Achieving resilience and PCI compliance in the cloud

Today’s call centres are under constant pressure to ensure high levels of customer service and constant connectivity. Businesses try to differentiate themselves from the competition by providing holistic services through the integration of technologies such as email, VoIP, instant messaging and online payments. However, this is bringing additional and unfamiliar network security challenges. 

NewVoiceMedia (NVM), provider of online hosted contact centre solutions, hosts thousands of calls daily and processes huge volumes of card holder data on behalf of their customers. NVM not only faced the constant challenge of ensuring network uptime but also combating threats against its new payment processing service.

One of the most comprehensive ways of protecting financial transactions is by becoming compliant with requirements set out by Payment Card Industry Data Security Standards (PCI DSS). The PCI is an industry body initially founded by card companies such as Visa, MasterCard and American Express. It is a standard that aims to ensure that all companies that process payment cards protect customers’ card information. The scope of the standard requires all web-facing applications to be protected against various attacks such as fraud prevention, eavesdropping and hacking.

Although PCI DSS is a well recognised standard it has not yet become legal doctrine so many call centres have yet to implement it, despite increasing pressure from card companies. “Many call centres are putting customers’ financial information at risk because they have refused to invest in suitable technology stated in the PCI requirements,” says Ashley Unitt, NVM’s chief security officer.

Ashley continues, “We have a responsibility towards our customers to not only ensure that they consistently get the service they pay for, but any financial or customer information is kept secure and confidential. If our services were interrupted for even ten minutes our reputation would be ruined and we would face significant revenue loss.”

To tackle these challenges, NVM implemented Stonesoft’s technologies to secure all network services and financial transactions. One of the key reasons for using Stonesoft’s solutions was its ability to monitor and control multimedia communication services such as VoIP telephony sessions.

Stonesoft also provided NVM with a firewall that sits in front of the web-facing tools such as its interactive voice response system (IVR), to stop attacks before they reach the network.

“Having comprehensive network protection in hosted environments is very important for not only network protection but also PCI compliance. Evolving security threats are increasingly making it easier for third parties to intercept and eavesdrop on VoIP traffic by using technologies such as sniffer tools that are readily available on the internet,” says Ash Patel, country manager UK & Ireland at Stonesoft.

Furthermore, with the help of Stonesoft’s solutions NVM expanded its services by becoming a level one PCI-DSS compliant supplier: the highest level possible to achieve. This is a massive leap for the company as now any contact centre that wants to use NVM’s service can choose to outsource PCI responsibility to the company, bringing new revenue opportunities to the business.

In an effort to provide good customer experience and wider ranging services, call centres need to keep network security and the integrity of customers’ personal and financial information at the forefront. For any business wanting to deal with financial transactions, the requirements stipulated in PCI DSS should be given serious consideration to ensure maximum protection for both the corporate network and customer alike.