Tech that the form in question had been taken down from the website.
The council stands accused of breaking the Payment Cards Industry’s rules, which forbid third parties from storing security codes.
“Asking for financial information in a plain text word doc is frankly shocking and the council should really know better,” said Rashmi Knowles of RSA Security. “This is a serious breach of PCI security rules, and could potentially fall foul of GDPR as well.”
A spokesperson for the Information Commissioner’s Office said all organisations processing personal data “have a responsibility to do so safely and securely. If anyone has concerns about how their data has been handled, they can make a complaint to the ICO.”