Ultracomms has urged businesses to review their processes as the telephone payment security watchdog issues strict new guidelines.
The provider of PCI DSS compliant telephone payment solutions has called on organisations to quickly review the way they take card payments over the phone following the latest guideline update by the Payment Card Industry Security Standards Council (PCI SSC), which reiterates the risks for businesses that continue to use Pause and Resume methods for processing telephone card payments.
Updated for the first time in seven years the guidelines state that removing payment card data from the contact centre environment is the only secure solution to prevent fraud attacks and ensure compliance.
Derwyn Jones, CEO of Ultracomms, said: "Businesses which use Pause and Resume as part of their payment processing strategy are not out of scope for PCI DSS.
"Pause and Resume only removes the call recording and storage systems from scope, but not the agent, agent desktop environment, or internal telephone systems.
"This leaves businesses and their customers open to the risks of card data fraud, investigations by a PCI forensic investigator, substantial fines, and the reputation and brand damage that would result.
“More businesses need to be aware that the Pause and Resume processes they currently use do not de-scope the contact centre agent, the agent desk-top or the telephone system, and therefore, still present a significant data security risk.
"Completely removing your contact centre environment from PCI DSS scope using technology such Dual-tone-Multi-Frequency (DTMF) masking is the only sure-fire way to guarantee compliance.”