SECURE, COMPLY, PROTECT

  • Secure telephone payments
  • PCI DSS compliant card not present (CNP) payment Solution
  • Protects you against charge backs from fraudulent transactions
  • Can reduce merchant costs associated with card not present transactions
  • Omni channel payment solutions for your business
  • Enables you to take payments through facebook, twitter, WhatsApp, live chat, on the doorstep, email and more
  • Potential to “de-scope”you from PCI DSS compliance

SECURE, COMPLY, PROTECT

  • Secure telephone payments
  • PCI DSS compliant card not present (CNP) payment Solution
  • Protects you against charge backs from fraudulent transactions
  • Can reduce merchant costs associated with card not present transactions
  • Omni channel payment solutions for your business
  • Enables you to take payments through facebook, twitter, WhatsApp, live chat, on the doorstep, email and more
  • Potential to “de-scope”you from PCI DSS compliance

Virtual Terminal

Accept traditional phone payments securely and become PCI compliant.

Chat Secure

Accept payments in chat windows securely and become PCI compliant

OMNI Secure

Accept payments on social media securely and become PCI compliant.

ECOM Secure

Accept online payments securely and become PCI compliant.

What is PCI DSS Compliance?

The Payment Card Industry Data Security Standards (PCI DSS) is a set of requirements for protecting payment account data. These standards were developed by the PCI Security Standards Council, an organisation founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa International, to facilitate industry-wide adoption of consistent data security measures on a global basis.

pci_dss
PCI-DSS Compliant

Who needs to be PCI DSS compliant?

PCI DSS compliance is a contractual obligation, generally between a Merchant and their Acquiring Bank. It applies to ALL entities that store, process and or transmit payment card data, irrespective of the quantity of payments processed. PCI DSS also applies to Third Party Service Providers, who support entities that may have outsourced the payment handling process. Outsourcing does not release an entity from their obligation to be certified as compliant. The requirements apply to all acceptance channels including retail (brick-and-mortar), mail/telephone order (MOTO), and e-commerce.

In 2017, there were 1,579 data breaches reported, compromising 179 million records and costing breached companies an average of $3.62 million. Payment card information is highly desirable to hackers and with contact centres processing millions of payment transactions each month, these companies are an especially attractive breach target.

EU GDPR

  • On May 25th 2018 the new GDPR (General Data Protection Regulation) became law and compliance with GDPR is a legal requirement for your business and suppliers

  • Failure to comply could result in huge fines and potential legal action from customers and do severe damage to your brand

  • The General Data Protection Regulation is a regulation by which the European Union(EU) strengthened data protection for individuals within the (EU)

  • The primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business

  • It also addresses export of personal data outside the EU – so companies that use offices elsewhere in the world to deal with EU citizens must comply

  • If a company trades in Europe – it has to comply – regardless of Brexit

Card Holder Not Present Fraud

“Debit and Credit payment card fraud has rose 45% in the last 5 years, equivalent to £175 million.”

Source: UK Finance

What is a card not present transaction?

A remote purchase card-not-present (CNP) transaction is one where the cardholder and the card are not present at the point-of-sale.

How does it effect my business or contact centre?

Because the card and cardholder are not present, you are unable to physically check the card or the identity of the cardholder. You therefore need to be particularly careful about CNP transactions, because it is much easier for the fraudster to disguise their true identity.

Merchants need to be mindful that a standard ‘authorisation’ from their payment service provider does not guarantee against fraud related chargebacks. The merchant is responsible for ensuring that CNP transactions are not fraudulent. If a transaction is fraudulent, they will be liable for the loss.

How does it effect my business or contact centre?

The problem with "Pause and Resume"

PCI-DSS compliance insists that sensitive payment card information must be protected.
However this can cause businesses a headache if they record calls for training or monitoring purposes as the card data can be captured, causing a conflict with compliance.

To combat this problem and to avoid capturing sensitive authentication data (SAD) such as the 3 digit security number on the back of the card, many companies use the ‘Pause and Resume’ call recording method. This can either be a manual or automatic system.

This however, causes its own problem as it undermines the very reason calls are recorded.
The call recording is there to provide an unequivocal record of what conversations took place over the telephone.
A gap in this recording creates doubt. What was said during this time? If a customer is claiming a policy or product was miss-sold or they were misinformed in some way, a complete record to refute this claim no longer exists.

Close Menu