×

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site

News

Latest news and announcements

Eckoh insight to PCI DSS Protecting Telephone-Based Payment Card Data
Thursday, 29 November 2018

Cam Ross, Director of Payments Strategy at Eckoh welcomes the publication of this updated guidance document.

The publication by the PCI SSC of the updated version of the PCI DSS information supplement Protecting Telephone-Based Payment Card Data is very welcome – the last version was published seven years ago!

The guidance is the result of a collaboration between 50 companies, all specialists in this field. Eckoh has been very pleased to work alongside real industry experts like Worldpay and Verizon, as well as the other acquirers, industry bodies, call centre operators, consultants, telecommunications companies, legal and financial companies involved. Having been a founding member of the SIG, Eckoh was pleased to contribute our expertise to the new guidance.

The new document explores the potential risks and security challenges associated with telephone-based card payment environments and provides much needed clarity for the contact centre industry, globally.

What’s noticeable is that this version deals explicitly with current technologies and now includes DTMF payments which were not mentioned at all in the previous version. That’s important, because DTMF technology is the way in which most contact centres want to take payment today; it offers such good security and de-scoping benefits.

This update completely supports Eckoh’s view that contact centres should seek to reduce the scope of the PCI DSS audit for their contact centres wherever possible. What’s particularly helpful are the sections that show how companies, of many different models and sizes, can address PCI DSS in their environments. The clear and sensible diagrams will allow companies and QSAs to more easily define scope within even highly complex contact centres.

There are many often-misunderstood areas of technology and operation around today’s contact centres, such as VoIP, call recording, transfers, home or remote-workers, and outsourcing. So it’s welcoming to see the guidance cover these specifically. Also addressed are ‘digital payments’ – where a payment may start with a phone call and end with an online or mobile payment. This scenario occurs more frequently now with the growing number of engagement channels and a user’s tendency to channel shift.

Digital payments over the phone is an area in which Eckoh have led the world. We were the first to launch secure payment using Apple Pay, Google Pay and PayPal over the telephone, and the first to provide secure Web Chat payment. It clearly shows that our innovation and R&D strategy was, and remains, ahead of the curve.

In the past few years, the industry has seen fraud switch towards card-not-present channels like contact centres. Finally, the industry has a comprehensive document which will help it define and address the increasing threat. You only need to read it to see the immense challenges facing contact centres which wish to handle card data directly.

Eckoh continues to help companies reduce their PCI DSS audit scope; this document will ensure that clients and their QSAs have a clear, independent way to determine that their chosen approach is the right one for them.

We’re so pleased that the PCI Council has finally published this document. It’s the result of more than five years’ work from Eckoh and other industry leaders, to help further secure contact centres from payment fraud.

Cam Ross, Director Payments Strategy

For more information contact This email address is being protected from spambots. You need JavaScript enabled to view it. 

About the Author

Cameron Ross

Cameron Ross

Director of Payments Strrategy Over the last 20 years’ service with Eckoh, Cameron has led the Intellectual Property portfolio and R&D team to determine which new payment products we will launch to the market. He also works closely with clients and prospects to determine their compliance needs and fraud exposure risks where his ability to explain the complex so that our clients really understand what will be delivered has proved invaluable over the years. Cameron helped create Eckoh’s patented CallGuard technology which allows companies to remove sensitive card data from any existing call recording system.
Connect with us on LinkedIn

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

At Eckoh, our third-party #Aspect® support offers the following benefits: ✔ 30%-40% reduction in cost of support ✔ Keeping your systems going for longer ✔ Better support at a lower cost ✔ Maximising your technology investment ✔ Not forced to upgrade bit.ly/2YqhzMp
Eckoh (@Eckoh)

Eckoh (@Eckoh)

At Eckoh, our third-party #Aspect® support offers the following benefits: ✔ 30%-40% reduction in cost of support ✔ Keeping your systems going for longer ✔ Better support at a lower cost ✔ Maximising your technology investment ✔ Not forced to upgrade bit.ly/2YqhzMp
Eckoh (@Eckoh)

Eckoh (@Eckoh)

The team at Eckoh were enlisted to provide Peninsula Group (a business services specialist) with a #CallGuard hosted solution to prevent sensitive data from entering or being stored in the #contactcentre’s systems. Helping them achieve PCI DSS compliance: bit.ly/2Kq44Xq

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube

Latest News Items