HOW TO ENSURE PCI DSS COMPLIANCE Business Systems Best Practice Guide Any organisation that is taking sensitive data from a customer, in particular credit or debit card details has a duty to ensure they are taking every step possible to protect customers and their data from fraudulent use and identity theft. In 2012, according to the Financial Fraud Action (FFA UK) website, card fraud rose in the UK to £388m up 14% on 2011. Within this figure £32.1m was associated with Card ID theft, a staggering 42% increase on the previous year. The Payment Card Industry Data Security Standard (PCI DSS) is now in force and applies to anyone taking credit/debit card payments in-person, over the internet or by telephone. Yet in the UK, organisations have failed to put in place the necessary technology, processes and procedures to ensure full compliance. The main reasons for this failure to comply are: (i) they do not fully understand their obligations under PCI DSS or (ii) they wrongly assume the steps required for compliance to be too complex and costly. This paper aims to provide an easy to follow, digestible and practical guide to what PCI DSS Compliance means, the different options for compliant call recording, the pros and cons of these options and a proven approach to protect your organisation and its customers. Read more about PCI Compliance and how call recording should be deployed to comply in the latest guide in our Business Systems Best Practice series: “How to Ensure PCI DSS Compliance”. Contact Business Systems on 0800 458 2988 or email us if you require further details about our Call Recording products and services.