The importance of PCI Compliance for your business
Many businesses are accepting payments over the phone or through a PDQ machine. If any company intends to accept card payment, and store, process and transmit cardholder data, you need to host your data securely. If this is you, it's important to know how to become and maintain PCI compliance for your business.
What is PCI Compliance?
(PCI) is the Payment Card Industry and the Payment Card Industry Data Security Standard (PCI DSS) was launched in 2006 to manage the ongoing evolution of security standards, focusing on improving payment account security throughout the transaction process. Essentially any merchant that has a Merchant ID that processes, stores or transmits credit card information must maintain a secure environment.
Card fraud and payment card breaches are an ongoing battle for the banks so PCI compliance is a top priority for merchants and businesses that process electronic payments. The process and potential costs can be daunting to an organisation, but research suggests that consumers are growing ever more concerned about payment card security when paying over the phone.
How do I become PCI Compliant?
Many business owners are not aware of PCI Compliancy and what it means. Instead, they continue with their daily business, processing card payments insecurely and facing fines from their bank or merchant provider. For a business to become PCI DSS compliant, a Level-1 MOTO payment solution must be integrated to take payments in an encrypted environment.
What is a Level-1 MOTO payment solution?
There are 4 levels of PCI compliance based on each merchant�s card transaction volume. Level 1 is classed as the highest level of compliance, for those who process over 6 million card transactions annually through all channels (card present, card not present and eCommerce).
What are my options?
60% of consumers say that the risk of call centre fraud has prevented them from making payments over the phone. So what are the options available to your business?
DTMF (Dual Tone Multi Frequency) masking technology can provide you with a secure way of handling payments by phone. It integrates with the call flow and, once a payment transaction commences, intercepts any keypad tones that are entered by the customer. This means the agent doesn�t hear or see the card data, they are only presented with asterisks on their screen.
IVR Payments Solution allows your customers to make payments 24/7 without speaking to an agent or having to access your website. Payments are handled within a secure, encrypted environment which can be integrated with your IVR platform.
Legacy Data can take many forms, with voice recordings being the most common. Many businesses are required to store information for a number of years but there are legacy data solutions to ensure that any archived call recordings and electronic documents are encrypted and are just as secure as the real-time data.
Do I need any other security systems in place to be compliant?
Although you do not need any specific security systems in place, you must ensure that you are proactive in maintaining a decent security level across your business. This includes regular testing of your security measures such as anti-virus software and firewalls. The best way to stay compliant is to perform regular system audits. Ensure that passwords are regularly updated, policies are kept up to date, and employee training is maintained.
What are the benefits of becoming PCI Compliant?
Telecoms World's Compliant Cloud creates a secure environment over the phone where your clients can disclose their bank details without their data ever becoming visible to an operator, or passed through company hardware. By simply transferring a caller to the Compliant Cloud, the caller is passed back to the operator through a secure connection.
When the caller taps in their details, the data is being encrypted with only the notification of completion being made visible to the operator. Once the transaction is complete, the funds are sent directly to your account without ever passing through your company�s hardware or being visible to staff.
- Level-1 PCI compliance for MOTO transactions
- Take payments over the phone using secure encryption
- Cloud-based telephony solution available to all numbers
- Integrate our PCI solution with any merchant bank
For more information on our PCI Compliance Phone Payments solution, contact our friendly team of experts on 0800 774 7772.