Act Now! Why Time Is Running Out To Prove PCI Compliance ‘Innocence’

Blog / Security / Act Now! Why Time Is Running Out To Prove PCI Compliance ‘Innocence’

Do you know there are just several months before major changes come into force around payment card information (PCI) protection? With regulations changing in March 2024.


Many organisations are unaware and unprepared for the radical changes they need to introduce around how they operate with PCI. From March 2024 they will need to prove their innocence by providing real-life data and proof of their compliancy, rather than simply verbally defending any guilt that has been implicated.

Our partners and their customers all need to know that PCI compliance is changing and understand how it is focusing on strengthening the protection of payment card information. PCI 4.0 is moving to an evidence-based model where a customer has to prove they are fully compliant rather than just verbally indicating they are.

In most cases, the existing ‘Pause and Resume’ model - where credit card details are not recorded when taking payments over the telephone - simply isn’t fit for purpose.


Fines already run into millions of pounds depending on the size of a company and the scale of any breach.


Huge Swing

Pause and Resume was never a perfect solution anyway. It is notoriously unreliable and even adopting manual procedures isn’t perfect either – as human error can occur when pressing buttons and pausing recordings.


Call and contact centre staff are still hearing the details anyway. They might be keying it into another system or writing it down to double-check it’s correct (on paper that needs to be destroyed). Equally in a world where we all walk around yelling at our mobile phones, the person giving their card details risk being overheard especially if they are in a public place such as a supermarket. There are many holes in this sequence of events that can put compliance seriously at risk.


The whole PCI compliance issue is about what’s in scope. There’s a massive amount to consider because if you are using Teams or Webex to take that call that’s on the desktop of a PC so now your PC’s and the entire network are in scope along with your physical handsets and wider buildings. There’s so much PCI auditors need to look at and assess.


In March 2024 it will no longer be good enough just to say “you have a process”. You and your organisation will need to prove it and provide evidence. This is a HUGE swing. Imagine having to prove every single Pause and Resume call hasn’t been compromised. It will be so time-consuming and probably almost impossible to do.


There are certain small and quick ways to improve the situation, such as turning on transcription to try and look for CBC numbers etc. But the bottom line is that organisations will need to prove their innocence as opposed to auditors proving guilt. For busy call centres, this is going to be a massive challenge without a radical overhaul of their existing payment procedures. It’s time, it’s money, it’s everything.


Helping Hand

Furthermore, technologies based around DTF masking have always been expensive and designed for larger call centres and multiple users.


At Evolve IP, we believe solutions should work for everyone but currently, that’s not always the case. Some PCI solutions available require a minimum deployment of say 50 users which simply isn’t viable for a small business such as a florist that needs to take random payments over the telephone. Equally, other solutions need to have the ability to scale up to larger enterprises. Also, we even know of some models based on a low cost of entry but then charge higher transaction fees.


Evolve IP is here to help with the launch of Anywhere Secure Call, the latest addition to our Anywhere Product Suite. Anywhere Secure Call is cost-effective and can easily be rolled out from one person to one thousand. It’s simple to set-up and has been built from the ground up by our in-house technical experts. Now any business that needs to take card payments can just enable Secure Call…. and sleep easy at night! It can be as simple or sophisticated as required and can even be plugged into a CRM database to automate the whole process. We are covering all angles, from a small florist to a gardening company and everything in between - helping businesses grow.


The time to act is now. Be prepared for the changes that are being implemented for PCI in March 2024.

Evolve IP has implemented the latest technology that can assist you and ensure that you and your customers are secure and follow PCI 4.0 - Introducing Anywhere Secure Call 

Your essential IT ally for the enterprise hybrid workforce.

APG Nike_EMEA ford-img Greenchoice Argos zorggroep KNAB

Simplify and future-proof your technology footprint with Evolve IP

partner_logo_webex partner_logo_ms_teams partner_logo_enghouse partner_logo_dubber Akixi_Logo_OxfordBlueGrad-1 partner_logo_monda_go partner_logo_peterConnects

It's nearly impossible to stay on top of every change in technology. Partner with Evolve IP and gain the combined experience of hundreds of technologists, all acting as an extension of your business. Helping you do more with less.

Featured By
 UC Partner award  UC Partner award Gartner Logo
Certified By
ISO 27001