In 2014, fraud cost retailers a whopping $32 billion, a 38 percent increase from 2013, according to LexisNexis. And despite fraud’s shift to the online world, card-present fraud remains a very serious concern for the credit and debit card industry. The Top 5 payment card brands established PCI DSS, a standard to help keep fraud in check – but it quickly highlighted the effort required to close the compliance gap across the industry. In a new whitepaper, cloud compliance solution provider Cognia breaks down one of the biggest problems with PCI DSS surrounding stored and recorded cardholder data, and highlights the top ways to overcome this obstacle to ultimately help merchants and service providers understand, achieve and maintain compliance.
STORED & RECORDED DATA: A MAJOR PROBLEM WITH PCI DSS
American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. together developed the Payment Card Industry – Data Security Standard (PCI DSS) to reduce credit and debit fraud, and provide guidance to merchants and payment card processors about securing consumer data. But when PCI DSS released its first set of guidelines in 2004, the pain of achieving compliance was highlighted especially among call and contact centers who are frequently engaged in credit and debit card payments.
The central question remains: How can stored and recorded cardholder data via call or contact centers ever be adequately protected?
OUT WITH THE OLD METHODS…
In its white paper, Cognia addresses the requirements of the PCI DSS and takes a look at what methods are best suited to fulfill them. Called into question are older procedures such as manual processing in a ‘secure-room’ environment, pause-and-resume recording, and ‘transfer-to-IVR for payment’ solutions. The whitepaper puts forth detailed examples showing why these methods are increasingly ineffective and outdated, for reasons ranging from cost and security to unnecessary complexity.
…IN WITH THE NEW
Conversely, Cognia outlines methods that show the way forward in assuring compliance and de-scoping the requirements of PCI-compliant phone payment processing. One particular standout in this regard is DTMF suppression based processing outsourced to a PCI DSS compliant Service Provider. The whitepaper breaks down the benefits of this optimized solution approach that will simplify PCI DSS moving forward for any contact center taking telephone based payments.
HOW DOES THE CLOUD COME INTO PLAY?
Cloud-based solutions have recently been introduced into the call/contact center market, revolutionizing the space. These solutions, says Cognia, are “changing the way private and public organizations acquire and implement mission-critical call/contact center applications.” That means alleviating huge costs, especially when it comes to maintenance and upgrades.
And of course, when it comes to PCI DSS, cloud-based solutions offer an additional, important benefit: in preventing payment card data from ever having to enter the contact center and eliminating the ongoing cost of compliance .
For a complete list of approaches to PCI-DSS compliance, pros and cons to each approach, and for a better understanding of how the cloud helps maintain that compliance, download the full whitepaper below.