PCI DSS

Pause and resume is dead

We ran a webinar recently about PCI DSS in call centers and asked the attendees what they were doing about PCI compliance for ‘card not present’ (CNP) phone payments. 27% said they were using ‘pause and resume call recording’ (also known as ‘stop/start’) to avoid capturing credit and debit card numbers, either agent- operated or as an […]

Read more

Cash is no longer king – how does this affect the payment card industry?

It’s just been reported by the British Retail Consortium that payment by card now accounts for more transactions than all other payment types combined in the UK. In particular, there’s been a massive growth in the use of contactless card payments, so much so that there’s speculation that we may be moving towards becoming a […]

Read more

How PCI compliance can help you achieve GDPR compliance too

As you probably know, there’s a lot of pressure on organizations to ensure that they are compliant with the new EU GDPR regulations by 2018. At Syntec we’re increasingly asked how PCI DSS and GDPR are related. In this blog I’ll discuss the overlap between the two and how PCI compliance can help you then build […]

Read more

Keys to a successful PCI DSS project

Considerations for vendor selection The choice of supplier for your PCI DSS solution is critically important to the success of your project. A good fit for your business helps ensure a relatively smooth journey. Solutions which are intuitive ease the learning process, foster the sense of the project being an improvement, and contribute to organisational […]

Read more

How can my contact center become PCI DSS compliant? A check list of considerations

After three years of discussion, a new EU Data Protection Framework has been agreed. The new General Data Protection Regulation (GDPR) replaces the current Data Protection Directive. Whilst it won’t come into force for a couple of years, it’s important that your organization starts preparing now, as it will have a very substantial impact on all entities that […]

Read more

Confidence tricks – how PCI DSS compliance helps you win your customers’ trust

Loss of confidence in online transactions and data held on individuals is amongst the greatest potential risks facing any on line retailer, financial institution or public facing body. Headlines abound on data losses from banks, social websites and health providers. Each breach represents a significant blow to the reputation of the business suffering it and […]

Read more

Outsourcers and homeworkers need to be PCI DSS compliant too

Organizations taking payment over the phone, both private and public sector, are now rapidly embracing the regulatory requirement to ensure that card payments over the phone are secure. In the early days of tackling compliance, ‘clean rooming’ agents was a method used to ensure card numbers couldn’t be inadvertently stored or misused, by ensuring that […]

Read more

If you don’t need the card data, don’t touch it!

Call centers, when it comes to PCI DSS compliance give the problem to someone else I have been a PCI DSS QSA for seven years now, and involved in the information security industry for 15. In that time I have assessed and advised all manner of customers, large and small, across various sectors and in various aspects […]

Read more

How to make your call recordings PCI DSS compliant

It’s common practice nowadays for organizations to record telephone calls between staff and customers. This might be for quality control, for staff monitoring and training, or as part of customer service and complaints review. Indeed, in many industries (particularly financial services) the recording of calls is a regulatory requirement. Call recording throws up a number […]

Read more