PCI DSS Compliance
Secure payment solutions from Encoded. Independently certified as a level 1 PCI DSS compliant provider.
- Secure payment solutions
- PCI QSA partner – Blackfoot UK
- Level 1 PCI DSS compliant card payments
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to enhance the security of payment account data.
Card Data Security – The Buck Stops with the Merchant
Card accepting contact centres understand the importance of protecting customer data from fraud and cybercrime. However, it might be news to many that in the event of a security breach they will be the ones fined.
Why Encoded?
Encoded is a Level 1 PCI DSS accredited supplier – which means that contact centres and their customers can rely on Encoded’s technology with absolute confidence.
What are the major issues with PCI DSS and contact centres?
It is not easy to become a PCI DSS compliant contact centre because:
Handling Details
Allowing Agents live access to card payment details can lead to a high risk of those details being exposed. There are countless examples of Agents writing down information and sending it in emails etc. Therefore the risk from security breaches is high due to both human error and dishonesty.
Storing Details
Training Agents
How can Encoded Help?
The high cost of going through full PCI DSS Level 1 accreditation with an external Qualified Security Assessor (QSA) is leading to some vendors claiming to be compliant when in fact they have not been through the whole process. This is putting contact centre organisations at risk.
To find out more about our PCI DSS compliant contact centre solutions, take a look at Five Things Every Card-Accepting Contact Centre Should Know about PCI Compliance or call us on 01293 229 700.
Need help?
Frequently Asked Questions
Definitions
What is defined as ‘cardholder data’?
The PCI Security Standards Council (SSC) defines ‘cardholder data’ as the full Primary Account Number (PAN) or the full PAN along with any of the following elements: Cardholder name, Expiration date, Service code. Sensitive Authentication Data, which must also be protected, includes full magnetic stripe data, CAV2, CVC2, CVV2, CID, PINs, PIN blocks and more.
What is the definition of ‘merchant’?
What is a Service Provider?
A Service Provider is a business entity that isn’t a payment brand, but is directly involved in the processing, storage, or transmission of cardholder data on behalf of another business.
This also includes companies that provide services that control or could impact the security of cardholder data.
Examples include managed service providers that provide payment solutions, managed firewalls and other services, as well as hosting providers. (Source: PCI Security Standards).
There are two types of service provider, Level 1 and Level 2. Level 1 service providers must pass a PCI DSS audit in place by a Qualified Security Assessor (QSA). Level 2 service providers must evaluate themselves annually with the Self-Assessment Questionnaire, SAQ-D.
What is the difference between a Level 1 and Level 2 Service Provider?
Like merchants, service providers have different levels based on the volume of transactions they handle annually.
Level 1 Service Provider
These are service providers that store, process, or transmit more than 300,000 credit card transactions annually.
- PCI Requirements validated
- Annual Report on Compliance (ROC) by a Qualified Security Assessor (QSA)
- Quarterly network scan by an Approved Scanning Vendor (ASV)
- Penetration Test
- Internal Scan
- Attestation of Compliance (AOC) Form
Level 2 Service Provider
These are service providers that store, process, or transmit less than 300,000 credit card transactions annually.
- PCI Requirements validated
- Annual Self-Assessment Questionnaire (SAQ) D
- Quarterly network scan by an ASV
- Penetration Test
- Internal Scan
- AOC Form
.
Payment solutions for contact centres
Our suite of payment solutions for contact centres include Gateway Services, IVR, Agent Assisted Payments with Fraud Prevention Platform, eCommerce Payments and SMS PayByLink.
IVR Payments
Interactive Voice Response Payments (IVR Payments) is a method that allows callers to enter their card data via touch tones. This self-service process enables debit and credit card payments to be handled 24/7.
PayByLink
Agent Assisted Payments
eCommerce Payments
Gateway Services
Download our guides
Secure Contact Centre Payments brochure
What our customers say about us
“We needed to offer our members both fast and secure Payment Card Industry Data, Security Standard (PCI DSS) compliant payment methods and advanced e-commerce capabilities using automated technology. Encoded had done their homework and cared about our members and our business, even suggesting additional creative ways to use Encoded technology. From the outset, it was clear they were exploring new ideas to help us work even smarter.”
Karen Coates, Chief Operations Officer, The Wine Society
“We handle hundreds of thousands of calls every year that demand a broad knowledge of financial and legal matters as well as general property maintenance issues. Encoded presented a sound proposal that promised to deliver round-the-clock efficiencies in a cost effective package. The final overall approach and sophisticated IVR technology proved to be the perfect answer to our business problems.”
Tracey McCabe, Head of Customer Service, First Port Property Management
“We decided to refresh the online experience in response to customer demand and changes in the industry. It was a moment of clarity – Encoded was already handling our secure payments with data being fed into our billing system. We needed to create a front-end link so that customers could access this information themselves, rather than relying on speaking to an agent every time they wanted to make a payment or a change to their account details.”
Business Optimisation Manager,
Severn Trent Water
“One of the key reasons for choosing Encoded was to improve the team’s experience of managing large scale migrations from legacy payment systems. With Encoded’s in-depth knowledge of data security, PCI DSS compliance and the latest payment regulations, JT had confidence that the integration would be carried out within the project timescales and to budget.”
Tim Peach, Finance Operations Manager, Jersey Telecom
“From the outset, it was evident that Encoded grasped our requirements for an easy to deploy, fully transparent solution that could integrate seamlessly with our own IT systems. What is more, Encoded offered us a solid and highly scalable platform that promised to drive efficiencies whilst delivering the personal touch to those callers who needed it most.”
Collections and Recovery Department, One Savings Bank
“Along with the simplicity and highly configurable nature of Encoded’s solution, we were impressed by everyone’s professional, can-do attitude backed up by excellent support. Encoded offered a truly scalable solution that could grow with our business. In particular we trusted Encoded to support new ventures such as flexecash® which has already been adopted by a number of high street retailers.”
June Potts, Head of Customer Contact, Park Group
“Tens of thousands of calls relating to payment and meter reads are handled by sophisticated technology provided by Encoded. Encoded’s solutions have supported our business from day one, having been selected from a shortlist of four vendors for its ease of use, speedy implementation and cost-efficiency.”
Shell Energy
“Today, around 10% of all our sales are made using credit or debit card transactions. Our job is to make it easy for customers to pay for services swiftly and securely. Encoded listened carefully to our requirements, made sensible recommendations along the way and even adapted the technology to suit us. The whole experience ran smoothly and we were impressed by their level of knowledge and understanding of our business.”
Peter Doyle, Risk Manager,
Health-on-line
LATEST NEWS
Articles you may be interested in
MOTO still matters and frictionless payments matter even more
People in the payments industry like talking about ‘the next big thing.’ However, with debit cards remaining the most...
Top Highlights From the Latest Decision-Makers’ Guide
Now in its 21st year, ContactBabel’s 2024 UK Contact Centre DMG reveals that AI is a priority for technology...
Many predictions have been made over the years but have they come true?
Rob Crutchington at Encoded takes a look back at some of his previous predictions and offers a new one for 2024.At the...
Speak to the team
To discover how our secure payment solutions can free up your contact centre agents' time allowing them to focus on customer service, more complex enquiries and revenue-generating activities.