Executive Briefing on PCI Compliance 3 rd March 2011 Ashley Unitt, - - PowerPoint PPT Presentation

executive briefing on pci compliance
SMART_READER_LITE
LIVE PREVIEW

Executive Briefing on PCI Compliance 3 rd March 2011 Ashley Unitt, - - PowerPoint PPT Presentation

Sep 04, 2023 190 likes •318 views

Executive Briefing on PCI Compliance 3 rd March 2011 Ashley Unitt, CTO, NewVoiceMedia www. newvoicemedia .com What is PCI DSS? Payment Card Industry Data Security Standard developed to help reduce fraudulent transactions States that

slide-1
SLIDE 1

www.newvoicemedia.com

Executive Briefing on PCI Compliance

3rd March 2011 Ashley Unitt, CTO, NewVoiceMedia

slide-2
SLIDE 2

www.newvoicemedia.com

What is PCI DSS?

  • Payment Card Industry Data Security Standard – developed

to help reduce fraudulent transactions

  • States that credit card data should be handled and stored in

such a way that the information required to make a purchase is not accessible after the purchase has been made

  • Implications for non-compliance:

– Merchants can be penalised up to $200,000/£125,000 per breach plus $25/£16 per account reissued, and have their services suspended – Damage to reputation, brand and adverse PR which can have a long term impact on customer confidence – Cost of the fraud

slide-3
SLIDE 3

www.newvoicemedia.com

Why is telephone card payment security important ?

  • Chip & PIN has been the main fraud reduction driver in face-to-face

transactions, and Verified by Visa has helped in the e-commerce sector

  • But, there remains a limited amount of solutions that can fight fraud in the

Mail Order/ Telephone Order (MOTO) space

  • The FSA and other regulatory bodies across Europe require some companies

to record and store telephone conversations in a range of situations

  • The PCI DSS, however, stipulates that the CVV2 (Credit Card Validation Value)

cannot be kept post-authorisation, and full Personal Account Numbers (PANs) cannot be kept without further protection measures

  • Therefore, there is a risk that organisations who take customer credit card

details over the telephone may be recording the full cardholder details, and therefore be in contravention of the mandatory requirements of the PCI DSS

Source: Call Recording Fact Sheet UK May 2010

slide-4
SLIDE 4

www.newvoicemedia.com

Achieving PCI Compliance

  • How do breaches occur?

– Agent fraud when processing card payments over the phone – Recordings of the call may be accessed divulging card information – Homeworkers may operate in less “secure” environments

  • How can breaches be avoided?

– re-engineer the business process to automate the credit card transaction and remove agents from the payment process – Suspend call recording for credit card transactions to ensure card details are not accessible – Implement a mid-call IVR to automatically collect card payments with the option for secure agent assistance – Never let cardholder details get on to a customer’s site

slide-5
SLIDE 5

www.newvoicemedia.com www.newvoicemedia.com www.newvoicemedia.com

Who are NewVoiceMedia?

Established 10 years, serving 300 customers in 11 countries ContactWorld platform launched in 2006 to provide a cloud based business telephony solution Stable 99.999% service delivered from 3 UK data centres Processed over 90 Million Calls in 2010 Partnerships with BT, salesforce.com, China Telecom

slide-6
SLIDE 6

www.newvoicemedia.com

What do we do?

NewVoiceMedia delivers cloud-based technology that offers enterprise class business telephony at a fraction of the cost of traditional systems Smaller businesses take advantage of a sophisticated telephony solution that identifies callers, prioritises and routes them effectively Larger companies operating a call centre benefit from a more flexible system that doesn’t require specialist expertise or months to implement or adapt.

slide-7
SLIDE 7

www.newvoicemedia.com

  • PCI DSS compliant payment system for contact centres
  • Mid-call IVR securely collects card payments
  • Removes opportunities for fraud
  • Full CTI integration into Salesforce CRM
  • Provides a single, seamless view of all customer interactions
  • Innovative dynamic routing of calls on Salesforce data
  • Cloud Contact Centre Solution
  • ACD, IVR, CTI, Call Recording and Management Information
  • Available as ‘Pay as you go’ service

NewVoiceMedia Solutions

slide-8
SLIDE 8

www.newvoicemedia.com

Some of our Reference Customers

slide-9
SLIDE 9

www.newvoicemedia.com

ContactWorld PCI

  • NewVoiceMedia are a validated Level 1 PCI DSS service

provider

  • Makes PCI DSS compliance a lot easier by reducing our

customer’s PCI DSS scope

  • Can be simply added to existing call centre infrastructures and,

unlike the alternatives, doesn't come with a hefty price tag

  • Links directly to the payment gateway companies to speed up

transaction processing

  • Reduces the opportunities for fraud
  • NewVoiceMedia technology is currently processing

approximately £100K/day in payments

slide-10
SLIDE 10

www.newvoicemedia.com

PSTN Traffic

Payment Gateway WorldPay PBX LAN Firewall Router PSTN PSTN

WWW

NewVoiceMedia ContactWorld PSTN or VoIP NewVoiceMedia ContactWorld PCI SSL/HTTPS SSL/HTTPS NewVoiceMedia Data Centres Customers Virtual Teams Homeworkers & DR Client Officers

NewVoiceMedia Architecture

slide-11
SLIDE 11

www.newvoicemedia.com

How Does a Mid Call IVR work?

Public Telephone Network Data Network

Client

Agent No

slide-12
SLIDE 12

www.newvoicemedia.com

Summary

  • Anyone who takes credit card payments needs to be

PCI DSS compliant

  • With the advent of chip and PIN and 3D Secure more

fraud switching to telephone based transactions

  • Solutions such as ContactWorld PCI that provide

tokenisation of card holder data are the way forward

  • View a demo of ContactWorld PCI:

http://www.newvoicemedia.com/contactworld_pci/