Executive Briefing on PCI Compliance 3 rd March 2011 Ashley Unitt, CTO, NewVoiceMedia www. newvoicemedia .com
What is PCI DSS? • Payment Card Industry Data Security Standard – developed to help reduce fraudulent transactions • States that credit card data should be handled and stored in such a way that the information required to make a purchase is not accessible after the purchase has been made • Implications for non-compliance: – Merchants can be penalised up to $200,000/£125,000 per breach plus $25/£16 per account reissued, and have their services suspended – Damage to reputation, brand and adverse PR which can have a long term impact on customer confidence – Cost of the fraud www. newvoicemedia .com
Why is telephone card payment security important ? • Chip & PIN has been the main fraud reduction driver in face-to-face transactions, and Verified by Visa has helped in the e-commerce sector • But, there remains a limited amount of solutions that can fight fraud in the Mail Order/ Telephone Order (MOTO) space • The FSA and other regulatory bodies across Europe require some companies to record and store telephone conversations in a range of situations • The PCI DSS, however, stipulates that the CVV2 (Credit Card Validation Value) cannot be kept post-authorisation, and full Personal Account Numbers (PANs) cannot be kept without further protection measures • Therefore, there is a risk that organisations who take customer credit card details over the telephone may be recording the full cardholder details, and therefore be in contravention of the mandatory requirements of the PCI DSS Source: Call Recording Fact Sheet UK May 2010 www. newvoicemedia .com
Achieving PCI Compliance • How do breaches occur? – Agent fraud when processing card payments over the phone – Recordings of the call may be accessed divulging card information – Homeworkers may operate in less “secure” environments • How can breaches be avoided? – re-engineer the business process to automate the credit card transaction and remove agents from the payment process – Suspend call recording for credit card transactions to ensure card details are not accessible – Implement a mid-call IVR to automatically collect card payments with the option for secure agent assistance – Never let cardholder details get on to a customer’s site www. newvoicemedia .com
Who are NewVoiceMedia? Established 10 years, serving 300 customers in 11 countries ContactWorld platform launched in 2006 to provide a cloud based business telephony solution Stable 99.999% service delivered from 3 UK data centres Processed over 90 Million Calls in 2010 Partnerships with BT, salesforce.com, China Telecom www. newvoicemedia .com www. newvoicemedia .com www. newvoicemedia .com
What do we do? NewVoiceMedia delivers cloud-based technology that offers enterprise class business telephony at a fraction of the cost of traditional systems Smaller businesses take advantage of a sophisticated telephony solution that identifies callers, prioritises and routes them effectively Larger companies operating a call centre benefit from a more flexible system that doesn’t require specialist expertise or months to implement or adapt. www. newvoicemedia .com
NewVoiceMedia Solutions • Cloud Contact Centre Solution • ACD, IVR, CTI, Call Recording and Management Information • Available as ‘Pay as you go’ service • Full CTI integration into Salesforce CRM • Provides a single, seamless view of all customer interactions • Innovative dynamic routing of calls on Salesforce data • PCI DSS compliant payment system for contact centres • Mid-call IVR securely collects card payments • Removes opportunities for fraud www. newvoicemedia .com
Some of our Reference Customers www. newvoicemedia .com
ContactWorld PCI • NewVoiceMedia are a validated Level 1 PCI DSS service provider • Makes PCI DSS compliance a lot easier by reducing our customer’s PCI DSS scope • Can be simply added to existing call centre infrastructures and, unlike the alternatives, doesn't come with a hefty price tag • Links directly to the payment gateway companies to speed up transaction processing • Reduces the opportunities for fraud • NewVoiceMedia technology is currently processing approximately £100K/day in payments www. newvoicemedia .com
NewVoiceMedia Architecture NewVoiceMedia Data Centres PSTN Customers NewVoiceMedia NewVoiceMedia ContactWorld ContactWorld PCI SSL/HTTPS PSTN PSTN Traffic Payment Gateway WorldPay WWW Client Officers SSL/HTTPS Virtual Teams PSTN or VoIP Homeworkers & DR PBX Firewall Router LAN www. newvoicemedia .com
How Does a Mid Call IVR work? Public Telephone Network Agent No Client Data Network www. newvoicemedia .com
Summary • Anyone who takes credit card payments needs to be PCI DSS compliant • With the advent of chip and PIN and 3D Secure more fraud switching to telephone based transactions • Solutions such as ContactWorld PCI that provide tokenisation of card holder data are the way forward • View a demo of ContactWorld PCI: http://www.newvoicemedia.com/contactworld_pci/ www. newvoicemedia .com
Recommend
More recommend