The new guidance from the PCI SSC gives practical advice on how to best tackle the ‘compliance nightmare’ that credit card handling brings
PCI Pal, a secure payments provider to contact centres, has welcomed updated guidance on protecting payment card data in contact centre environments, as published by the Payment Card Industry Security Standards Council (PCI SSC).
The new ‘Protecting Telephone-Based Payment Card Data’ guidelines detail how merchants need to protect customers’ sensitive payment card data when processing ‘Cardholder Not Present’ transactions using Voice-over-IP (VoIP) based communications in contact centres.
Comments James Barham, CEO, PCI Pal: “The tech landscape has evolved significantly since 2011, which is when the last version of the guidance came out, and data loss and fraud rates have continued to increase.
"Rapid change in contact centre technology, including the virtualisation of phone systems, mass adoption of VoIP and the migration to cloud infrastructure across multiple platforms has also further complicated an already complex environment.
“As a result, it’s more important than ever to standardise payment processes and secure sensitive payment data shared over voice channels. The new guidance from the PCI SSC gives practical advice on how to best tackle the ‘compliance nightmare’ that credit card handling brings.”
Adds Geoff Forsyth, CTO, PCI Pal: “The new guidance includes advice to ‘de-scope’ contact centre environments to stop any credit card details from entering in the first place. If that can be achieved, complex infrastructure already in place no longer has to meet the stringent PCI regulations, meaning hundreds of hours of complex IT work and expensive restructuring can be avoided.
“The guidance focuses on how de-scoping using cloud-based Dual Tone Multi Frequency (DTMF) solutions can be the perfect answer. By replacing outdated pause-and-resume systems with modern DTMF masking technology, it ensures organisations stay one step ahead of hackers by keeping customers’ sensitive data out of their reach.
“Conclusions from our recent study conducted with Verizon found that 60 percent of organisations are still leveraging outdated pause-and-resume technologies to avoid storing sensitive data on call recordings.
"In order to align with the new guidance, it’ll be important for businesses to eliminate data breaches at the contact centre level by preventing payment data from ultimately entering the environment.
“Well done to the PCI SCC on producing a guidance document that offers serious advice on how Contact Centres can make themselves secure and complaint for now and in the future.”
PCI Pal is a member of the global Payment Card Industry Security Standards Council (PCI SSC).
For more information, visit www.pcipal.com or call +44 207 030 3770 to arrange a demonstration.
Alternatively, follow PCI Pal on Twitter..
Notes to Editors:
About PCI Pal
PCI Pal is a specialist provider of secure payment solutions for contact centres and businesses taking Cardholder Not Present (CNP) payments. PCI Pal’s globally accessible cloud platform empowers organisations to take payments securely without bringing their environments into scope of PCI DSS and other relevant data security rules and regulations.
With the entire product portfolio served from PCI Pal’s cloud environment, integrations with existing telephony, payment, and desktop environments is simple and light-touch, ensuring no degradation of service while achieving security and compliance.
With extensive operations and technical experience of the contact centre sector, PCI Pal is uniquely qualified to deliver operationally efficient cloud-based payment security solutions to organisations operating on a global scale.
PCI Pal has offices in London, Ipswich (UK) and Charlotte NC (USA). For more information visit www.pcipal.com or follow the team on Twitter: https://twitter.com/PCIPAL
+ 44 (0)1787 313822