The latest thinking from Eckoh

PCI DSS compliance - Ten myths busted
Monday, 29 October 2018

Confused about PCI DSS compliance? It’s not surprising with the amount of different interpretations and myths circulating.

Ten facts PCI 900

As leaders in the field of Secure Payment solutions for PCI DSS compliance, Eckoh are in the best place to help you cut through the myths to the truth.

Below we’ve given clarity to the top ten myths so you can know exactly where you stand.

1. One vendor and provider will make us compliant:

It won’t. Your entire contact centre environment needs to be compliant.

2. Outsourcing card processing makes us compliant. 

There will still be elements of PCI DSS compliance within your business for which you are responsible

3. PCI DSS compliance is an IT responsibility

It’s everyone’s responsibility, from IT to marketing, admin and finance. The ultimate responsibility lies at the top of the organisation.

4. PCI DSS will make us secure

It will mean that your customers’ personal and payment card data is secure not your organisation.

5. PCI DSS is unreasonable:

It requires too much effort and cost: Protecting your business against a data breach or theft cannot be considered unreasonable. You risk losing your customers, your reputation and your revenue by not taking this seriously.

6. We don’t take enough card payments to qualify:

There is a PCI DSS compliance threshold to suit all sizes of organisation and you should not ignore the responsibility of protecting your customers’ card and personal data.

7. PCI DSS compliance can be done in moments with a simple form:

Self-Assessment is only applicable to certain organisations, depending on how they operate. Even then it can be complicated and hard to get right. It can drain your resources and time, even if you qualify for the simplest form SAQ A.

8. We completed a SAQ so we’re compliant:

You may have been compliant on the day you completed the form, but have you maintained your compliance? It’s not a ‘check and forget’ activity. You need to live and breathe it, embedding the security into every aspect of your business.

9. PCI DSS is too hard.

Is going out of business too hard as well? What about losing your customers to the competition? Or, having to meet a hefty fine for a data breach?. These are the risks you run into not complying.

10. PA-DSS means we are compliant

No, it doesn’t. It simply means that your software application complies to PA DSS. It does not make your business PCI DSS compliant.

Add to these the bewildering array of acronyms and it can soon become complicated. In ‘acronyms explained’ we provide you with an ‘at-a-glance’ guide to ones used in PCI DSS.

In the Definitive Guide to PCI DSS compliance you’ll find more vital information to help you really understand where you’re vulnerable to card fraud and the solutions that are available to help you comply.

If you’d like to know more about secure payments and PCI DSS compliance then give us a call on 08000 630 730 or drop us an email at This email address is being protected from spambots. You need JavaScript enabled to view it.

About the Author

Cam Ross

Cam Ross

Director of Payments Strategy

Over the last 20 years’ service with Eckoh, Cameron has led the Intellectual Property portfolio and R&D team to determine which new payment products we will launch to the market. He also works closely with clients and prospects to determine their compliance needs and fraud exposure risks where his ability to explain the complex so that our clients really understand what will be delivered has proved invaluable over the years. Cameron helped create Eckoh’s patented CallGuard.

Connect with us on LinkedIn

Latest Blog Items

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Eckoh is attending the 2019 North America Community Meeting at the Vancouver Convention Center West on September 17- 19th. #PCISSC Come and find us at booth #6 to find out about our secure payment solutions for contact centers.
Eckoh (@Eckoh)

Eckoh (@Eckoh)

With #EckohPAY, all customers have to do is navigate through the Interactive Voice Response (#IVR) by asking ‘pay my bill please’ to securely enter their card details. This saves valuable customer and agent time and is PCI DSS compliant. Find out more:
Eckoh (@Eckoh)

Eckoh (@Eckoh)

It can be difficult to talk customers through an online problem if you cannot see what it is. This is where Eckoh's co-browsing solution comes in! Contact centre agents and customers can share screens for better clarity and advice: #contactcentres

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube