SlideShare a Scribd company logo
1 of 18
www.everycloud.eu
PCI in the
Contact Centre
www.everycloud.eu
www.everycloud.eu
• Security Council Recommendations
• The Challenges
• Where are you on your journey?
• Case Study
• Key Takeaways
Agenda
www.everycloud.eu
PCI DSS Security Council Recommendations
 It is a violation to store sensitive card data after authentication without proper protection
including in call recordings, and in particular it is prohibited to store/record the CVV/CV2 number
under any circumstances.
 Where it is necessary to record calls (for quality control or regulatory purposes), appropriate
technology must be introduced to prevent the recording of sensitive elements.
 Personal Account Numbers (PANs, or the long card number) must not be held in a manner
accessible to others and should be masked in part if/when displayed (e.g. last 4 numbers only).
 Encryption/Tokenisation should be used when storing or transmitting sensitive data.
 Unencrypted VoIP telephone systems must be avoided.
 Homeworkers should be tightly supervised to ensure that they are not receiving or storing
sensitive client data in a manner which breaches the requirements - including writing client card
details and authentication numbers down, or storing them on unencrypted or removable media
such as USB sticks.
Security Council:
The Facts
www.everycloud.eu
End-to-End Media Encryption
Complies with security standards and regulations but not CVV2 capture and storage
Pause and Resume (Manual or Automated)
Manual
• Reliant on agent intervention
• Open to abuse
Automated
• Can be difficult to scope and implement
• FCA compliance implications– broken call
• Agents exposed to sensitive information
• Information stored at agent desktop level
The Challenges
How do we keep it simple?
www.everycloud.eu
The Challenges
“Most people we engage with are more concerned at
the impact on their brand, than the threat of a fine”
Allan Packer – Managing Director Silver Lining
www.everycloud.eu
Employer – Employee
• Few would argue that the most valuable resource of
any organisation is its people
• Motivation - engagement and retention
• Employee brand is not a label, it is an experience -
employees represent the brand
• Understand that it is your employees who are
responsible for the happiness (or otherwise) of your
customers
“The higher the level of employee satisfaction, the greater the
commitment and contribution to the employer.”
Ronan Miles, CEO Oracle UK
The Challenges
www.everycloud.eu
“Collaboration is critical”
Stephen Orfei, PCI Standards Council GM
Where are you?
• Not simply PCI
• Vendor relationships
• Integration
• QSA’s
• On Premise / Hosted
• Keep it simple…
www.everycloud.eu
Case Study: The PCI Journey
UK leading insurance broker
www.everycloud.eu
• 1,750 employees
• Over 1.5 million policy
holders
• Two contact centres
Case Study:
Overview
UK leading
insurance broker
“Looking under the bonnet…”
www.everycloud.eu
• Started to protect card data on legacy IBM AS/400 platform in 2007
• CIO joins late 2008, and deploys new strategy as part of MBO to rip and
replace all key systems.
• New Avaya Aura contact centre deployed 2009/10 with Pause and
Resume for masking card details.
• New Contact Centre upgrade project kicks off 2013 which includes the
move to DTMF masking for PCI compliance / Outsourced PCI managed
service.
Case Study:
The PCI Journey
UK leading
insurance broker
www.everycloud.eu
• Historical card data (where Pause and Resume Failed)
• PCI-DSS – Top 5 risk on Corporate Risk Register
• Increased focus from Barclaycard / Visa & MasterCard
• Employee retention and clean room environment
• How do we reduce / transfer risk?
• Conflicting regulation between PCI and FCA
• Integration with existing applications (some green screen terminal based)
Case Study:
Challenges
UK leading
insurance broker
www.everycloud.eu
The Contact Centre:
The Challenge
LAN
PSTN
In PCI scope
Out of PCI scope
www.everycloud.eu
The Contact Centre:
The Solution
LAN
PSTN
PCI Appliance
Web Service
Patented DTMF Clamping technology
In PCI scope
Out of PCI scope
www.everycloud.eu
Single Managed PCI Contract
• Patent protected “DTMF” solution
• Broker platform integration “CDL”
• Managed Report on Compliance
• Handful of residual controls
Case Study:
Solution
UK leading
insurance broker
www.everycloud.eu
• Removed 85%+ of the technical landscape
from PCI Scope, including the Contact Centres
• Transfer of “Risk” under the contract
• Reduced internal / future costs of compliance
• FCA compliance maintained
Case Study:
Benefits
UK leading
insurance broker
www.everycloud.eu
The CIO explains:
“The key consideration here was to go with one supplier who
could deliver the entire solution end-to-end. We needed a
solution that removed our Contact Centre from PCI scope and
transferred the risk to a specialist partner”
Case Study:
Testimonial
UK leading
insurance broker
www.everycloud.eu
Secure “DTMF”
Payment Process
Customer Agent
**** **** 1307
www.everycloud.eu
• Not just about achieving compliance!
– Go beyond the baseline need and consider PCI as key part of a
complete security strategy
• Collaboration is critical
– Use all relationships including PCI QSA’s
– Work with a systems integrator that knows more than just PCI
• Half baked solutions won’t cut it
– A DTMF masking technology solution that takes the card number out
of the equation will remove most of the technical landscape within
the Contact Centre from PCI Scope
• Don’t forget the impact on your employees
• Start with the end in mind
5 Key Points
“Takeaway” points

More Related Content

What's hot

Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...
Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...
Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...Mitch Ackles
 
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
 Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ... Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...FinTech Belgium
 
Introduction to DeGroote Consulting
Introduction to DeGroote Consulting Introduction to DeGroote Consulting
Introduction to DeGroote Consulting Alex DeGroote
 
Issuers Story - PCI Congress London 23Jan14
Issuers Story - PCI Congress London 23Jan14Issuers Story - PCI Congress London 23Jan14
Issuers Story - PCI Congress London 23Jan14Patrick Wheeler
 
GLOVOC Fund Partners_Structure_Shortdeck
GLOVOC Fund Partners_Structure_ShortdeckGLOVOC Fund Partners_Structure_Shortdeck
GLOVOC Fund Partners_Structure_ShortdeckDr. Sudhir Deva
 
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19FinTech Belgium
 
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...SigortaTatbikatcilariDernegi
 
Company presentation short eng
Company presentation short   engCompany presentation short   eng
Company presentation short englotharsindel
 
Degroof Petercam corporate presentation
Degroof Petercam corporate presentationDegroof Petercam corporate presentation
Degroof Petercam corporate presentationBank Degroof Petercam
 
Capabilities Overview Horizon
Capabilities Overview   HorizonCapabilities Overview   Horizon
Capabilities Overview Horizonjohnwiltshire
 
A career not just a job!
A career not just a job!A career not just a job!
A career not just a job!ChrisBakerF55F
 
Bolero Crowdfunding as Alternative Financing - FinTech Belgium
Bolero Crowdfunding as Alternative Financing - FinTech BelgiumBolero Crowdfunding as Alternative Financing - FinTech Belgium
Bolero Crowdfunding as Alternative Financing - FinTech BelgiumFinTech Belgium
 
Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jan Piet Jacobi
 
Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jan Piet Jacobi
 
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...FinTech Belgium
 
Hoolders Crowdfunding - FinTech Belgium
Hoolders Crowdfunding - FinTech BelgiumHoolders Crowdfunding - FinTech Belgium
Hoolders Crowdfunding - FinTech BelgiumFinTech Belgium
 

What's hot (18)

Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...
Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...
Fundbase Obtains FINMA Approval to Represent and Distribute Foreign Collectiv...
 
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
 Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ... Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
 
Introduction to DeGroote Consulting
Introduction to DeGroote Consulting Introduction to DeGroote Consulting
Introduction to DeGroote Consulting
 
Issuers Story - PCI Congress London 23Jan14
Issuers Story - PCI Congress London 23Jan14Issuers Story - PCI Congress London 23Jan14
Issuers Story - PCI Congress London 23Jan14
 
GLOVOC Fund Partners_Structure_Shortdeck
GLOVOC Fund Partners_Structure_ShortdeckGLOVOC Fund Partners_Structure_Shortdeck
GLOVOC Fund Partners_Structure_Shortdeck
 
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19
FinTech Belgium - MeetUp on Insurtech KickOff - Fintech Belgium Intro - 25-04-19
 
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...
The Challenges And Opportunitites Ahead: A Lloyd's Perspective - Internationa...
 
Company presentation short eng
Company presentation short   engCompany presentation short   eng
Company presentation short eng
 
Degroof Petercam corporate presentation
Degroof Petercam corporate presentationDegroof Petercam corporate presentation
Degroof Petercam corporate presentation
 
Capabilities Overview Horizon
Capabilities Overview   HorizonCapabilities Overview   Horizon
Capabilities Overview Horizon
 
A career not just a job!
A career not just a job!A career not just a job!
A career not just a job!
 
Bolero Crowdfunding as Alternative Financing - FinTech Belgium
Bolero Crowdfunding as Alternative Financing - FinTech BelgiumBolero Crowdfunding as Alternative Financing - FinTech Belgium
Bolero Crowdfunding as Alternative Financing - FinTech Belgium
 
Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jp purchasing consultancy 2013
Jp purchasing consultancy 2013
 
Jp purchasing consultancy 2013
Jp purchasing consultancy 2013Jp purchasing consultancy 2013
Jp purchasing consultancy 2013
 
NEVIS Security Suite
NEVIS Security Suite NEVIS Security Suite
NEVIS Security Suite
 
CV cath EN(2)
CV cath EN(2) CV cath EN(2)
CV cath EN(2)
 
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...
Fintech Belgium_Webinar 4: Financial Crisis Survival / Covid-19: Home Working...
 
Hoolders Crowdfunding - FinTech Belgium
Hoolders Crowdfunding - FinTech BelgiumHoolders Crowdfunding - FinTech Belgium
Hoolders Crowdfunding - FinTech Belgium
 

Similar to PCI in the Contact Centre

PCI London Silver Lining Jan 2016
PCI London Silver Lining Jan 2016PCI London Silver Lining Jan 2016
PCI London Silver Lining Jan 2016Mark James
 
Secure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsSecure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsLionel Briand
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionDale Butler
 
Avira - NOAH17 Berlin
Avira - NOAH17 BerlinAvira - NOAH17 Berlin
Avira - NOAH17 BerlinNOAH Advisors
 
Privacy and Security policies in the cloud
Privacy and Security policies in the cloudPrivacy and Security policies in the cloud
Privacy and Security policies in the cloudDavid Wallom
 
Ebi temaline 4.6-customer-presentation-v1g
Ebi temaline 4.6-customer-presentation-v1gEbi temaline 4.6-customer-presentation-v1g
Ebi temaline 4.6-customer-presentation-v1gJ Krishna Teja
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessLucy Denver
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Ollie Whitehouse
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfssuserbcc088
 
Why outsource your accounting business?
Why outsource your accounting business?Why outsource your accounting business?
Why outsource your accounting business?QXAS Inc
 
Security and Authentication at a Low Cost
Security and Authentication at a Low CostSecurity and Authentication at a Low Cost
Security and Authentication at a Low CostDonald Malloy
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
 
SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015Dale Butler
 
Making Blockchain Real for Business
Making Blockchain Real for BusinessMaking Blockchain Real for Business
Making Blockchain Real for BusinessBente Larsen
 
Bb20151019 trusted cloud-rennes-final
Bb20151019 trusted cloud-rennes-finalBb20151019 trusted cloud-rennes-final
Bb20151019 trusted cloud-rennes-finalJanne Järvinen
 
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationHow to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationKoenig Solutions Ltd.
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsUlf Mattsson
 

Similar to PCI in the Contact Centre (20)

PCI London Silver Lining Jan 2016
PCI London Silver Lining Jan 2016PCI London Silver Lining Jan 2016
PCI London Silver Lining Jan 2016
 
Secure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsSecure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech Applications
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibition
 
Avira - NOAH17 Berlin
Avira - NOAH17 BerlinAvira - NOAH17 Berlin
Avira - NOAH17 Berlin
 
Privacy and Security policies in the cloud
Privacy and Security policies in the cloudPrivacy and Security policies in the cloud
Privacy and Security policies in the cloud
 
Ebi temaline 4.6-customer-presentation-v1g
Ebi temaline 4.6-customer-presentation-v1gEbi temaline 4.6-customer-presentation-v1g
Ebi temaline 4.6-customer-presentation-v1g
 
Cyber Security and the Impact on your Business
Cyber Security and the Impact on your BusinessCyber Security and the Impact on your Business
Cyber Security and the Impact on your Business
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)
 
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdfpci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
pci powerpoint 01-12-2012- cal poly basic rev 07-23-12b.pdf
 
Why outsource your accounting business?
Why outsource your accounting business?Why outsource your accounting business?
Why outsource your accounting business?
 
TFS Brochure 1_HUB
TFS Brochure 1_HUBTFS Brochure 1_HUB
TFS Brochure 1_HUB
 
Brochure EBRC 2016
Brochure EBRC 2016Brochure EBRC 2016
Brochure EBRC 2016
 
Security and Authentication at a Low Cost
Security and Authentication at a Low CostSecurity and Authentication at a Low Cost
Security and Authentication at a Low Cost
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015
 
Making Blockchain Real for Business
Making Blockchain Real for BusinessMaking Blockchain Real for Business
Making Blockchain Real for Business
 
Bb20151019 trusted cloud-rennes-final
Bb20151019 trusted cloud-rennes-finalBb20151019 trusted cloud-rennes-final
Bb20151019 trusted cloud-rennes-final
 
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationHow to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical Information
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
Data protection on premises, and in public and private clouds
Data protection on premises, and in public and private cloudsData protection on premises, and in public and private clouds
Data protection on premises, and in public and private clouds
 

Recently uploaded

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Recently uploaded (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

PCI in the Contact Centre

  • 1. www.everycloud.eu PCI in the Contact Centre www.everycloud.eu
  • 2. www.everycloud.eu • Security Council Recommendations • The Challenges • Where are you on your journey? • Case Study • Key Takeaways Agenda
  • 3. www.everycloud.eu PCI DSS Security Council Recommendations  It is a violation to store sensitive card data after authentication without proper protection including in call recordings, and in particular it is prohibited to store/record the CVV/CV2 number under any circumstances.  Where it is necessary to record calls (for quality control or regulatory purposes), appropriate technology must be introduced to prevent the recording of sensitive elements.  Personal Account Numbers (PANs, or the long card number) must not be held in a manner accessible to others and should be masked in part if/when displayed (e.g. last 4 numbers only).  Encryption/Tokenisation should be used when storing or transmitting sensitive data.  Unencrypted VoIP telephone systems must be avoided.  Homeworkers should be tightly supervised to ensure that they are not receiving or storing sensitive client data in a manner which breaches the requirements - including writing client card details and authentication numbers down, or storing them on unencrypted or removable media such as USB sticks. Security Council: The Facts
  • 4. www.everycloud.eu End-to-End Media Encryption Complies with security standards and regulations but not CVV2 capture and storage Pause and Resume (Manual or Automated) Manual • Reliant on agent intervention • Open to abuse Automated • Can be difficult to scope and implement • FCA compliance implications– broken call • Agents exposed to sensitive information • Information stored at agent desktop level The Challenges How do we keep it simple?
  • 5. www.everycloud.eu The Challenges “Most people we engage with are more concerned at the impact on their brand, than the threat of a fine” Allan Packer – Managing Director Silver Lining
  • 6. www.everycloud.eu Employer – Employee • Few would argue that the most valuable resource of any organisation is its people • Motivation - engagement and retention • Employee brand is not a label, it is an experience - employees represent the brand • Understand that it is your employees who are responsible for the happiness (or otherwise) of your customers “The higher the level of employee satisfaction, the greater the commitment and contribution to the employer.” Ronan Miles, CEO Oracle UK The Challenges
  • 7. www.everycloud.eu “Collaboration is critical” Stephen Orfei, PCI Standards Council GM Where are you? • Not simply PCI • Vendor relationships • Integration • QSA’s • On Premise / Hosted • Keep it simple…
  • 8. www.everycloud.eu Case Study: The PCI Journey UK leading insurance broker
  • 9. www.everycloud.eu • 1,750 employees • Over 1.5 million policy holders • Two contact centres Case Study: Overview UK leading insurance broker “Looking under the bonnet…”
  • 10. www.everycloud.eu • Started to protect card data on legacy IBM AS/400 platform in 2007 • CIO joins late 2008, and deploys new strategy as part of MBO to rip and replace all key systems. • New Avaya Aura contact centre deployed 2009/10 with Pause and Resume for masking card details. • New Contact Centre upgrade project kicks off 2013 which includes the move to DTMF masking for PCI compliance / Outsourced PCI managed service. Case Study: The PCI Journey UK leading insurance broker
  • 11. www.everycloud.eu • Historical card data (where Pause and Resume Failed) • PCI-DSS – Top 5 risk on Corporate Risk Register • Increased focus from Barclaycard / Visa & MasterCard • Employee retention and clean room environment • How do we reduce / transfer risk? • Conflicting regulation between PCI and FCA • Integration with existing applications (some green screen terminal based) Case Study: Challenges UK leading insurance broker
  • 12. www.everycloud.eu The Contact Centre: The Challenge LAN PSTN In PCI scope Out of PCI scope
  • 13. www.everycloud.eu The Contact Centre: The Solution LAN PSTN PCI Appliance Web Service Patented DTMF Clamping technology In PCI scope Out of PCI scope
  • 14. www.everycloud.eu Single Managed PCI Contract • Patent protected “DTMF” solution • Broker platform integration “CDL” • Managed Report on Compliance • Handful of residual controls Case Study: Solution UK leading insurance broker
  • 15. www.everycloud.eu • Removed 85%+ of the technical landscape from PCI Scope, including the Contact Centres • Transfer of “Risk” under the contract • Reduced internal / future costs of compliance • FCA compliance maintained Case Study: Benefits UK leading insurance broker
  • 16. www.everycloud.eu The CIO explains: “The key consideration here was to go with one supplier who could deliver the entire solution end-to-end. We needed a solution that removed our Contact Centre from PCI scope and transferred the risk to a specialist partner” Case Study: Testimonial UK leading insurance broker
  • 18. www.everycloud.eu • Not just about achieving compliance! – Go beyond the baseline need and consider PCI as key part of a complete security strategy • Collaboration is critical – Use all relationships including PCI QSA’s – Work with a systems integrator that knows more than just PCI • Half baked solutions won’t cut it – A DTMF masking technology solution that takes the card number out of the equation will remove most of the technical landscape within the Contact Centre from PCI Scope • Don’t forget the impact on your employees • Start with the end in mind 5 Key Points “Takeaway” points