A Spotlight on PCI Compliance at Mayflower Theatre
Mayflower Theatre is the third-largest theatre outside of London, with a seating capacity of 2,271, and has seen many big-name shows, comedians, musicals, dramas and musicians perform, including the Beatles and the Rolling Stones.
We talk to Paul Thompson, IT Manager at Mayflower Theatre who explains the journey they have taken to achieve PCI compliance:
The need for compliance
“Complying with PCI DSS was a strategic focus for us, particularly due to a requirement to satisfy our bank and other key stakeholders that our payment processing is being handled as securely as possible.
We understand the importance of cybersecurity, the potential consequences and getting it right. Plus, we’re influential in our peer group being the size we are, and we are often at the leading edge of strategic projects like this – we want to be seen as a trailblazer in the realm of PCI DSS.
Finding the right PCI DSS solution
Having attended the PCI London Conference for several years, I understand what compliance means, the implications and who is out there to help and so contacted several firms to support us. PCI Pal presented the best solution for descoping our organization, which was clearly the way for us to go, and it is cost-effective too.
Now, with PCI Pal Agent Assist, when a caller wishes to pay, instead of taking payments over the phone with our call handlers, we have deployed a middleware solution that allies with PCI Pal. The information automatically populates from our ticketing application, the call is secured, customers provide their card data via their handset or using PCI Pal’s speech recognition option, and the information goes directly to the gateway for processing. It’s transparent to the call handler who can see if the transaction has been a success, but importantly they don’t see or have access to any of the actual card numbers, expiry data or CVV information.
As such, we have now been able to re-activate our call recording system and complete the PCI accreditation with our bank, which provides assurances.
The team at PCI Pal – including Luke and their wider support team – have been very professional and have been very clear with communications throughout the project.
PCI Pal Agent Assist provides a simple way for our team to handle payments and they don’t have the weight of responsibility in handling customers’ sensitive card payment data. The PCI Pal solution is simple to use with training provided in-house with an easy step-by-step guide.
We feel we are on a good solid path with PCI Pal and are feeling much more confident that our payment security and PCI compliance has greatly improved.”