Do you know there are just several months before major changes come into force around payment card information (PCI) protection? With regulations changing in March 2024.
Many organisations are unaware and unprepared for the radical changes they need to introduce around how they operate with PCI. From March 2024 they will need to prove their innocence by providing real-life data and proof of their compliancy, rather than simply verbally defending any guilt that has been implicated.
Our partners and their customers all need to know that PCI compliance is changing and understand how it is focusing on strengthening the protection of payment card information. PCI 4.0 is moving to an evidence-based model where a customer has to prove they are fully compliant rather than just verbally indicating they are.
In most cases, the existing ‘Pause and Resume’ model - where credit card details are not recorded when taking payments over the telephone - simply isn’t fit for purpose.
Fines already run into millions of pounds depending on the size of a company and the scale of any breach.
Pause and Resume was never a perfect solution anyway. It is notoriously unreliable and even adopting manual procedures isn’t perfect either – as human error can occur when pressing buttons and pausing recordings.
Call and contact centre staff are still hearing the details anyway. They might be keying it into another system or writing it down to double-check it’s correct (on paper that needs to be destroyed). Equally in a world where we all walk around yelling at our mobile phones, the person giving their card details risk being overheard especially if they are in a public place such as a supermarket. There are many holes in this sequence of events that can put compliance seriously at risk.
The whole PCI compliance issue is about what’s in scope. There’s a massive amount to consider because if you are using Teams or Webex to take that call that’s on the desktop of a PC so now your PC’s and the entire network are in scope along with your physical handsets and wider buildings. There’s so much PCI auditors need to look at and assess.
In March 2024 it will no longer be good enough just to say “you have a process”. You and your organisation will need to prove it and provide evidence. This is a HUGE swing. Imagine having to prove every single Pause and Resume call hasn’t been compromised. It will be so time-consuming and probably almost impossible to do.
There are certain small and quick ways to improve the situation, such as turning on transcription to try and look for CBC numbers etc. But the bottom line is that organisations will need to prove their innocence as opposed to auditors proving guilt. For busy call centres, this is going to be a massive challenge without a radical overhaul of their existing payment procedures. It’s time, it’s money, it’s everything.
Furthermore, technologies based around DTF masking have always been expensive and designed for larger call centres and multiple users.
At Evolve IP, we believe solutions should work for everyone but currently, that’s not always the case. Some PCI solutions available require a minimum deployment of say 50 users which simply isn’t viable for a small business such as a florist that needs to take random payments over the telephone. Equally, other solutions need to have the ability to scale up to larger enterprises. Also, we even know of some models based on a low cost of entry but then charge higher transaction fees.
Evolve IP is here to help with the launch of Anywhere Secure Call, the latest addition to our Anywhere Product Suite. Anywhere Secure Call is cost-effective and can easily be rolled out from one person to one thousand. It’s simple to set-up and has been built from the ground up by our in-house technical experts. Now any business that needs to take card payments can just enable Secure Call…. and sleep easy at night! It can be as simple or sophisticated as required and can even be plugged into a CRM database to automate the whole process. We are covering all angles, from a small florist to a gardening company and everything in between - helping businesses grow.
The time to act is now. Be prepared for the changes that are being implemented for PCI in March 2024.
Evolve IP has implemented the latest technology that can assist you and ensure that you and your customers are secure and follow PCI 4.0 - Introducing Anywhere Secure Call