Verizon’s 2019 Payment Security Report shows drop in PCI DSS compliance
Eckoh says achieving and maintaining compliance can be simpler
Eckoh comments on the recently released Verizon Payment Security Report 2019, which highlights the disappointing drop in compliance to the Payment Card Industry Data Security Standard (PCI DSS) for the second year in a row. Compliance now stands at just 36.7% worldwide.
Keith Ward, Technical Director at Eckoh, commented,
“While the report highlights that Europe is in a stronger position when it comes to compliance – achieving 48% compared to the US at 20.4% – it is still worrying to see that organisations are finding it difficult to maintain compliance and therefore risk exposing sensitive customer data and incurring fines in the event of a data breach,”
Eckoh, having recently celebrated their tenth year of consecutive compliance to PCI DSS at the highest level, have also been encouraging contact centres to rethink their PCI DSS strategy because there is often a false sense of security that using multiple ‘solutions’ to achieve compliance, is simpler and cheaper. The truth is in fact the opposite, as manual interventions are simply not reliable enough and agents can still see and hear card details. Interrupting calls to transfer customers to an automated IVR or a clean room is a far from perfect customer experience and these solutions often have disappointing success rates.
“With CallGuard, contact centres can easily achieve and maintain PCI DSS compliance because the patented solution prevents sensitive data from entering the IT environment in the first place by effectively putting a shield around the contact centre.” Continues Ward. “Simply put, if the data isn’t there it can’t be stolen. Having no data also removes the contact centre from the scope of PCI DSS making it simpler to achieve – and maintain – compliance, every minute of every day.”
With Card-Not-Present fraud set to reach £680m in the UK by 2021  and the findings of this report, it is timely that the PCI SSC will shortly issue the fourth version of the DSS which will involve major changes to the standard. At the same time, Eckoh urges organisations to address both security and compliance to ensure they can minimise the ever-growing risks around customer data.
Eckoh is a global provider of Secure Payment products and Customer Engagement solutions, supporting an international client base from its offices in the UK and US.
Our Secure Payments products help our clients take payments securely from their customers through all engagement channels. The products, which include the patented CallGuard and ChatGuard, can be hosted in the Cloud or deployed on the client’s site and remove sensitive personal and payment data from contact centres and IT environments. They offer merchants a simple and effective way to reduce the risk of fraud, secure sensitive data and become compliant with the Payment Card Industry Data Security Standards (“PCI DSS”) and wider data security regulations. Eckoh has been a PCI DSS Level One Accredited Service Provider since 2010, securing over £2bn in payments annually.
Eckoh’s Customer Contact solutions enable enquiries and transactions to be performed on whatever device the customer chooses, allowing organisations to increase efficiency, lower operational costs and provide a true Omnichannel experience. We also assist organisations in transforming the way that they engage with their customers by providing support and transition services as they implement our innovative customer contact solutions.
Our large portfolio of clients come from a broad range of vertical markets and includes government departments, telecoms providers, retailers, utility providers and financial services organisations.