Our team at PCI Pal is continuously following, studying, and preparing for changes in the payment and data security landscape. Late last year, The PCI Security Standards Council (PCI SSC) released one of those significant landscape shifts with its first revision of ‘Protecting Telephone Based Payment Card Data’ since 2011. Increasing from 12 to 70 pages in length, the document highlights the increased importance of prioritizing the security of telephone-based payments.
As new threats are continuously being identified, PCI Compliance solutions are shifting from being a corporate line item to a necessity. The revised PCI SSC document points to an increase in card payments and the incremental increase in card fraud. With increased fraud, must come an increased defensive strategy.
The document also highlights technology’s role to play with new advancements being made since the last publication in 2011. As the industry has evolved, technologies such as encryption, tokenisation and chip and pin have significantly reduced ‘card present’ frauds, so we are seeing criminals attempting to exploit Cardholder Not Present (CNP) channels.
With these channels being an increased target, there is a vital need for organizations to understand how they can reduce/eliminate risks. As such, the PCI Security Standards Council has refreshed its guidance to help organizations assess and manage telephone payment risks. We have created an eBook in summary of the latest updates to provide an easily digestible version of the content that can be found here. It takes into account three key focus areas; people, process and technology, which offers real clarity, advice and guidance for organizations on what steps they need to address to ensure their environments are descoped from the requirements of PCI Compliance, and ultimately not putting customers’ sensitive data at risk.