Posted by eckoh at 9:06 AM on Oct 11, 2017

Eckoh leads the way with eight years’ PCI DSS accreditation

Eckoh plc is pleased to announce that they have once again received their Attestation of Compliance (AOC) to the PCI DSS version 3.2. This will be Eckoh’s eighth consecutive year as a Level One Service Provider, more than any other company in the same field. This renewal ensures that Eckoh remain one of the most consistent and long-standing companies on the Visa Europe list as a Merchant Agent.

With thieves and hackers getting smarter, Eckoh is pleased to be able to provide robust and consistent compliance for its own operations as well as for the solutions it delivers to its customers, ensuring that technology solutions keep ahead of criminal activities. Security is no accident, it takes continuous planning and monitoring. Eckoh's CallGuard solution handles this for organizations needing to achieve PCI DSS compliance.

Cam Ross, Director of Payments Strategy at Eckoh said, “Maintaining PCI DSS compliance is a notable achievement, especially over such a long period. It’s thanks to the diligence, hard work and vigilance of everyone who works for Eckoh and shows that the culture of security, vigilance and compliance is embedded within the organization. That gives our customers the utmost confidence in the effectiveness and security of our solutions as well as our delivery. As we operate our own PCI DSS compliant contact center, as well as delivering secure payment solutions to help our customers achieve PCI DSS compliance, we naturally offer a degree of insight that others just can’t.”

PCI DSS version 3.2 has a few key changes that will require service providers comply with nine new requirements that have previously been classed as ‘best practice’, including:

  • multi-factor authentication; the use of more controls than username and password combinations alone to protect sensitive data environments
  • increased frequency of penetration testing; service providers must test IT systems every six months to detect potential data security vulnerabilities
  • increased employee assessment; service providers must perform quarterly reviews to confirm that employees are following security policies and operational procedures

Gill Woodcock, senior director of certification programs for the PCI SSC, has published a blog with more information to help anyone who has not already gained their certification. Alternatively you can download your free copy of Eckoh’s PCI DSS Definitive Guide for more information and insight.