Welcome!

Cloud Security Authors: Yeshim Deniz, Mark Ross-Smith, Liz McMillan, Pat Romanski, Allwyn Sequeira

Blog Feed Post

Protraction, Complacency And Ignorance: PCI DSS Compliance In Disarray Amongst UK Contact Centres

Survey marks the launch of PCI TeleSafe, a ground breaking telephony solution to help contact centres comply with the standard

20 December, 2010 - New research from Connected World, leading provider of communication solutions for businesses today reveals that despite 36.7% of contact centres judging themselves to be fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), the vast majority (89%) admitted to not understanding its requirements and penalties.

Compounding further concern and reflecting a high level of disarray in the market, a third of all contact centre respondents (33%) claimed at best to be years away from full PCI DSS compliance, with a fifth (21%) stating that their processes will never be in full accordance with the standard's stringent requirements.

The survey of more of than 200 contact centre decision makers spanning a range of industries from retail and leisure to public service and finance was commissioned to mark the launch of Connected World's PCI TeleSafe solution, a network based telephony solution that protects customers account data at the point of payment and resolves a host of PCI DSS compliance headaches faced by contact centres today.

PCI DSS Requirements for telephony payments are stringent and regarded as one of the most challenging aspects for contact centres to comply with. More than a quarter of survey respondents (28%) said they had some safeguards in place to protect sensitive data but felt they would benefit from tighter security measures to better protect their customers.

However, the overall PCI DSS message of compliance appears to be getting through, but only to a limited section of the market. Of those that were aware of the term, only 41% stated that compliance with the PCI DSS standard was crucial to the future of their business. The remaining 59% describing compliance with the standard as "not a top priority" or "something we need to find out about".

"We've been amazed by the level of confusion in the market, especially given the fines that card issuers can impose if they find a vendor to be in breach of the standard's requirements." comments Jamie Price, Director, Connected World. "Contact centres urgently need to attend to their processes, or they could be held accountable for security breaches and fraud that would otherwise by covered by the card issuer."

On a wider level, the survey revealed a clear need to heighten awareness as well as adjust processes and tools in use in day to day operations. In order for PCI DSS compliance to be fully achieved in a contact centre, many levels within the organisation need to be engaged in the process, from staff training to telecoms security. Despite this, more than 74% of respondents admitted that the issues are not clearly understood across their organisation and just 11% respondents said they fully understood what the standard demands and the consequences of not conforming.

Nevertheless, it seems confidence in current data security measures is high. 68% respondents stated that they were confident that they were processing telephony payments securely despite not fully understanding the PCI DSS requirements, suggesting a level of indifference to the standard in the industry and a marked belief that contact centres are already doing enough to protect customer data.

"Now is not the time for contact centres to bury their heads in the sand," adds Price. "The standard is complicated and full compliance isn't easy to achieve. Whatever you think about the standard, it won't change the fact that your business is at risk if you fail an assessment. Moreover, call centres that operate on behalf of customer organisations could suffer severely should they be exposed as non-compliant.

Connected World's network-based solution, PCI TeleSafe, enables contact centre customers paying over the phone to make their purchase without exposing their card details to the call centre operative they are talking to, and without having their call diverted to a secure third party. The customer enters their personal card data using their phone keypad, keytones are masked on the phone and the data is securely captured by the system but is hidden on the operator's screen as asterisks. The end result is a telephony payment process which answers a number of the standard's requirements, including "restricting physical access to cardholder data", and "encrypting submission of card holder data" (Requirements 4 and 9 of PCI DSS, respectively).

Overall, when questioned, more than a third of respondents cited "the fear factor" - namely an increase in either the chances of being spot-assessed by the Security Standards Council or an increase in penalties - as their primary motivation for striving for full compliance. The remainder indicated that the resultant gains in customer trust would sway them the most.

###

About PCI DSS
The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

For more information please consult: www.pcisecuritystandards.org

About Connected World
Launched in 2007 under the TalkTalk Enterprise brand and in partnership with Carphone Warehouse, Connected World are specialist providers of inbound call handling solutions, providing network and cloud-based automated technology for call handling & workforce management. Based in Warrington, Cheshire, Connected World provide bespoke services to a wide variety of organisations across the UK, including call centre operators, premier league football clubs, hoteliers, groups within the NHS and other areas of the public sector.

For more information about, or to see a video presentation on TeleSafe, visit www.connectedworld.co.uk, or see TeleSafe Video Overview

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

@ThingsExpo Stories
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and G...
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Onalytica. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Manufacturers are embracing the Industrial Internet the same way consumers are leveraging Fitbits – to improve overall health and wellness. Both can provide consistent measurement, visibility, and suggest performance improvements customized to help reach goals. Fitbit users can view real-time data and make adjustments to increase their activity. In his session at @ThingsExpo, Mark Bernardo Professional Services Leader, Americas, at GE Digital, discussed how leveraging the Industrial Internet and...
SYS-CON Events announced today that delaPlex will exhibit at SYS-CON's @CloudExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. delaPlex pioneered Software Development as a Service (SDaaS), which provides scalable resources to build, test, and deploy software. It’s a fast and more reliable way to develop a new product or expand your in-house team.
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
The security needs of IoT environments require a strong, proven approach to maintain security, trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vic...
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
You think you know what’s in your data. But do you? Most organizations are now aware of the business intelligence represented by their data. Data science stands to take this to a level you never thought of – literally. The techniques of data science, when used with the capabilities of Big Data technologies, can make connections you had not yet imagined, helping you discover new insights and ask new questions of your data. In his session at @ThingsExpo, Sarbjit Sarkaria, data science team lead ...
SYS-CON Events announced today that IoT Now has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
SYS-CON Events announced today that WineSOFT will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Based in Seoul and Irvine, WineSOFT is an innovative software house focusing on internet infrastructure solutions. The venture started as a bootstrap start-up in 2010 by focusing on making the internet faster and more powerful. WineSOFT’s knowledge is based on the expertise of TCP/IP, VPN, SSL, peer-to-peer, mob...
The Internet of Things can drive efficiency for airlines and airports. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Sudip Majumder, senior director of development at Oracle, discussed the technical details of the connected airline baggage and related social media solutions. These IoT applications will enhance travelers' journey experience and drive efficiency for the airlines and the airports.
Big Data, cloud, analytics, contextual information, wearable tech, sensors, mobility, and WebRTC: together, these advances have created a perfect storm of technologies that are disrupting and transforming classic communications models and ecosystems. In his session at @ThingsExpo, Erik Perotti, Senior Manager of New Ventures on Plantronics’ Innovation team, provided an overview of this technological shift, including associated business and consumer communications impacts, and opportunities it m...
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.