Organisations still confused about PCI compliance

padlock-credit-card-185
6,589

According to a Business Systems best practice guide, there is still a lot of confusion in the market about the implications for PCI compliance when recording calls.

Any organisation taking sensitive data from a customer, in particular credit or debit card details, has a duty to ensure they are taking every step possible to protect customers and their data from fraudulent use and identity theft, and this obviously extends into data captured in recorded calls.

In 2012, according to the Financial Fraud Action (FFA UK) website, credit card fraud rose in the UK to £388m, up 14% on 2011. Within this figure, £32.1m was associated with card ID theft, a staggering 42% increase on the previous year. As a result, organisations are increasingly being put under the spotlight and fines being issued where breaches in compliance are uncovered.

The Payment Card Industry Data Security Standard (PCI DSS) applies to anyone taking credit/debit card payments in-person, over the internet or by telephone. Yet in the UK, some organisations have still not yet put in place the necessary technology, processes and procedures to ensure full compliance. The main reasons cited for this failure to comply are:

(i)    They do not fully understand their obligations under PCI DSS
or
(ii)    They wrongly assume the steps required for compliance to be too complex and costly.

The Business Systems best practice guide ‘How to Ensure PCI DSS Compliance’ aims to provide an easy-to-follow, digestible and practical guide to what PCI compliance means, the different options for compliant call recording, the pros and cons of these options and a proven approach to help protect organisations and their customers. It goes on to identify some of the common mistakes organisations make when attempting to implement a PCI-compliant call recording solution, but it also highlights the importance of building a solution which does not detract from the overall customer experience.

Atiq-Rehman

Atiq Rehman

Atiq Rehman, Consultancy and Training Manager at Business Systems, concludes “Performing the development required to make your recording platform PCI compliant can be a daunting and lengthy process. It’s important to work with suppliers who can provide comprehensive end-to-end testing to validate that you are no longer capturing or storing payment details and that there are no exceptions. The more experienced providers should be able to achieve this whilst minimising disruption to your current payment process handling infrastructure.”

References

Best practice guide: How To Ensure PCI DSS Compliance

PCI-Compliant-Call-Recording-Infographic

PCI Compliant Call Recording Infographic

Author: Jo Robinson

Published On: 24th Jul 2013 - Last modified: 12th Dec 2018
Read more about - Archived Content, , , , ,

Follow Us on LinkedIn