Case Study: Miele Achieves PCI DSS Level 1

The appliances manufacturer has become PCI compliant with help from Syntec.

The solution

Miele were originally considering a premises-based touchtone payment (DTMF) system to de-scope their call centre environment and call recordings from PCI DSS regulations, with their agents still taking payments in mid-conversation with the customer.

They instead chose a fully hosted version of the CardEasy keypad payment by phone service, because the sensitive card data never enters the call centre environment at all, thus reducing PCI DSS compliance requirements almost to nil with just a minimal self-assessment questionnaire (SAQ) to complete.

With no new equipment needed (as it integrates with existing phones and payment systems on a software-as-a-service  (SaaS) basis), the solution was easy to trial and subsequently deploy.

The results

As an Ofcom-regulated telecommunications provider, Syntec was also qualified to give Miele expert advice on integrating the solution with their existing infrastructure.

This included recommendations such as the option to change phone numbers to generate revenue-share from call charges where appropriate.

Ultimately, PCI DSS level 1 was achieved with mid-call secure payments, improved speed of transaction and customer service, and with no CAPEX outlay.

“Miele selected Syntec’s pioneering hosted CardEasy system to enrich customer service whilst de-scoping us from large sections of PCI DSS regulations, which otherwise require significant cost and effort to satisfy,” said Paul Aram, IT Manager at Miele.

For more information about Syntec,  visit their website.