What is PCI DSS?

To increase controls around cardholder data and help prevent payment card fraud, the Payment Card Industry (PCI) established a single set of Payment Card Industry Data Security Standards - PCI DSS.

Payment Card Data Divides into Two Groups:

  • Customer identifiable data, such as name and address
  • Sensitive authentication data, specifically the printed security code and magnetic stripe data

Any business or organisation that takes card payments over the telephone and records their calls is directly affected by Section 3.2 of PCI DSS. This states that no sensitive authentication data may be stored in any format, once a transaction has been authorised. This directive does extend to contact centres which use call recording.

The Implications of a Breach

Yes, PCI DSS compliance is not a legal obligation, but the threat of fines for non-compliance or the high costs if breaches occur are firm drivers for organisations to invest in reviewing processes:

  • Average cost per compromised record is £133
  • Average cost of a breach event is £4.5 million
  • Non-compliance cost is an average of 2.65 times the cost of compliance
  • Also: business disruption, reduced productivity, fees, penalties, other legal and non-legal settlement costs

Find out more about how PCI DSS affects your business or organisation.

The Latest

How can tokenization help you meet PCI compliance?

When your business accepts payments over the phone, the real concern is that it can infiltrate your systems and leave your organisation exposed to all…
View Blog Article
Rated 5/5 based on 32 reviews