Skip to main content

Don’t Let Your PCI Standards Slip

Man at desk holding and looking at phone, with headset in other hand

It’s easy to become lax when it comes to PCI DSS (Payment Card Industry Data Security Standards), especially when the threat is invisible. But you only need look to the latest headlines (ahem, Tesco) to see just how prevalent data breaches and security failures are, even among globally recognised enterprises.

Alarmingly, since the introduction of PCI DSS 3.1 last year, 71.4% of companies who achieved full PCI compliance let their standards slip within a year. Think about that for a second … only 28.6% of companies that were successfully validated are likely to have maintained their PCI standards over the past 12 months. All that hard work down the drain.

If you want to maintain your organisation’s reputation and remain a name which clients and customers trust, you need to stay on the ball when it comes to PCI DSS. This is also essential if you want to continue using the “Big Five” payment card vendors who make up the PCI SSC (Security Standards Council), while avoiding potential financial penalties and any other sticky situations that might arise from non-compliance.

Raising the Bar

Unfortunately, as PCI compliance becomes increasingly important, the hoops organisations must jump through to achieve it become more and more difficult to reach. Growing threats to data security prompted a major update to PCI DSS 3.0 last year (3.1), and another earlier this year (3.2), which have significantly complicated the original standards, making full compliance far harder to attain.

Somewhat paradoxically, the requirement to perform regular security system tests AKA penetration testing (introduced as the 11th requirement of PCI DSS 3.0), which was arguably the most important improvement introduced with 3.0, also seemed to be the most difficult for contact centres and other businesses to adhere to. According to Verizon, this requirement saw a marked decrease in compliance post-introduction; however, since July of last year it’s been a standard rather than best practice, so this situation should have been rectified.

Nobody’s Perfect – Yet!

When the new standards were first rolled out, a huge number of organisations and contact centres were unable to comply immediately. Yet, as time has worn on and threats have become more prevalent, increasing numbers of businesses are approaching the “full compliance” mark.

According to the Verizon report, 80% of organisations are now able to meet 90% of PCI DSS testing procedures and sub-controls. Although four in five merchants are currently technically non-compliant, the vast majority have radically improved their game and are certainly “getting there”.

Helping Contact Centres Maintain Their PCI Standards

The latest standards are designed to be tough, but there’s no need to be intimidated or disheartened. Achieving full compliance can be tricky, but partnering with a 3rd party solution provider like PCI Pal can dramatically reduce the likelihood of your hard-earned PCI standards falling by the wayside.

Obviously, protecting customer data, and brand reputation, is a high priority for ecommerce merchants as well as bricks and mortar businesses, but it’s important to remember that PCI DSS compliance is only a starting point, not the end goal of your cybersecurity policies.

Get in touch with our expert payment security consultants today to discover a quick, powerful and hassle-free way to make your contact centre PCI DSS compliant. We look forward to hearing from you.

How can we help?

Get in touch today to discuss our technology and your requirements.

Sign up for Knowledge Centre notifications

Never miss the latest blog, news, podcast or event. Sign up to be notified when we publish something new.

Chat with us