SlideShare a Scribd company logo

PCI in the Contact Centre

Download as PPTX, PDF
S
silverliningUK

Discover the challenges and solutions of achieving PCI-DSS compliance in the contact centre.

Technology
1 of 18
www.everycloud.eu PCI in the Contact Centre www.everycloud.eu
www.everycloud.eu • Security Council Recommendations • The Challenges • Where are you on your journey? • Case Study • Key Takeaways Agenda
www.everycloud.eu PCI DSS Security Council Recommendations  It is a violation to store sensitive card data after authentication without proper protection including in call recordings, and in particular it is prohibited to store/record the CVV/CV2 number under any circumstances.  Where it is necessary to record calls (for quality control or regulatory purposes), appropriate technology must be introduced to prevent the recording of sensitive elements.  Personal Account Numbers (PANs, or the long card number) must not be held in a manner accessible to others and should be masked in part if/when displayed (e.g. last 4 numbers only).  Encryption/Tokenisation should be used when storing or transmitting sensitive data.  Unencrypted VoIP telephone systems must be avoided.  Homeworkers should be tightly supervised to ensure that they are not receiving or storing sensitive client data in a manner which breaches the requirements - including writing client card details and authentication numbers down, or storing them on unencrypted or removable media such as USB sticks. Security Council: The Facts
www.everycloud.eu End-to-End Media Encryption Complies with security standards and regulations but not CVV2 capture and storage Pause and Resume (Manual or Automated) Manual • Reliant on agent intervention • Open to abuse Automated • Can be difficult to scope and implement • FCA compliance implications– broken call • Agents exposed to sensitive information • Information stored at agent desktop level The Challenges How do we keep it simple?
www.everycloud.eu The Challenges “Most people we engage with are more concerned at the impact on their brand, than the threat of a fine” Allan Packer – Managing Director Silver Lining
www.everycloud.eu Employer – Employee • Few would argue that the most valuable resource of any organisation is its people • Motivation - engagement and retention • Employee brand is not a label, it is an experience - employees represent the brand • Understand that it is your employees who are responsible for the happiness (or otherwise) of your customers “The higher the level of employee satisfaction, the greater the commitment and contribution to the employer.” Ronan Miles, CEO Oracle UK The Challenges
www.everycloud.eu “Collaboration is critical” Stephen Orfei, PCI Standards Council GM Where are you? • Not simply PCI • Vendor relationships • Integration • QSA’s • On Premise / Hosted • Keep it simple…
www.everycloud.eu Case Study: The PCI Journey UK leading insurance broker
www.everycloud.eu • 1,750 employees • Over 1.5 million policy holders • Two contact centres Case Study: Overview UK leading insurance broker “Looking under the bonnet…”
www.everycloud.eu • Started to protect card data on legacy IBM AS/400 platform in 2007 • CIO joins late 2008, and deploys new strategy as part of MBO to rip and replace all key systems. • New Avaya Aura contact centre deployed 2009/10 with Pause and Resume for masking card details. • New Contact Centre upgrade project kicks off 2013 which includes the move to DTMF masking for PCI compliance / Outsourced PCI managed service. Case Study: The PCI Journey UK leading insurance broker
www.everycloud.eu • Historical card data (where Pause and Resume Failed) • PCI-DSS – Top 5 risk on Corporate Risk Register • Increased focus from Barclaycard / Visa & MasterCard • Employee retention and clean room environment • How do we reduce / transfer risk? • Conflicting regulation between PCI and FCA • Integration with existing applications (some green screen terminal based) Case Study: Challenges UK leading insurance broker
www.everycloud.eu The Contact Centre: The Challenge LAN PSTN In PCI scope Out of PCI scope
www.everycloud.eu The Contact Centre: The Solution LAN PSTN PCI Appliance Web Service Patented DTMF Clamping technology In PCI scope Out of PCI scope
www.everycloud.eu Single Managed PCI Contract • Patent protected “DTMF” solution • Broker platform integration “CDL” • Managed Report on Compliance • Handful of residual controls Case Study: Solution UK leading insurance broker
www.everycloud.eu • Removed 85%+ of the technical landscape from PCI Scope, including the Contact Centres • Transfer of “Risk” under the contract • Reduced internal / future costs of compliance • FCA compliance maintained Case Study: Benefits UK leading insurance broker
www.everycloud.eu The CIO explains: “The key consideration here was to go with one supplier who could deliver the entire solution end-to-end. We needed a solution that removed our Contact Centre from PCI scope and transferred the risk to a specialist partner” Case Study: Testimonial UK leading insurance broker
www.everycloud.eu Secure “DTMF” Payment Process Customer Agent **** **** 1307
www.everycloud.eu • Not just about achieving compliance! – Go beyond the baseline need and consider PCI as key part of a complete security strategy • Collaboration is critical – Use all relationships including PCI QSA’s – Work with a systems integrator that knows more than just PCI • Half baked solutions won’t cut it – A DTMF masking technology solution that takes the card number out of the equation will remove most of the technical landscape within the Contact Centre from PCI Scope • Don’t forget the impact on your employees • Start with the end in mind 5 Key Points “Takeaway” points

Recommended

Cv 2010 linked in
Cv 2010 linked inCv 2010 linked in
Cv 2010 linked inEnda Brady
 
IDENTITY FOR THE DIGITAL CITIZEN
IDENTITY FOR THE DIGITAL CITIZENIDENTITY FOR THE DIGITAL CITIZEN
IDENTITY FOR THE DIGITAL CITIZENForgeRock
 
Cyber security conference 2016 - OpenSphere Overview
Cyber security conference 2016 - OpenSphere OverviewCyber security conference 2016 - OpenSphere Overview
Cyber security conference 2016 - OpenSphere OverviewDannisen Chellen
 
STOP AEBE Personal Protective Equipment
STOP AEBE Personal Protective EquipmentSTOP AEBE Personal Protective Equipment
STOP AEBE Personal Protective Equipmentstopaebe
 
Welkom bij AGC Westland 2015
Welkom bij AGC Westland 2015Welkom bij AGC Westland 2015
Welkom bij AGC Westland 2015Material Design
 
FINANCIAL SERVICES DISPUTES
FINANCIAL SERVICES DISPUTES FINANCIAL SERVICES DISPUTES
FINANCIAL SERVICES DISPUTES Ronan McGoldrick
 
ISE listing offshore funds
ISE listing offshore fundsISE listing offshore funds
ISE listing offshore fundsgerrysugrue
 
KWM | Navigating the risks - Annual Investigations, Fraud & Compliance Group ...
KWM | Navigating the risks - Annual Investigations, Fraud & Compliance Group ...KWM | Navigating the risks - Annual Investigations, Fraud & Compliance Group ...
KWM | Navigating the risks - Annual Investigations, Fraud & Compliance Group ...King & Wood Mallesons
 

Recommended

Cv 2010 linked in
Cv 2010 linked inCv 2010 linked in
Cv 2010 linked inEnda Brady
 
IDENTITY FOR THE DIGITAL CITIZEN
IDENTITY FOR THE DIGITAL CITIZENIDENTITY FOR THE DIGITAL CITIZEN
IDENTITY FOR THE DIGITAL CITIZENForgeRock
 
Cyber security conference 2016 - OpenSphere Overview
Cyber security conference 2016 - OpenSphere OverviewCyber security conference 2016 - OpenSphere Overview
Cyber security conference 2016 - OpenSphere OverviewDannisen Chellen
 
STOP AEBE Personal Protective Equipment
STOP AEBE Personal Protective EquipmentSTOP AEBE Personal Protective Equipment
STOP AEBE Personal Protective Equipmentstopaebe
 
Welkom bij AGC Westland 2015
Welkom bij AGC Westland 2015Welkom bij AGC Westland 2015
Welkom bij AGC Westland 2015Material Design
 
FINANCIAL SERVICES DISPUTES
FINANCIAL SERVICES DISPUTES FINANCIAL SERVICES DISPUTES
FINANCIAL SERVICES DISPUTES Ronan McGoldrick
 
ISE listing offshore funds
ISE listing offshore fundsISE listing offshore funds
ISE listing offshore fundsgerrysugrue
 
KWM | Navigating the risks - Annual Investigations, Fraud & Compliance Group ...
KWM | Navigating the risks - Annual Investigations, Fraud & Compliance Group ...KWM | Navigating the risks - Annual Investigations, Fraud & Compliance Group ...
KWM | Navigating the risks - Annual Investigations, Fraud & Compliance Group ...King & Wood Mallesons
 
Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...
Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...
Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...Mitch Ackles
 
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ... Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...FinTech Belgium
 
Introduction to DeGroote Consulting
Introduction to DeGroote Consulting Introduction to DeGroote Consulting
Introduction to DeGroote Consulting Alex DeGroote
 
Issuers Story - PCI Congress London 23Jan14
Issuers Story - PCI Congress London 23Jan14Issuers Story - PCI Congress London 23Jan14
Issuers Story - PCI Congress London 23Jan14Patrick Wheeler
 
GLOVOC Fund Partners_Structure_Shortdeck
GLOVOC Fund Partners_Structure_ShortdeckGLOVOC Fund Partners_Structure_Shortdeck
GLOVOC Fund Partners_Structure_ShortdeckDr. Sudhir Deva
 
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19FinTech Belgium
 
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...SigortaTatbikatcilariDernegi
 
Company presentation short eng
Company presentation short engCompany presentation short eng
Company presentation short englotharsindel
 
Degroof Petercam corporate presentation
Degroof Petercam corporate presentationDegroof Petercam corporate presentation
Degroof Petercam corporate presentationBank Degroof Petercam
 
Capabilities Overview Horizon
Capabilities Overview HorizonCapabilities Overview Horizon
Capabilities Overview Horizonjohnwiltshire
 
A career not just a job!
A career not just a job!A career not just a job!
A career not just a job!ChrisBakerF55F
 
Bolero Crowdfunding as Alternative Financing - FinTech Belgium
Bolero Crowdfunding as Alternative Financing - FinTech BelgiumBolero Crowdfunding as Alternative Financing - FinTech Belgium
Bolero Crowdfunding as Alternative Financing - FinTech BelgiumFinTech Belgium
 
Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jan Piet Jacobi
 
Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jan Piet Jacobi
 
NEVIS Security Suite
NEVIS Security Suite NEVIS Security Suite
NEVIS Security Suite Michael Scheer
 
CV cath EN(2)
CV cath EN(2) CV cath EN(2)
CV cath EN(2) Catherine Vandermeets
 
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...FinTech Belgium
 
Hoolders Crowdfunding - FinTech Belgium
Hoolders Crowdfunding - FinTech BelgiumHoolders Crowdfunding - FinTech Belgium
Hoolders Crowdfunding - FinTech BelgiumFinTech Belgium
 
PCI London Silver Lining Jan 2016
PCI London Silver Lining Jan 2016PCI London Silver Lining Jan 2016
PCI London Silver Lining Jan 2016Mark James
 
Secure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsSecure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsLionel Briand
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionDale Butler
 
Avira - NOAH17 Berlin
Avira - NOAH17 BerlinAvira - NOAH17 Berlin
Avira - NOAH17 BerlinNOAH Advisors
 

More Related Content

What's hot

Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...
Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...
Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...Mitch Ackles
 
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ... Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...FinTech Belgium
 
Introduction to DeGroote Consulting
Introduction to DeGroote Consulting Introduction to DeGroote Consulting
Introduction to DeGroote Consulting Alex DeGroote
 
Issuers Story - PCI Congress London 23Jan14
Issuers Story - PCI Congress London 23Jan14Issuers Story - PCI Congress London 23Jan14
Issuers Story - PCI Congress London 23Jan14Patrick Wheeler
 
GLOVOC Fund Partners_Structure_Shortdeck
GLOVOC Fund Partners_Structure_ShortdeckGLOVOC Fund Partners_Structure_Shortdeck
GLOVOC Fund Partners_Structure_ShortdeckDr. Sudhir Deva
 
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19FinTech Belgium
 
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...SigortaTatbikatcilariDernegi
 
Company presentation short eng
Company presentation short engCompany presentation short eng
Company presentation short englotharsindel
 
Degroof Petercam corporate presentation
Degroof Petercam corporate presentationDegroof Petercam corporate presentation
Degroof Petercam corporate presentationBank Degroof Petercam
 
Capabilities Overview Horizon
Capabilities Overview HorizonCapabilities Overview Horizon
Capabilities Overview Horizonjohnwiltshire
 
A career not just a job!
A career not just a job!A career not just a job!
A career not just a job!ChrisBakerF55F
 
Bolero Crowdfunding as Alternative Financing - FinTech Belgium
Bolero Crowdfunding as Alternative Financing - FinTech BelgiumBolero Crowdfunding as Alternative Financing - FinTech Belgium
Bolero Crowdfunding as Alternative Financing - FinTech BelgiumFinTech Belgium
 
Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jan Piet Jacobi
 
Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jan Piet Jacobi
 
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...FinTech Belgium
 
Hoolders Crowdfunding - FinTech Belgium
Hoolders Crowdfunding - FinTech BelgiumHoolders Crowdfunding - FinTech Belgium
Hoolders Crowdfunding - FinTech BelgiumFinTech Belgium
 

What's hot (18)

Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...
Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...
Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...
 
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ... Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
 
Introduction to DeGroote Consulting
Introduction to DeGroote Consulting Introduction to DeGroote Consulting
Introduction to DeGroote Consulting
 
Issuers Story - PCI Congress London 23Jan14
Issuers Story - PCI Congress London 23Jan14Issuers Story - PCI Congress London 23Jan14
Issuers Story - PCI Congress London 23Jan14
 
GLOVOC Fund Partners_Structure_Shortdeck
GLOVOC Fund Partners_Structure_ShortdeckGLOVOC Fund Partners_Structure_Shortdeck
GLOVOC Fund Partners_Structure_Shortdeck
 
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19
 
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...
 
Company presentation short eng
Company presentation short engCompany presentation short eng
Company presentation short eng
 
Degroof Petercam corporate presentation
Degroof Petercam corporate presentationDegroof Petercam corporate presentation
Degroof Petercam corporate presentation
 
Capabilities Overview Horizon
Capabilities Overview HorizonCapabilities Overview Horizon
Capabilities Overview Horizon
 
A career not just a job!
A career not just a job!A career not just a job!
A career not just a job!
 
Bolero Crowdfunding as Alternative Financing - FinTech Belgium
Bolero Crowdfunding as Alternative Financing - FinTech BelgiumBolero Crowdfunding as Alternative Financing - FinTech Belgium
Bolero Crowdfunding as Alternative Financing - FinTech Belgium
 
Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jp purchasing consultancy 2013
Jp purchasing consultancy 2013
 
Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jp purchasing consultancy 2013
Jp purchasing consultancy 2013
 
NEVIS Security Suite
NEVIS Security Suite NEVIS Security Suite
NEVIS Security Suite
 
CV cath EN(2)
CV cath EN(2) CV cath EN(2)
CV cath EN(2)
 
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...
 
Hoolders Crowdfunding - FinTech Belgium
Hoolders Crowdfunding - FinTech BelgiumHoolders Crowdfunding - FinTech Belgium
Hoolders Crowdfunding - FinTech Belgium
 

Similar to PCI in the Contact Centre

PCI London Silver Lining Jan 2016
PCI London Silver Lining Jan 2016PCI London Silver Lining Jan 2016
PCI London Silver Lining Jan 2016Mark James
 
Secure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsSecure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsLionel Briand
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionDale Butler
 
Avira - NOAH17 Berlin
Avira - NOAH17 BerlinAvira - NOAH17 Berlin
Avira - NOAH17 BerlinNOAH Advisors
 
Privacy and Security policies in the cloud
Privacy and Security policies in the cloudPrivacy and Security policies in the cloud
Privacy and Security policies in the cloudDavid Wallom
 
Ebi temaline 4.6-customer-presentation-v1g
Ebi temaline 4.6-customer-presentation-v1gEbi temaline 4.6-customer-presentation-v1g
Ebi temaline 4.6-customer-presentation-v1gJ Krishna Teja
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Ollie Whitehouse
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfssuserbcc088
 
Why outsource your accounting business?
Why outsource your accounting business?Why outsource your accounting business?
Why outsource your accounting business?QXAS Inc
 
Security and Authentication at a Low Cost
Security and Authentication at a Low CostSecurity and Authentication at a Low Cost
Security and Authentication at a Low CostDonald Malloy
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
 
SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015Dale Butler
 
Making Blockchain Real for Business
Making Blockchain Real for BusinessMaking Blockchain Real for Business
Making Blockchain Real for BusinessBente Larsen
 
Bb20151019 trusted cloud-rennes-final
Bb20151019 trusted cloud-rennes-finalBb20151019 trusted cloud-rennes-final
Bb20151019 trusted cloud-rennes-finalJanne Järvinen
 
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationHow to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationKoenig Solutions Ltd.
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 

Similar to PCI in the Contact Centre (20)

PCI London Silver Lining Jan 2016
PCI London Silver Lining Jan 2016PCI London Silver Lining Jan 2016
PCI London Silver Lining Jan 2016
 
Secure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsSecure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech Applications
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibition
 
Avira - NOAH17 Berlin
Avira - NOAH17 BerlinAvira - NOAH17 Berlin
Avira - NOAH17 Berlin
 
Privacy and Security policies in the cloud
Privacy and Security policies in the cloudPrivacy and Security policies in the cloud
Privacy and Security policies in the cloud
 
Ebi temaline 4.6-customer-presentation-v1g
Ebi temaline 4.6-customer-presentation-v1gEbi temaline 4.6-customer-presentation-v1g
Ebi temaline 4.6-customer-presentation-v1g
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
 
Why outsource your accounting business?
Why outsource your accounting business?Why outsource your accounting business?
Why outsource your accounting business?
 
TFS Brochure 1_HUB
TFS Brochure 1_HUBTFS Brochure 1_HUB
TFS Brochure 1_HUB
 
Brochure EBRC 2016
Brochure EBRC 2016Brochure EBRC 2016
Brochure EBRC 2016
 
Security and Authentication at a Low Cost
Security and Authentication at a Low CostSecurity and Authentication at a Low Cost
Security and Authentication at a Low Cost
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015
 
Making Blockchain Real for Business
Making Blockchain Real for BusinessMaking Blockchain Real for Business
Making Blockchain Real for Business
 
Bb20151019 trusted cloud-rennes-final
Bb20151019 trusted cloud-rennes-finalBb20151019 trusted cloud-rennes-final
Bb20151019 trusted cloud-rennes-final
 
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationHow to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical Information
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

PCI in the Contact Centre

  • 1. www.everycloud.eu PCI in the Contact Centre www.everycloud.eu
  • 2. www.everycloud.eu • Security Council Recommendations • The Challenges • Where are you on your journey? • Case Study • Key Takeaways Agenda
  • 3. www.everycloud.eu PCI DSS Security Council Recommendations  It is a violation to store sensitive card data after authentication without proper protection including in call recordings, and in particular it is prohibited to store/record the CVV/CV2 number under any circumstances.  Where it is necessary to record calls (for quality control or regulatory purposes), appropriate technology must be introduced to prevent the recording of sensitive elements.  Personal Account Numbers (PANs, or the long card number) must not be held in a manner accessible to others and should be masked in part if/when displayed (e.g. last 4 numbers only).  Encryption/Tokenisation should be used when storing or transmitting sensitive data.  Unencrypted VoIP telephone systems must be avoided.  Homeworkers should be tightly supervised to ensure that they are not receiving or storing sensitive client data in a manner which breaches the requirements - including writing client card details and authentication numbers down, or storing them on unencrypted or removable media such as USB sticks. Security Council: The Facts
  • 4. www.everycloud.eu End-to-End Media Encryption Complies with security standards and regulations but not CVV2 capture and storage Pause and Resume (Manual or Automated) Manual • Reliant on agent intervention • Open to abuse Automated • Can be difficult to scope and implement • FCA compliance implications– broken call • Agents exposed to sensitive information • Information stored at agent desktop level The Challenges How do we keep it simple?
  • 5. www.everycloud.eu The Challenges “Most people we engage with are more concerned at the impact on their brand, than the threat of a fine” Allan Packer – Managing Director Silver Lining
  • 6. www.everycloud.eu Employer – Employee • Few would argue that the most valuable resource of any organisation is its people • Motivation - engagement and retention • Employee brand is not a label, it is an experience - employees represent the brand • Understand that it is your employees who are responsible for the happiness (or otherwise) of your customers “The higher the level of employee satisfaction, the greater the commitment and contribution to the employer.” Ronan Miles, CEO Oracle UK The Challenges
  • 7. www.everycloud.eu “Collaboration is critical” Stephen Orfei, PCI Standards Council GM Where are you? • Not simply PCI • Vendor relationships • Integration • QSA’s • On Premise / Hosted • Keep it simple…
  • 8. www.everycloud.eu Case Study: The PCI Journey UK leading insurance broker
  • 9. www.everycloud.eu • 1,750 employees • Over 1.5 million policy holders • Two contact centres Case Study: Overview UK leading insurance broker “Looking under the bonnet…”
  • 10. www.everycloud.eu • Started to protect card data on legacy IBM AS/400 platform in 2007 • CIO joins late 2008, and deploys new strategy as part of MBO to rip and replace all key systems. • New Avaya Aura contact centre deployed 2009/10 with Pause and Resume for masking card details. • New Contact Centre upgrade project kicks off 2013 which includes the move to DTMF masking for PCI compliance / Outsourced PCI managed service. Case Study: The PCI Journey UK leading insurance broker
  • 11. www.everycloud.eu • Historical card data (where Pause and Resume Failed) • PCI-DSS – Top 5 risk on Corporate Risk Register • Increased focus from Barclaycard / Visa & MasterCard • Employee retention and clean room environment • How do we reduce / transfer risk? • Conflicting regulation between PCI and FCA • Integration with existing applications (some green screen terminal based) Case Study: Challenges UK leading insurance broker
  • 12. www.everycloud.eu The Contact Centre: The Challenge LAN PSTN In PCI scope Out of PCI scope
  • 13. www.everycloud.eu The Contact Centre: The Solution LAN PSTN PCI Appliance Web Service Patented DTMF Clamping technology In PCI scope Out of PCI scope
  • 14. www.everycloud.eu Single Managed PCI Contract • Patent protected “DTMF” solution • Broker platform integration “CDL” • Managed Report on Compliance • Handful of residual controls Case Study: Solution UK leading insurance broker
  • 15. www.everycloud.eu • Removed 85%+ of the technical landscape from PCI Scope, including the Contact Centres • Transfer of “Risk” under the contract • Reduced internal / future costs of compliance • FCA compliance maintained Case Study: Benefits UK leading insurance broker
  • 16. www.everycloud.eu The CIO explains: “The key consideration here was to go with one supplier who could deliver the entire solution end-to-end. We needed a solution that removed our Contact Centre from PCI scope and transferred the risk to a specialist partner” Case Study: Testimonial UK leading insurance broker
  • 18. www.everycloud.eu • Not just about achieving compliance! – Go beyond the baseline need and consider PCI as key part of a complete security strategy • Collaboration is critical – Use all relationships including PCI QSA’s – Work with a systems integrator that knows more than just PCI • Half baked solutions won’t cut it – A DTMF masking technology solution that takes the card number out of the equation will remove most of the technical landscape within the Contact Centre from PCI Scope • Don’t forget the impact on your employees • Start with the end in mind 5 Key Points “Takeaway” points