× Globe

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site

Important COVID-19 update Read More


Latest news and announcements

PCI DSS version 4 release coincides with Eckoh’s compliance anniversary
Wednesday, 23 October 2019

Eckoh marks a decade of PCI DSS compliance as major changes to DSS are announced.

 PCI 10 years compliance 900

Eckoh plc (AIM: ECK) is proud to have achieved a milestone event, its tenth year of compliance to the Payment Card Industry Data Security Standard (“PCI DSS”) at level 1, the highest level. At the same time, the PCI Security Standards Council (“PCI SSC”) has announced the release of the first draft of DSS version 4, which contains some significant changes that means organisations will need to plan for a major review of their compliance strategy.

Compliance every minute of every day

Maintaining continuous compliance to PCI DSS is a major achievement. It requires dedication and expertise – not just once a year at the time of assessment but every minute of every day. The length of Eckoh’s compliance demonstrates, unequivocally, that security as well as compliance is at the very core of Eckoh’s culture and solutions. As one of the most consistent and long-standing companies on the Visa Europe list as a Merchant Agent, and Visa Global Registry of Service Providers, it demonstrates Eckoh’s ability to stay compliant without compromising innovation or customer service. Verizon have already submitted the latest Attestation of Compliance (“AOC”) to Visa and Eckoh’s listing will be updated in due course.

Nik Philpot, CEO at Eckoh comments, “This is a tremendous achievement and a testament to the dedication, vigilance and hard work of every Eckoh employee – day in, day out; year after year. There is no doubt that Eckoh’s security and compliance credentials lead the sector and offer our clients the most robust and reliable way to achieve and maintain PCI DSS compliance.”

If you process card data, things are about to change

With Card-Not-Present fraud set to reach £680m in the UK by 2021 [1] as well as increasing regulation such as GDPR and MiFID II, it is timely that the PCI SSC will shortly issue the fourth version of the DSS which will involve major changes to the standard in three key areas;

  • New technologies
  • New validation options
  • New requirements

Compensating controls won’t do any longer

Dave Holliday, Global IT Director at Eckoh said, “What all this change essentially means is, with version 4, organisations will no longer be able to use compensating controls to help achieve PCI DSS compliance. Currently, if an organisation does not meet a DSS requirement it could use ‘compensating controls’ to define and manage business or technical constraints. The QSA does not test these but will agree if they consider them to be sufficient.

In DSS version 4 the validation method means that not meeting a DSS requirement will no longer be an option. As a result, the organisation will have to define a way to meet the intent of the requirement and, together with the QSA, they will have to work out how to test it.

These changes are designed to give greater flexibility for organisations around the controls in use and it aligns with a risk-based approach and maintains the DSS as technology and industry-wide best practice.”

Nik Philpot, CEO at Eckoh, continues, “The new standard will pose a huge challenge for many and we’d recommend working with an expert in contact centre security – such as Eckoh - to make sure any solution fully de-scopes the contact centre and minimises the ongoing management or burden of compliance. As the leader in contact centre technology, we’ve a track record of creating innovative solutions that have helped evolve card-not-present payments – from our patented CallGuard product, developing the world’s first eWallet payments over the phone, to securing PCI DSS compliant payments within chat through ChatGuard. As a result, we have a unique portfolio of solutions to tackle the challenges the industry is facing and our customers’ particular circumstances.”

[1] National Audit Office

For more information please contact This email address is being protected from spambots. You need JavaScript enabled to view it..

About the Author

Dave Holliday

Dave Holliday

Global IT Director Dave provides his knowledge and expertise in both operations and IT to ensure that Eckoh stays at the forefront of infrastructure and platform design to enable the delivery of our continuously improving solution portfolio. Dave is a member of Eckoh’s Operating Board and chairs the Technical Leadership Group as well as ensuring that all our clients solutions work, perform and are supported to the highest standard. Dave’s 20 years in IT has led him to gain experience and qualifications in ITIL, PCI DSS, Prince2 and a range of business compliance programs.
Connect with us on LinkedIn

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Find out the critical next steps to ensuring security for your remote workers involving your people, processes and technology. #contactcentres #securepayments #eckoh bit.ly/2D7QLLx
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Eckoh had an excellent performance in the year, with double digit revenue and profit growth as well as record order levels for a second year running. #contactcentres #paymentsecurity bit.ly/30NSO0U
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Find out about the 5 lessons learned from COVID-19 for contact centre resilience. bit.ly/3cPDxz3

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube

Latest News Items