PCI DSS - the needle in the haystack conundrum
Whether your organisation processes one card payment transaction a year or one million, your business must comply with PCI DSS, a whole raft of regulations designed to keep payment card information secure and to prevent fraud. However, achieving compliance isn’t simple: in short, you’ll need to start searching for that proverbial needle in the haystack of PCI DSS regulations.
But be warned, the haystack is mountainous. First of all you’ll have to figure out what merchant level you come under – are you level 1, 2, 3 or level 4? It’s not as easy as it sounds – guess what, the haystack just got even bigger because each card provider differs in its level definitions, compliance validation and submission requirements.
But, let’s suppose you press on in your quest and, after arming yourself with a shed-load of antihistamines, you delve around in the haystack even more. Finally, you discover the elusive level you’ve been searching for, only to encounter your next problem – which of the 9 SAQs do you choose? Let’s hope it’s the easy one, the one with only 22 questions otherwise there’s a hurricane heading for your haystack and you might never find that needle! Unfortunately, the story doesn’t end there…
What compliance means for your business
Basically, as we hope you’ll appreciate, compliance is a time consuming and costly uphill struggle, but even if you manage to achieve it, maybe with some outside help, it’s most likely that numerous internal systems will have to be re-engineered, processes re-written and everything subjected to regular quarterly audits. To make matters worse, the regulations don’t stand still and, as the PCI Security Standards Council are quick to point out, ‘security controls deployed by organisations in the process of compliance, were often out of compliance when breaches occurred shortly afterwards.’ How comforting is that?
But it’s only by achieving and maintaining compliance that your cyber defences will be primed ready to repel attacks aimed at stealing cardholder data. But how do you accomplish this in a timely and cost-effective way? How do you keep costs low and avoid consequential losses thorough business disruption whilst PCI compliance is achieved and then maintained? How do you ensure your SAQ is the simple one?
These questions have to be answered because PCI compliance is critical to your business’s future.
The simple answer to your conundrum is to outsource PCI compliance to a PCI DSS level 1 approved service provider – and this is why PayTel exists – to provide a straight-forward and cost-effective solution for your business to obtain PCI compliance with minimum effort.
PayTel utilises all your cardholder data so it’s no longer your problem and neither is compliance because you no longer have to store, process or transfer the data. It’s never stored in your organisation so you are completely de-scoped from PCI compliance.
We’re not shy in blowing our own trumpet here. PayTel’s payment products are robust enough to have gained approval at Level 1 without utilising any compensatory controls whatsoever. We are independently audited annually against the most recent PCI regulations, currently standing at around 2000 individual requirements; we also pass external quarterly network scans. In short we take the headache out of compliance. We’ve got the elusive needle so you don’t have to bother searching for it.
PayTel – your solution
PayTel’s live agent services suppress DTMF. For example – all credit card numbers – so your agents cannot hear data, nor can your recording devices record any. On PayTel’s automated services, DTMF is simply terminated inside PayTel and is entirely contained within PayTel’s universe.
By entrusting compliance with us, not only will you save yourself a headache searching for that proverbial needle in that proverbial haystack, but you’ll be building a culture of security to benefit and safeguard the future of your business and that of your clients.
Call us today on 0333 202 1555 or email email@example.com. We’ll be happy to answer any questions that you have.