How Does PCI DSS Affect You?

Call centre fraud has grown by 45% since 2013, despite the PCI DSS worldwide standard that aims to help process card payments securely.

This standard was also set up to help businesses reduce card fraud, but its lack of success is not much of a surprise to many, as a large number of firms are unclear on how PCI DSS affects their business.

If your organisation takes credit card payments then you need to be compliant with the Payment Card Industry Data Security Standard (PCI DSS), a mandatory set of regulations governing the handling of credit and debit card data by organisations processing card payments.

Adhering to the regulations is an especially difficult challenge for businesses taking payments over the phone, where all manner of systems and processes present a fraud risk.

A key component of PCI DSS mandates that if a company intends to accept card payments over the phone then they must either completely remove any trace of card details in any of their systems or go through the expensive process of securing their environment.

The latter is an expensive and resource-hungry undertaking where we see many organisations second-guessing their way through the legislation because they’re not aware of the alternatives.

The result is that as few as 13% of companies are fully compliant with the regulations.

Worryingly for all businesses is that in 2018 the legislation affecting Payment Card Security is changing.

From the 25th May 2018, any organisation processing or storing credit card data will need to adhere to the new General Data Protection Regulation (GDPR) legislation. Failure will result in big fines (up to 4% of company turnover), with company directors being personally liable.

To achieve the highest level of compliance, organisations currently need to adhere to 354 controls. A large proportion of these relate to the collection and storage of card details in telephony and call recording systems.

Many businesses realise that they’ve got a big challenge to meet PCI regulations but are equally frustrated that these regulatory issues can be resource and time consuming and divert focus away from growing their business.

Organisations want to be compliant, but want to do it as painlessly as possible.

However, there’s good news in all this, as call recording solutions are available that are cost-effective, easy to use and quick to deploy.

The result? Business risk is reduced, your organisation is compliant with PCI DSS and you can get on with doing what you do best – running your business.

Find out more by visiting www.oak.co.uk