Click here to close now.

Welcome!

AJAX & REA Authors: Liz McMillan, Bernard Golden, Elizabeth White, Hovhannes Avoyan, XebiaLabs Blog

Blog Feed Post

Protraction, Complacency And Ignorance: PCI DSS Compliance In Disarray Amongst UK Contact Centres

Survey marks the launch of PCI TeleSafe, a ground breaking telephony solution to help contact centres comply with the standard

20 December, 2010 - New research from Connected World, leading provider of communication solutions for businesses today reveals that despite 36.7% of contact centres judging themselves to be fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), the vast majority (89%) admitted to not understanding its requirements and penalties.

Compounding further concern and reflecting a high level of disarray in the market, a third of all contact centre respondents (33%) claimed at best to be years away from full PCI DSS compliance, with a fifth (21%) stating that their processes will never be in full accordance with the standard's stringent requirements.

The survey of more of than 200 contact centre decision makers spanning a range of industries from retail and leisure to public service and finance was commissioned to mark the launch of Connected World's PCI TeleSafe solution, a network based telephony solution that protects customers account data at the point of payment and resolves a host of PCI DSS compliance headaches faced by contact centres today.

PCI DSS Requirements for telephony payments are stringent and regarded as one of the most challenging aspects for contact centres to comply with. More than a quarter of survey respondents (28%) said they had some safeguards in place to protect sensitive data but felt they would benefit from tighter security measures to better protect their customers.

However, the overall PCI DSS message of compliance appears to be getting through, but only to a limited section of the market. Of those that were aware of the term, only 41% stated that compliance with the PCI DSS standard was crucial to the future of their business. The remaining 59% describing compliance with the standard as "not a top priority" or "something we need to find out about".

"We've been amazed by the level of confusion in the market, especially given the fines that card issuers can impose if they find a vendor to be in breach of the standard's requirements." comments Jamie Price, Director, Connected World. "Contact centres urgently need to attend to their processes, or they could be held accountable for security breaches and fraud that would otherwise by covered by the card issuer."

On a wider level, the survey revealed a clear need to heighten awareness as well as adjust processes and tools in use in day to day operations. In order for PCI DSS compliance to be fully achieved in a contact centre, many levels within the organisation need to be engaged in the process, from staff training to telecoms security. Despite this, more than 74% of respondents admitted that the issues are not clearly understood across their organisation and just 11% respondents said they fully understood what the standard demands and the consequences of not conforming.

Nevertheless, it seems confidence in current data security measures is high. 68% respondents stated that they were confident that they were processing telephony payments securely despite not fully understanding the PCI DSS requirements, suggesting a level of indifference to the standard in the industry and a marked belief that contact centres are already doing enough to protect customer data.

"Now is not the time for contact centres to bury their heads in the sand," adds Price. "The standard is complicated and full compliance isn't easy to achieve. Whatever you think about the standard, it won't change the fact that your business is at risk if you fail an assessment. Moreover, call centres that operate on behalf of customer organisations could suffer severely should they be exposed as non-compliant.

Connected World's network-based solution, PCI TeleSafe, enables contact centre customers paying over the phone to make their purchase without exposing their card details to the call centre operative they are talking to, and without having their call diverted to a secure third party. The customer enters their personal card data using their phone keypad, keytones are masked on the phone and the data is securely captured by the system but is hidden on the operator's screen as asterisks. The end result is a telephony payment process which answers a number of the standard's requirements, including "restricting physical access to cardholder data", and "encrypting submission of card holder data" (Requirements 4 and 9 of PCI DSS, respectively).

Overall, when questioned, more than a third of respondents cited "the fear factor" - namely an increase in either the chances of being spot-assessed by the Security Standards Council or an increase in penalties - as their primary motivation for striving for full compliance. The remainder indicated that the resultant gains in customer trust would sway them the most.

###

About PCI DSS
The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

For more information please consult: www.pcisecuritystandards.org

About Connected World
Launched in 2007 under the TalkTalk Enterprise brand and in partnership with Carphone Warehouse, Connected World are specialist providers of inbound call handling solutions, providing network and cloud-based automated technology for call handling & workforce management. Based in Warrington, Cheshire, Connected World provide bespoke services to a wide variety of organisations across the UK, including call centre operators, premier league football clubs, hoteliers, groups within the NHS and other areas of the public sector.

For more information about, or to see a video presentation on TeleSafe, visit www.connectedworld.co.uk, or see TeleSafe Video Overview

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

@CloudExpo Stories
Many of the well-known examples of DevOps success we read in blogs on the Internet paint an idyllic picture of DevOps productivity. A team was facing a stodgy, slow-moving operations department, teams weren’t delivering software on time. Those teams moved to DevOps, became proactive about infrastructure and deployment automation, and an overnight transition to productivity ensues. People are promoted, projects are successful, and developers and system administrators dance hand-in-hand in a final...
SYS-CON Media announced today that @ThingsExpo Blog launched with 7,788 original stories. @ThingsExpo Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @ThingsExpo Blog can be bookmarked. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago.
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being software-defined – from our phones and cars through our washing machines to the datacenter. However, there are larger challenges when implementing software defined on a larger scale - when building software defined infrastructure. In his session at 16th Cloud Expo, Boyan Ivanov, CEO of StorPool, will provide some practical insights on what, how and why when implementing "software-defined" in the dat...
SYS-CON Events announced today that robomq.io will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. robomq.io is an interoperable and composable platform that connects any device to any application. It helps systems integrators and the solution providers build new and innovative products and service for industries requiring monitoring or intelligence from devices and sensors.
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides private all-in-one social intranets allowing workers to securely collaborate from anywhere in the world and from any device. Social, mobile, and eas...
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch ...
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on T...
SYS-CON Events announced today that Litmus Automation will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Litmus Automation’s vision is to provide a solution for companies that are in a rush to embrace the disruptive Internet of Things technology and leverage it for real business challenges. Litmus Automation simplifies the complexity of connected devices applications with Loop, a secure and scalable clou...
In 2015, 4.9 billion connected "things" will be in use. By 2020, Gartner forecasts this amount to be 25 billion, a 410 percent increase in just five years. How will businesses handle this rapid growth of data? Hadoop will continue to improve its technology to meet business demands, by enabling businesses to access/analyze data in real time, when and where they need it. Cloudera's Chief Technologist, Eli Collins, will discuss how Big Data is keeping up with today's data demands and how in t...
How do you securely enable access to your applications in AWS without exposing any attack surfaces? The answer is usually very complicated because application environments morph over time in response to growing requirements from your employee base, your partners and your customers. In his session at 16th Cloud Expo, Haseeb Budhani, CEO and Co-founder of Soha, will share five common approaches that DevOps teams follow to secure access to applications deployed in AWS, Azure, etc., and the frict...
While DevOps most critically and famously fosters collaboration, communication, and integration through cultural change, culture is more of an output than an input. In order to actively drive cultural evolution, organizations must make substantial organizational and process changes, and adopt new technologies, to encourage a DevOps culture. Moderated by Andi Mann, panelists will discuss how to balance these three pillars of DevOps, where to focus attention (and resources), where organizations m...
Deploying and operating cloud technology is difficult and falls outside the core competencies of most organizations. As a result, many on-premises private cloud installations falter, casting doubt on private cloud as a solution in general. Yet private clouds come with a unique set of benefits that continue to drive widespread interest. There must be a better way. This session will give participants a clear roadmap of private cloud implementation challenges and offer actionable ideas for...
Database apps on mobile devices shouldn't stop working when there's limited or no network connectivity. In his session at 16th Cloud Expo, Bradley Holt, a Developer Advocate for IBM Cloudant, will discuss how to bring data stored in a cloud database to the edge of the network (and back again), whenever an Internet connection is available. He will demonstrate techniques for replicating cloud databases with mobile devices in order to build offline-enabled mobile apps that can provide a better,...
SYS-CON Events announced today that the DevOps Institute has been named “Association Sponsor” of SYS-CON's DevOps Summit, which will take place on June 9–11, 2015, at the Javits Center in New York City, NY. The DevOps Institute provides enterprise level training and certification. Working with thought leaders from the DevOps community, the IT Service Management field and the IT training market, the DevOps Institute is setting the standard in quality for DevOps education and training.
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? Join this panel of experts as they peel away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud environment, and we must architect and code accordingly. At the very least, you’ll have no problem filling in your buzzword bingo cards.
IoT is still a vague buzzword for many people. In his session at @ThingsExpo, Mike Kavis, Vice President & Principal Cloud Architect at Cloud Technology Partners, discussed the business value of IoT that goes far beyond the general public's perception that IoT is all about wearables and home consumer services. He also discussed how IoT is perceived by investors and how venture capitalist access this space. Other topics discussed were barriers to success, what is new, what is old, and what th...
SYS-CON Events announced today that CodeFutures, a leading supplier of database performance tools, has been named a “Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. CodeFutures is an independent software vendor focused on providing tools that deliver database performance tools that increase productivity during database development and increase database performance and scalability during production.
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Ras...
Internet of Things (IoT) will be a hybrid ecosystem of diverse devices and sensors collaborating with operational and enterprise systems to create the next big application. In their session at @ThingsExpo, Bramh Gupta, founder and CEO of robomq.io, and Fred Yatzeck, principal architect leading product development at robomq.io, will discuss how choosing the right middleware and integration strategy from the get-go will enable IoT solution developers to adapt and grow with the industry, while at...
The only place to be June 9-11 is Cloud Expo & @ThingsExpo 2015 East at the Javits Center in New York City. Join us there as delegates from all over the world come to listen to and engage with speakers & sponsors from the leading Cloud Computing, IoT & Big Data companies. Cloud Expo & @ThingsExpo are the leading events covering the booming market of Cloud Computing, IoT & Big Data for the enterprise. Speakers from all over the world will be hand-picked for their ability to explore the economic...