Why PCI DSS matters (and what you can do to protect your business by ensuring you’re compliant)
If your company processes card payments, then it’s likely that you have heard of the Payment Card Industry Data Security Standard (or the PCI DSS as it is more commonly known). In this article Syntec take a deep dive into what PCI DSS is and if it is something that affects your business.
What is PCI DSS Compliance?
PCI DSS is essentially a range of payment card security standards that ensure that businesses are following proper security measures when dealing with card payments and payment-related data.
PCI DSS involves 12 requirements which are set by the Payment Card Industry Security Standards Council (PCI SSC) that need to be met. The standards exist to increase controls around cardholder data in order to reduce credit card fraud and ensure all merchants maintain a secure environment.
Validation of compliance is performed annually or quarterly, and varies depending on the volume of transactions that you handle:
» Self-assessment questionnaire (SAQ) – Applicable to merchants processing less than 1 million transactions per year
» External qualified security assessor (QSA) – Applicable to merchants processing between 1 and 6 million transactions per annum
» Internal security assessor (ISA) – Applicable to merchants processing 6 million+ transactions per annum
PCI DSS v4.0 is expected to be rolled out in the middle of 2021 and organizations will be required to update their security processes in order to maintain their compliance.
What is the PCI Security Standards Council?
The PCI Security Standards Council (PCI SSC) was founded in 2006 by American Express, Discover, JCB International, MasterCard, and Visa. It is a global forum that brings together stakeholders to develop and drive the adoption of data security standards and resources for safe payments worldwide. The PCI SSC is in charge of upholding the payment card industry’s security standards, ensuring that merchants meet them, as well as managing payment card data security worldwide.
The PCI SSC’s mission is to ‘enhance global payment account data security by developing standards and supporting services that drive education, awareness and effective implementation by stakeholders.’
Does my business need to comply with PCI DSS??
If you accept, process, store, or transmit any form of payment data then PCI DSS applies to your organization, although the specific payment security requirements are likely to be slightly different for each merchant.
Regardless of the industry or vertical that you operate in, if your contact center takes card payments then you are responsible for keeping your customers’ personal and payment data safe. You, therefore, need to be sure that you are PCI DSS compliant.
» Enhanced security when dealing with sensitive card data
» Lower risk of experiencing data breaches
» Improved customer trust in your company and greater brand reputation
» Helps to avoid fines (card brands can impose fines on merchants who fail to achieve PCI DSS compliance)
How can Cardeasy help you achieve PCI compliance?
We work extensively with merchants that operate contact centers to help them ensure that their operations are secure and PCI DSS compliant. However your customers choose to make payment (whether on the phone to your agents, via an IVR, or any digital channel) Cardeasy prevents payment card data from entering your contact center environment, which de-scopes it from PCI DSS.
Using CardEasy saves you time and money by de-scoping your operations from PCI DSS controls, whilst removing the need for time-consuming oversight and PCI DSS audits. Traditional approaches such as ‘pause and resume’ only protect the call recording. Everything else, from the edge of your network right through to the agent, is still exposed to sensitive cardholder data and therefore ‘in scope’ for PCI DSS.
CardEasy reduces PCI DSS scope to the lowest level and ensures your customer’s payments are handled securely no matter where your workforce is based, irrespective of how PCI DSS evolves.
Secure, PCI DSS compliant payment solution for contact centres
Whether your customers choose to pay over the telephone or via a digital channel such as email, SMS or web chat, CardEasy provides a simple, secure and cost effective payment solution that will protect your customers and de-scope your contact center environment from PCI DSS.
Offering seamless integration with your existing telephony and IT infrastructure, CardEasy significantly reduces the risks and costs associated with managing card payment transactions in your contact centers, whilst improving your customer’s experience and trust. CardEasy removes the risk of payment card fraud within your contact center by preventing your contact center agents from hearing or seeing payment card data, automatically blocking it from your screen and call recording (without the need for a pause/resume function) and preventing it from entering your contact center systems and networks.
Our patented technology creates a secure payment environment for payments handled over the phone, self-service IVR, email, webchat, SMS, social media or even via video calls.
For additional information on CardEasy view their Company Profile