Secure payment solutions
PCI QSA partner – Blackfoot UK
Level 1 PCI DSS compliant card payments
PCI DSS Compliance
Secure payment solutions from Encoded. Independently certified as a level 1 PCI DSS compliant provider
What is PCI DSS? The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to enhance the security of payment account data. Created by Visa®, Mastercard®, JCB®, Discover® and American Express® it is made up of 12 requirements designed to secure business systems that store, process or transmit card holder data. It is meant to protect consumers and merchants against security breaches.
Card Data Security – The Buck Stops with the Merchant. Card accepting contact centres understand the importance of protecting customer data from fraud and cybercrime. However, it might be news to many that in the event of a security breach they will be the ones fined.
What are the major issues with PCI DSS and contact centres? It is not easy for contact centres to attain PCI DSS compliance because:
- Handling Details
Allowing Agents live access to card payment details can lead to a high risk of those details being exposed. There are countless examples of Agents writing down information and sending it in emails etc. Therefore the risk from security breaches is high due to both human error and dishonesty.
- Storing Details
A significant investment in infrastructure, security systems, as well as policies and procedures is required when storing payment card details on-site. Data storage for recurring payments leads to potential high levels of risk. Call recordings are also a major problem as they are likely to record and store sensitive card information, particularly in regulated industries.
- Training Agents
The need to training agents to understand what PCI DSS compliance means and what their responsibilities are introduces additional costs.
Ensure that all service providers involved with card holder data have a valid PCI DSS certificate.
How can Encoded Help?
Encoded has invested in achieving the top level of PCI DSS compliance. It has a Level 1 Attestation of Compliance (AOC) which applies to organisations that store, process and/or transmit more than 300,000 Visa transactions per year.
Encode also appears on the Visa Europe Merchant Agents List http://www.visasmerchantslist.com
The high cost of going through full PCI DSS Level 1 accreditation with an external Qualified Security Assessor (QSA) is leading to some vendors claiming to be compliant when in fact they have not been through the whole process. This is putting contact centre organisations at risk.
To find out more take a look at Five Things Every Card-Accepting Contact Centre Should Know about PCI Compliance or call us on 0845 120 9790