PCI Compliance

PCI Compliance | Asterisk Consulting

PCI Compliance at Asterisk Consulting

Asterisk Consulting is a PCI Compliant company catering for businesses seeking VoIP Systems and contact centre solutions throughout the UK and Ireland. When you consider that fraud can potentially account for between two and three percent of the bottom line for financial services companies, it's hardly surprising that payment card providers and their merchants are targeting issues such as Card Holder Not Present Fraud. That's why the leading card operators came together to create the Payment Card Industry Data Security Standard (PCI DSS) - a set of industry-wide requirements and processes aimed at fighting payment card fraud. 

The main issue addressed by PCI compliance is data storage, making it an offence to store both the credit card numbers and three-digit security codes on premises, which together can be used to make fraudulent transactions.

The PCI standard is especially applicable to the contact centre environment, where many organisations are failing their PCI DSS compliance audits through the incorrect capture and storage of prohibited customer card data such as account PIN blocks and CVV2 security codes. This is obviously a particular concern for businesses that have to record their calls for FSA compliance reasons, but don’t have any means of consistently halting recordings during the exchange of sensitive payment card data.

The PCI Compliance Requirements

1.    Install and maintain a firewall configuration to protect cardholder data.
2.    Do not use vendor-supplied defaults for system passwords and other security parameters
3.    Protect stored cardholder data
4.    Encrypt transmission of cardholder data across open, public networks
5.    Use and regularly update anti-virus software
6.    Develop and maintain secure systems and applications
7.    Restrict access to cardholder data by business need-to-know
8.    Assign a unique ID to each person with computer access
9.    Restrict physical access to cardholder data
10.    Track and monitor all access to network resources and cardholder data
11.    Regularly test security systems and processes
12.    Maintain a policy that addresses information security for employees and contractors