Welcome!

Machine Learning Authors: Derek Weeks, Yeshim Deniz, Elizabeth White, Liz McMillan, Jyoti Bansal

Blog Feed Post

Protraction, Complacency And Ignorance: PCI DSS Compliance In Disarray Amongst UK Contact Centres

Survey marks the launch of PCI TeleSafe, a ground breaking telephony solution to help contact centres comply with the standard

20 December, 2010 - New research from Connected World, leading provider of communication solutions for businesses today reveals that despite 36.7% of contact centres judging themselves to be fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), the vast majority (89%) admitted to not understanding its requirements and penalties.

Compounding further concern and reflecting a high level of disarray in the market, a third of all contact centre respondents (33%) claimed at best to be years away from full PCI DSS compliance, with a fifth (21%) stating that their processes will never be in full accordance with the standard's stringent requirements.

The survey of more of than 200 contact centre decision makers spanning a range of industries from retail and leisure to public service and finance was commissioned to mark the launch of Connected World's PCI TeleSafe solution, a network based telephony solution that protects customers account data at the point of payment and resolves a host of PCI DSS compliance headaches faced by contact centres today.

PCI DSS Requirements for telephony payments are stringent and regarded as one of the most challenging aspects for contact centres to comply with. More than a quarter of survey respondents (28%) said they had some safeguards in place to protect sensitive data but felt they would benefit from tighter security measures to better protect their customers.

However, the overall PCI DSS message of compliance appears to be getting through, but only to a limited section of the market. Of those that were aware of the term, only 41% stated that compliance with the PCI DSS standard was crucial to the future of their business. The remaining 59% describing compliance with the standard as "not a top priority" or "something we need to find out about".

"We've been amazed by the level of confusion in the market, especially given the fines that card issuers can impose if they find a vendor to be in breach of the standard's requirements." comments Jamie Price, Director, Connected World. "Contact centres urgently need to attend to their processes, or they could be held accountable for security breaches and fraud that would otherwise by covered by the card issuer."

On a wider level, the survey revealed a clear need to heighten awareness as well as adjust processes and tools in use in day to day operations. In order for PCI DSS compliance to be fully achieved in a contact centre, many levels within the organisation need to be engaged in the process, from staff training to telecoms security. Despite this, more than 74% of respondents admitted that the issues are not clearly understood across their organisation and just 11% respondents said they fully understood what the standard demands and the consequences of not conforming.

Nevertheless, it seems confidence in current data security measures is high. 68% respondents stated that they were confident that they were processing telephony payments securely despite not fully understanding the PCI DSS requirements, suggesting a level of indifference to the standard in the industry and a marked belief that contact centres are already doing enough to protect customer data.

"Now is not the time for contact centres to bury their heads in the sand," adds Price. "The standard is complicated and full compliance isn't easy to achieve. Whatever you think about the standard, it won't change the fact that your business is at risk if you fail an assessment. Moreover, call centres that operate on behalf of customer organisations could suffer severely should they be exposed as non-compliant.

Connected World's network-based solution, PCI TeleSafe, enables contact centre customers paying over the phone to make their purchase without exposing their card details to the call centre operative they are talking to, and without having their call diverted to a secure third party. The customer enters their personal card data using their phone keypad, keytones are masked on the phone and the data is securely captured by the system but is hidden on the operator's screen as asterisks. The end result is a telephony payment process which answers a number of the standard's requirements, including "restricting physical access to cardholder data", and "encrypting submission of card holder data" (Requirements 4 and 9 of PCI DSS, respectively).

Overall, when questioned, more than a third of respondents cited "the fear factor" - namely an increase in either the chances of being spot-assessed by the Security Standards Council or an increase in penalties - as their primary motivation for striving for full compliance. The remainder indicated that the resultant gains in customer trust would sway them the most.

###

About PCI DSS
The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.

The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.

For more information please consult: www.pcisecuritystandards.org

About Connected World
Launched in 2007 under the TalkTalk Enterprise brand and in partnership with Carphone Warehouse, Connected World are specialist providers of inbound call handling solutions, providing network and cloud-based automated technology for call handling & workforce management. Based in Warrington, Cheshire, Connected World provide bespoke services to a wide variety of organisations across the UK, including call centre operators, premier league football clubs, hoteliers, groups within the NHS and other areas of the public sector.

For more information about, or to see a video presentation on TeleSafe, visit www.connectedworld.co.uk, or see TeleSafe Video Overview

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

@CloudExpo Stories
Microservices are a very exciting architectural approach that many organizations are looking to as a way to accelerate innovation. Microservices promise to allow teams to move away from monolithic "ball of mud" systems, but the reality is that, in the vast majority of organizations, different projects and technologies will continue to be developed at different speeds. How to handle the dependencies between these disparate systems with different iteration cycles? Consider the "canoncial problem" ...
As businesses adopt functionalities in cloud computing, it’s imperative that IT operations consistently ensure cloud systems work correctly – all of the time, and to their best capabilities. In his session at @BigDataExpo, Bernd Harzog, CEO and founder of OpsDataStore, will present an industry answer to the common question, “Are you running IT operations as efficiently and as cost effectively as you need to?” He will expound on the industry issues he frequently came up against as an analyst, and...
Why do your mobile transformations need to happen today? Mobile is the strategy that enterprise transformation centers on to drive customer engagement. In his general session at @ThingsExpo, Roger Woods, Director, Mobile Product & Strategy – Adobe Marketing Cloud, covered key IoT and mobile trends that are forcing mobile transformation, key components of a solid mobile strategy and explored how brands are effectively driving mobile change throughout the enterprise.
In their Live Hack” presentation at 17th Cloud Expo, Stephen Coty and Paul Fletcher, Chief Security Evangelists at Alert Logic, provided the audience with a chance to see a live demonstration of the common tools cyber attackers use to attack cloud and traditional IT systems. This “Live Hack” used open source attack tools that are free and available for download by anybody. Attendees learned where to find and how to operate these tools for the purpose of testing their own IT infrastructure. The...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
My team embarked on building a data lake for our sales and marketing data to better understand customer journeys. This required building a hybrid data pipeline to connect our cloud CRM with the new Hadoop Data Lake. One challenge is that IT was not in a position to provide support until we proved value and marketing did not have the experience, so we embarked on the journey ourselves within the product marketing team for our line of business within Progress. In his session at @BigDataExpo, Sum...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
Interoute has announced the integration of its Global Cloud Infrastructure platform with Rancher Labs’ container management platform, Rancher. This approach enables enterprises to accelerate their digital transformation and infrastructure investments. Matthew Finnie, Interoute CTO commented “Enterprises developing and building apps in the cloud and those on a path to Digital Transformation need Digital ICT Infrastructure that allows them to build, test and deploy faster than ever before. The int...
The cloud competition for database hosts is fierce. How do you evaluate a cloud provider for your database platform? In his session at 18th Cloud Expo, Chris Presley, a Solutions Architect at Pythian, gave users a checklist of considerations when choosing a provider. Chris Presley is a Solutions Architect at Pythian. He loves order – making him a premier Microsoft SQL Server expert. Not only has he programmed and administered SQL Server, but he has also shared his expertise and passion with budd...
"My role is working with customers, helping them go through this digital transformation. I spend a lot of time talking to banks, big industries, manufacturers working through how they are integrating and transforming their IT platforms and moving them forward," explained William Morrish, General Manager Product Sales at Interoute, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Apache Hadoop is emerging as a distributed platform for handling large and fast incoming streams of data. Predictive maintenance, supply chain optimization, and Internet-of-Things analysis are examples where Hadoop provides the scalable storage, processing, and analytics platform to gain meaningful insights from granular data that is typically only valuable from a large-scale, aggregate view. One architecture useful for capturing and analyzing streaming data is the Lambda Architecture, represent...
SYS-CON Events announced today that Ocean9will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Ocean9 provides cloud services for Backup, Disaster Recovery (DRaaS) and instant Innovation, and redefines enterprise infrastructure with its cloud native subscription offerings for mission critical SAP workloads.
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
In his session at DevOps Summit, Tapabrata Pal, Director of Enterprise Architecture at Capital One, will tell a story about how Capital One has embraced Agile and DevOps Security practices across the Enterprise – driven by Enterprise Architecture; bringing in Development, Operations and Information Security organizations together. Capital Ones DevOpsSec practice is based upon three "pillars" – Shift-Left, Automate Everything, Dashboard Everything. Within about three years, from 100% waterfall, C...
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools have cloud orchestration plugins that can be leveraged, but there are also cloud-native tools that can dramatically improve the efficiency of managing your application lifecycle.
SYS-CON Events announced today that Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. The company co-innovates with customers and partners to deliver automated, scalable and secure network...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In his Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will explore t...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Deep learning has been very successful in social sciences and specially areas where there is a lot of data. Trading is another field that can be viewed as social science with a lot of data. With the advent of Deep Learning and Big Data technologies for efficient computation, we are finally able to use the same methods in investment management as we would in face recognition or in making chat-bots. In his session at 20th Cloud Expo, Gaurav Chakravorty, co-founder and Head of Strategy Development ...