If your organisation accepts, processes, stores or transmits card payments, the chances are you’ve heard of the Payment Card Industry Data Security Standard (or PCI DSS or PCIDSS as it is commonly known), but what is PCI DSS?
It’s your responsibility to ensure that your customers’ payment data, such as sensitive card numbers and other forms of “Sensitive Authentication Data” (SAD) are safeguarded, free from exposure from contact centre agents, fraudulent attacks (internal and external) and other security breaches. By achieving PCI compliance and adhering to the comprehensive requirements of PCI DSS your organisation can be confident that you are improving the safety of your customer’s data and the way payments are processed.
In addition to this, with the introduction of the General Data Protection Regulation (GDPR) that covers strict guidelines on how personal information is stored and transmitted. Companies experiencing data breaches are facing fines from the Information Commissioners Office (ICO) of up €20m (approximately £17.5 million) or 4% of turnover, whichever is greater. Therefore, it is crucial that organisations adopt best practice on data security across their entire corporate infrastructure and processes, not just for accepting payments.
Key IVR are PCI-DSS Level 1, version 3.2 compliant, this is the highest level of certification for PCI payments. More about Key IVR