Eckoh welcomes the updated PCI SSC guidance to securing telephone payments – Cam Ross, Director of Payment Strategy, Eckoh
The publication by the PCI SSC of the updated version of the PCI DSS information supplement Protecting Telephone-Based Payment Card Data is very welcome – the last version was published seven years ago!
The guidance is the result of a collaboration between 50 companies, all specialists in this field. Eckoh has been very pleased to work alongside real industry experts like Worldpay and Verizon, as well as the other acquirers, industry bodies, call centre operators, consultants, telecommunications companies, legal and financial companies involved. Having been a founding member of the SIG, Eckoh was pleased to contribute our expertise to the new guidance.
The new document explores the potential risks and security challenges associated with telephone-based card payment environments and provides much needed clarity for the contact centre industry, globally.
What’s noticeable is that this version deals explicitly with current technologies and now includes DTMF payments which were not mentioned at all in the previous version. That’s important, because DTMF technology is the way in which most contact centres want to take payment today; it offers such good security and de-scoping benefits.
This update completely supports Eckoh’s view that contact centres should seek to reduce the scope of the PCI DSS audit for their contact centres wherever possible. What’s particularly helpful are the sections that show how companies, of many different models and sizes, can address PCI DSS in their environments. The clear and sensible diagrams will allow companies and QSAs to more easily define scope within even highly complex contact centres.
There are many often-misunderstood areas of technology and operation around today’s contact centres, such as VoIP, call recording, transfers, home or remote-workers, and outsourcing. So it’s welcoming to see the guidance cover these specifically. Also addressed are ‘digital payments’ – where a payment may start with a phone call and end with an online or mobile payment. This scenario occurs more frequently now with the growing number of engagement channels and a user’s tendency to channel shift.
Digital payments over the phone is an area in which Eckoh have led the world. We were the first to launch secure payment using Apple Pay, Google Pay and PayPal over the telephone, and the first to provide secure Web Chat payment. It clearly shows that our innovation and R&D strategy was, and remains, ahead of the curve.
In the past few years, the industry has seen fraud switch towards card-not-present channels like contact centres. Finally, the industry has a comprehensive document which will help it define and address the increasing threat. You only need to read it to see the immense challenges facing contact centres which wish to handle card data directly.
Eckoh continues to help companies reduce their PCI DSS audit scope; this document will ensure that clients and their QSAs have a clear, independent way to determine that their chosen approach is the right one for them.
We’re so pleased that the PCI Council has finally published this document. It’s the result of more than five years’ work from Eckoh and other industry leaders, to help further secure contact centres from payment fraud.
Additional Information
Cam Ross is Director of Payment Strategy at Eckoh
Eckoh is a global provider of Secure Payment and Customer Engagement solutions via its Customer Experience Portal. It also provides contact centre Third Party Support and manages an international client base from its offices in the UK and US.
The PCI DSS compliant Secure Payment solutions, which can be hosted or on-site, remove sensitive personal and payment data from contact centres and IT environments. The products offer merchants a simple and effective way to reduce the risk of fraud, secure sensitive data and become compliant with the Payment Card Industry Data Security Standards (“PCI DSS”) as well as wider data security regulations. Eckoh has been a PCI DSS Level One accredited Service Provider since 2010.
Eckoh’s customer engagement solutions enable enquiries to be answered through multiple channels, allowing organisations to increase efficiency, lower operational costs and provide a true Omni-Channel experience to their customers. We also assist organisations to transform the way that they engage with their customers by providing support and transition services as they implement our innovative customer contact solutions.
For additional information on Eckoh visit their Website or view their Company Profile