Follow on Google News News By Tag * Card Payments * Payment software * Contact Centres * PSI DSS compliance * Automated Payment Solutions * More Tags... Industry News News By Location Country(s) Industry News
Follow on Google News | PCI DSS Compliance: ‘Whose responsibility is it anyway?’ asks EncodedRob Crutchington, Director at Encoded, discusses how PCI DSS affects everyone in the trading food chain
By: PR Artistry PCI DSS affects everyone in the trading food chain Nowadays, paying for goods and services remotely is the norm and every contact centre that accepts credit and debit card payments over the telephone needs to be PCI DSS compliant. However, what many contact centres don’t realise is that PCI DSS covers the entire trading environment, meaning all third-party partners and vendors that handle card data on their behalf or supply services where card data is transmitted, must also comply before full PCI DSS compliance is achieved. As organisations work hard to achieve and maintain ongoing PCI DSS compliance, they may choose to engage with third-party service providers (TPSPs) to achieve their objectives, for example, companies who store, process, or transmit cardholder data on their behalf or manage components of their cardholder data environment (CDE), such as routers, firewalls, databases, physical security, and/or servers. Before selecting new TPSPs, organisations should conduct a proper due diligence and risk analysis to establish whether they have the right skills and experience necessary to achieve PCI DSS compliance. Once on board, making the time to put in place a third-party assurance programme that outlines clear policies and procedures is essential to ensuring that customer card data and systems are fully protected at all times and in a compliant manner. Contact centres beware! Coming back to contact centres, many use multiple vendors for their technology so it is becoming increasingly important for management to understand just who does what in the end-to-end card payment process, who needs to be PCI DSS compliant and the exact status of a vendor’s PCI DSS credentials. Referring to the VISA Merchant Agents List (https://www.visamerchantagentslist.com/ Responsibility Matrix to address the thorny issue of PCI DSS responsibility At the end of last year, when the latest version of PCI DSS was announced, along came the “Responsibility Matrix”, a new requirement that makes an attempt to shed light on some of the greys areas surrounding PCI DSS and begins to answer the perennial question: whose responsibility is it anyway? PCI DSS 3.1 clarifies much of the ambiguity of the previous versions. There shouldn’t be anything that affects the day-to-day running of a contact centre. However, service providers are now required to supply a “Responsibility Matrix” which defines which of the many controls are the responsibility of the merchant and which fall to the TPSP. These responsibilities need to be clearly listed as “the merchant’s responsibility” Remember PCI compliance is not a one-off exercise. It must be revisited every year and that takes time and resource. The best way to minimise future costs as the standard evolves is to reduce exposure to the primary risk areas such as staff and infrastructure. Invest in training and education of the PCI standard in order to have the talent in-house. Unless you have a good understanding of PCI how will you know whether the advice you receive is valid or not? The buck stops with the merchant Most card-accepting contact centres understand the importance of protecting customer data from fraud and cybercrime. However, many might not be aware that in the event of a security breach they will be the ones fined. Costs and expenses can quickly add up with payment network fines and assessments, forensic fees associated with a compliance audit, of the merchant’s business environment, and legal fees. Not to mention the damage to reputation and lost sales. Always remember: the buck stops with the merchant. About Encoded Encoded is a leading provider of automated payment solutions. All the company’s services are designed to fulfil three key objectives: Reduce costs by automating business processes Increase security around payments and reduce compliance scope Improve customer service by maximising resource efficiency Encoded was established in 2001 to offer affordable, pay-as-you-go solutions to the growing telecommunications requirements of small and large businesses. Today, the company’s software regularly supports 30 million customers and 10 million calls globally and automates over £ 400 million in secure payments. For more information please visit www.encoded.co.uk Press contact: Mary Phillips/Andreina West PR Artistry Limited T: 01491 639500 E: mary@pra-ltd.co.uk [1] (http://#_ftnref1) End
Account Email Address Account Phone Number Disclaimer Report Abuse
|
|