× Globe

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site

Important COVID-19 update Read More


Latest news and announcements

Eckoh insight to PCI DSS Protecting Telephone-Based Payment Card Data
Thursday, 29 November 2018

Cam Ross, Director of Payments Strategy at Eckoh welcomes the publication of this updated guidance document.

Mobile User Making Secure Payment That Adheres To PCI DSS Compliance

The publication by the PCI SSC of the updated version of the PCI DSS information supplement Protecting Telephone-Based Payment Card Data is very welcome – the last version was published seven years ago!

The guidance is the result of a collaboration between 50 companies, all specialists in this field. Eckoh has been very pleased to work alongside real industry experts like Worldpay and Verizon, as well as the other acquirers, industry bodies, call centre operators, consultants, telecommunications companies, legal and financial companies involved. Having been a founding member of the SIG, Eckoh was pleased to contribute our expertise to the new guidance.

The new document explores the potential risks and security challenges associated with telephone-based card payment environments and provides much needed clarity for the contact centre industry, globally.

What’s noticeable is that this version deals explicitly with current technologies and now includes DTMF payments which were not mentioned at all in the previous version. That’s important, because DTMF technology is the way in which most contact centres want to take payment today; it offers such good security and de-scoping benefits.

This update completely supports Eckoh’s view that contact centres should seek to reduce the scope of the PCI DSS audit for their contact centres wherever possible. What’s particularly helpful are the sections that show how companies, of many different models and sizes, can address PCI DSS in their environments. The clear and sensible diagrams will allow companies and QSAs to more easily define scope within even highly complex contact centres.

There are many often-misunderstood areas of technology and operation around today’s contact centres, such as VoIP, call recording, transfers, home or remote-workers, and outsourcing. So it’s welcoming to see the guidance cover these specifically. Also addressed are ‘digital payments’ – where a payment may start with a phone call and end with an online or mobile payment. This scenario occurs more frequently now with the growing number of engagement channels and a user’s tendency to channel shift.

Digital payments over the phone is an area in which Eckoh have led the world. We were the first to launch secure payment using Apple Pay, Google Pay and PayPal over the telephone, and the first to provide secure Web Chat payment. It clearly shows that our innovation and R&D strategy was, and remains, ahead of the curve.

In the past few years, the industry has seen fraud switch towards card-not-present channels like contact centres. Finally, the industry has a comprehensive document which will help it define and address the increasing threat. You only need to read it to see the immense challenges facing contact centres which wish to handle card data directly.

Eckoh continues to help companies reduce their PCI DSS audit scope; this document will ensure that clients and their QSAs have a clear, independent way to determine that their chosen approach is the right one for them.

We’re so pleased that the PCI Council has finally published this document. It’s the result of more than five years’ work from Eckoh and other industry leaders, to help further secure contact centres from payment fraud.

Cam Ross, Director Payments Strategy

For more information contact This email address is being protected from spambots. You need JavaScript enabled to view it.

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Interactive quiz: Is your CX a winner or loser in the COVID-19 era? Four simple questions will help you find out, and show you what to do next. #contactcentre #CX #customerexperience #resiliency bit.ly/3bje2qM
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Eckoh wins a six-year Capita and TfL contract renewal worth £4m to provide services to the Congestion Charge as well as the new Ultra and Low Emissions Zone project. bit.ly/30UoGRo #securepayments #contactcentres
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Planning to retain some of your home working agents when your contact centre moves back to the office? bit.ly/30sDSEU #securepayments #ContactCenter

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube

Latest News Items