The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard designed to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process, and transmit cardholder data. To minimize interoperability problems among the existing standards, the combined effort made by the principal credit card organizations resulted in the release of version 1.0 of PCI DSS in December 2004. PCI DSS has been implemented and followed across the globe.
The Federal Trade Commission (FTC) has responsibility for the oversight of credit card processing as it falls under the need for consumer protections and oversight. While there is not necessarily a regulatory mandate for PCI compliance, it is regarded as mandatory through court precedent.
In general, PCI compliance is a core component of any credit card company’s security protocol. It is generally mandated by credit card companies and discussed in credit card network agreements.
The PCI Standards Council is responsible for the development of the standards for PCI compliance. These standards apply for merchant processing and have also been expanded to outline requirements for encrypted internet transactions. Other key entities that are also associated with standard-setting in the credit card industry include The Card Association Network and the National Automated Clearing House (NACHA).
Fines for non-compliance can go up to $100,000 per month and potentially $90 for each customer affected by a data breach.
In other words, if your organization takes credit cards, not complying with PCI could be very expensive. It is worth pointing out the cost of the fines could be a small part of the overall cost of a breach. There are legal costs, class action suits, lost productivity, lost customers and companies can quickly be put out of business as news of a breach get out and customers defect.
Enter PCI Pal.
The company helps your business take credit card payments securely.
In an exclusive interview with Darren Gil, the Chief Revenue Officer, he said, “The aim of the company is to be the trusted partner to allow customers to deliver a secure payment solution.”
He said the United States is many months behind much of the rest of the world in terms of handling payments securely. Often, contact center agents in the U.S. will write down credit card numbers for later input – a big no-no, especially when it comes to the EU’s GDPR regulations.
The company’s technology allows a customer to enter their credit card information via phone without the agent being able to get access to the information.
On a related note – he mentioned that many contact centers have years of recordings on file and contained within are credit card numbers. Companies realize the security issues and liability but PCI Pal does not remove this information. This presents a quandary for the companies who need the calls recorded for compliance and legal reasons but don’t want the credit card information for similar reasons.
We asked Darren about the British Airways hack – we reported last July the airline was fined $229 for leaking information on 500,000 customers. In this case, the company was breached through their chatbot app and then the hackers gained access to the customer database.
Darren said they recommend companies not store credit card information. PCI Pal can take this data and pass it to the payment gateway without the need to archive the information which could be stolen at a later time. “We suggest you fully descope,” he exclaimed.
This past January, the company launched its omnichannel solution allowing for secure payment options for digital engagement channels including Webchat, social media, email, SMS and more.
“As we see the increased adoption of digital channels within organizations, including both our partners and direct customers, we believe that now is the time to introduce our digital payment offering supplementing our existing Agent Assist and IVR solutions,” said James Barham, CEO, PCI Pal. “The market is experiencing a shift towards digital engagement and as such we are creating the opportunity for our partners and customers to leverage payments within these newer sales and service channels. As with all our solutions, PCI Pal Digital has been developed in-house and is available to organizations globally through our true-cloud platform.”
Darren said they also have a solution that allows the secure transmission of account numbers and social security numbers – this is being used in EMEA at the moment.
They are also working on an ASR solution to take payments and are creating a solution for a pizza franchise allowing them to take credit card information via chat through a web form.
PCI Pal helps reduce risk for companies that take credit card information. By using industry best-practices and not storing credit card information, companies take on less risk of a breach and potentially having the information used as leverage to collect a ransom or just be released. By reducing the risk of a breach, they also reduce the risk of fines, legal costs and loss of customers due to hackers getting into their systems.
This Event has been called the BEST SHOW in 5 YEARS and the Best TECHNOLOGY EVENT of 2020.
2020 participants included: Amazon, Cisco, Google, IBM, ClearlyIP, Avaya, Vonage, 8×8, Comcast Business, BlueJeans, CoreDial, Dell, Edify, Epygi, FreeSWITCH, Grandstream, Granite, Intrado, Frontier Business, Fujitsu, Jenne, West, Konftel, Intelisys, Martello, NetSapiens, OOMA, Oracle, OpenVox, Peerless Network, Phone Sentry, Phone.com, Poly, QuestBlue, RingByName, Sangoma, SingTel, SkySwitch, Spracht, Spectrum, Sprint, Tallac, Tech Data, Telarus, TCG, Teledynamics, Teli, Telinta, Telispire, Telstra, TransNexus, Unified Office, Vital PBX, VoIP Supply, Voxbone, VoIP.MS, Windstream, XCALY, XORCOM, Yealink, Yubox, and ZYCOO. Full List.
Join 8K others with $25B+ in IT buying power who plan 2021 budgets! Including 3,500+ resellers!
June 22-25, 2021, Miami Register now and you could win a Tesla on Feb 12th.