sales@encoded.co.uk | 01293 229 700
Contact us
Contact us
sales@encoded.co.uk | 01293 229 700

Five things you should know about PCI DSS

call-centre

PCI Compliance: Five things you should know about PCI DSS but are too afraid to ask

The Payment Card Industry Data Security Standard (PCI DSS) remains surrounded by confusion and misinformation. For example many call centres do not appreciate that PCI DSS covers the entire trading environment including all third-party partners and vendors that handle card data and all must comply before full PCI compliance is achieved.

Here are five lesser known, but important PCI facts:

R

Responsibility

In December 2014 when the next version of the standard comes into force all suppliers of payment services must include a full list of all 258 controls in contracts clearly showing who is responsible for each control. In the event of lost data and a subsequent audit identifying where the breach in security occurred, the contract will form the basis of accountability. Potentially this is the first step towards holding suppliers accountable for lost data, which historically has always been with the responsibility of the merchant or client.
R

VISA will never fine a merchant

VISA cannot fine a merchant for card data loss because its contract is not with the merchant but the Acquirer (the merchant’s bank). It is the acquiring bank’s responsibility to make sure its merchants are compliant and as such it is the bank that will issue fines, increase charges for non-compliance and impose compulsory PCI programme costs. VISA will, however, fine the Acquirer if its merchants are non-compliant.
R

There is no such thing as a PCI DSS compliant solution

Products are often incorrectly marketed as PCI DSS compliant. To advertise this claim is to miss the very point that PCI DSS is trying to achieve ie to maintain a unified security standard to which merchants must adhere. Only companies and other legal entities can be PCI DSS compliant, not products or software.
R

Misinformation is perpetuated by procurement and marketing departments

The belief that solutions can be PCI compliant is often the result of procurement and marketing people who do not really understand the premise of PCI compliance and ask solution providers in tenders whether the solution is PCI compliant? This is an incorrect question but many suppliers are happy to go along with this misconception in order to win business. So the PCI DSS cycle of confusion continues.
R

Only select suppliers that appear on the VISA Merchant Agent List website

Not all payment solution providers are created equal. To be certain whether a third-party vendor is compliant it is important to check the VISA Merchant Agent List which has two levels of organisation with very different validation procedures. Level 1, the top level requires an Attestation of Compliance (AOC) from a Qualified Security Assessor (QSA) and applies to organisations that store, process and/or transmit more than 300,000 VISA transactions per year. Level 2, applies to smaller providers with less than 300,000 transactions and can be achieved by completing an annual self-assessment questionnaire.

Encoded is a leading provider of interactive voice response and automated payment solutions. It is also Level 1 PCI DSS Compliant.

To find out more and to talk about how Encoded can help save you money and protect your payment business please call Rob Crutchington on 0845 120 9790 or email r.crutchington@encoded.co.uk

It can take years to rebuild a reputation after a security breach, but it only takes a few minutes to check whether the vendor you are working with appears on the Visa Europe Merchant Agents list has achieved full PCI DSS compliance and Level 1 status.

Search for yours now: visa merchant agents list

To find out more about PCI DSS accredited payment solutions from Encoded please call: Rob Crutchington on 0845 120 9790

Recent posts

How to make outsourcing pay

How to make outsourcing pay

Rob Crutchington shares his 3-point methodology to maximise the UK’s outsourced contact centre opportunity.According to the Call Centre Management Association (CCMA), contact centre outsourcing in the UK has been steadily increasing over the past decade and the...

read more
Top PCI DSS challenges and how to overcome them

Top PCI DSS challenges and how to overcome them

Make PCI DSS compliance an intrinsic part of your Information Security framework but ensure it’s not a one-off exercise. That’s the message from Rob Crutchington, CEO of Encoded. Here, he shows how to reduce customer effort and boost payment success while protecting...

read more
How to boost payment card security and customer confidence

How to boost payment card security and customer confidence

Cross-generational fears over security are triggering new payment trends that potentially threaten the advent of a cashless society. Rob Crutchington believes it is the perfect opportunity to win back customers by blending compliance standards with secure payment...

read more
Related articles

Other Marketing news stories you may be interested in

How to make outsourcing pay

How to make outsourcing pay

Rob Crutchington shares his 3-point methodology to maximise the UK’s outsourced contact centre opportunity.According to the Call Centre Management...

read more

Speak to the team

To discover how our secure payment solutions can free up your contact centre agents’ time allowing them to focus on customer service, more complex enquiries and revenue-generating activities.

Book a call