Don’t Let Your PCI Standards Slip

Blog
9 November 2016
Man at desk holding and looking at phone, with headset in other hand

It’s easy to become lax when it comes to PCI DSS (Payment Card Industry Data Security Standards), especially when the threat is invisible. But you only need look to the latest headlines (ahem, Tesco) to see just how prevalent data breaches and security failures are, even among globally recognised enterprises.

Alarmingly, since the introduction of PCI DSS 3.1 last year, 71.4% of companies who achieved full PCI compliance let their standards slip within a year. Think about that for a second … only 28.6% of companies that were successfully validated are likely to have maintained their PCI standards over the past 12 months. All that hard work down the drain.

If you want to maintain your organisation’s reputation and remain a name which clients and customers trust, you need to stay on the ball when it comes to PCI DSS. This is also essential if you want to continue using the “Big Five” payment card vendors who make up the PCI SSC (Security Standards Council), while avoiding potential financial penalties and any other sticky situations that might arise from non-compliance.

Raising the Bar

Unfortunately, as PCI compliance becomes increasingly important, the hoops organisations must jump through to achieve it become more and more difficult to reach. Growing threats to data security prompted a major update to PCI DSS 3.0 last year (3.1), and another earlier this year (3.2), which have significantly complicated the original standards, making full compliance far harder to attain.

Somewhat paradoxically, the requirement to perform regular security system tests AKA penetration testing (introduced as the 11th requirement of PCI DSS 3.0), which was arguably the most important improvement introduced with 3.0, also seemed to be the most difficult for contact centres and other businesses to adhere to. According to Verizon, this requirement saw a marked decrease in compliance post-introduction; however, since July of last year it’s been a standard rather than best practice, so this situation should have been rectified.

Nobody’s Perfect – Yet!

When the new standards were first rolled out, a huge number of organisations and contact centres were unable to comply immediately. Yet, as time has worn on and threats have become more prevalent, increasing numbers of businesses are approaching the “full compliance” mark.

According to the Verizon report, 80% of organisations are now able to meet 90% of PCI DSS testing procedures and sub-controls. Although four in five merchants are currently technically non-compliant, the vast majority have radically improved their game and are certainly “getting there”.

Helping Contact Centres Maintain Their PCI Standards

The latest standards are designed to be tough, but there’s no need to be intimidated or disheartened. Achieving full compliance can be tricky, but partnering with a 3rd party solution provider like PCI Pal can dramatically reduce the likelihood of your hard-earned PCI standards falling by the wayside.

Obviously, protecting customer data, and brand reputation, is a high priority for ecommerce merchants as well as bricks and mortar businesses, but it’s important to remember that PCI DSS compliance is only a starting point, not the end goal of your cybersecurity policies.

Get in touch with our expert payment security consultants today to discover a quick, powerful and hassle-free way to make your contact centre PCI DSS compliant. We look forward to hearing from you.

View more Blogs Knowledge Centre

How can we help?

Get in touch today to discuss our technology and your requirements.

CONTACT US

Sign up for Knowledge Centre notifications

Never miss the latest blog, news, podcast or event. Sign up to be notified when we publish something new.

notify me

You may also be interested in

Blog
Protecting Online Card Payments: Explore PSD2 and 3D Secure
Protecting Online Card Payments: Explore PSD2 and 3D Secure
Discover the world of protecting online card payments and fraud protection. Dive into the impact of PSD2 and the introduction of Strong Customer Authentication (SCA), including the use of 3D Secure (3DS) as an authentication protocol.
Read more
News
PCI Security Standards Council welcomes PCI Pal® CISO, Geoff Forsyth, to its Board of Advisors
PCI Security Standards Council welcomes PCI Pal® CISO, Geoff Forsyth, to its Board of Advisors
Geoff Forsyth, Chief Information Security Officer of PCI Pal®, has been appointed to the prestigious PCI Security Standards Council Board of Advisors for 2023-2025. As one of 52 members, Forsyth will contribute his extensive IT and security experience to advance global payment security standards.
Read more
NFP Health Deploys PCI Pal to Streamline Contact Center Payments
News
NFP Health Deploys PCI Pal to Streamline Contact Centre Payments
NFP Health Deploys PCI Pal to Streamline Contact Centre Payments
NFP Health deploys PCI Pal to streamline contact centre payments.
Read more
ACH Payments in the Contact Center
Blog
Securing ACH Payments in Contact Centres
Securing ACH Payments in Contact Centres
Offering ACH payments in contact centres can provide greater speed, accuracy, and efficiency. PCI compliance solutions help build trust with customers by ensuring call centre agents are not exposed to sensitive banking information.
Read more

More related content

Chat with us