Act Now! Why Time Is Running Out To Prove PCI Compliance ‘Innocence’

It’s not just the PSTN copper line switch-off which is looming large. Another important deadline is even closer!

Do you know there are just several months before major changes come into force around payment card information (PCI) protection? With regulations changing in just several months.

Many organisations are unaware and unprepared for the radical changes they need to introduce around how they operate with PCI. From March 2024 they will need to prove their innocence by providing real-life data and proof of their compliance, rather than simply verbally defending any guilt that has been implicated.

Our partners and their customers all need to know that PCI compliance is changing and understand how it is focusing on strengthening the protection of payment card information. PCI 4.0 is moving to an evidence-based model where a customer has to prove they are fully compliant rather than just verbally indicating they are.

In most cases, the existing ‘Pause and Resume’ model - where credit card details are not recorded when taking payments over the telephone - simply isn’t fit for purpose.

Fines already run into millions of pounds depending on the size of a company and the scale of any breach.

Huge Swing

Pause and Resume was never a perfect solution anyway. It is notoriously unreliable and adopting manual procedures isn’t perfect either – as human error can occur when pressing buttons and pausing recordings.

There are many holes in the sequence of events that can put compliance seriously at risk. Call and contact centre staff are still hearing details, they might be keying it into another system or writing it down to double-check it’s correct. Equally, the person giving their card details risk being overheard.

The whole PCI compliance issue is about what’s in scope. There’s a massive amount to consider because if you are using Teams or Webex to take that call that’s on the desktop of a PC so now your PC’s and the entire network is in scope along with your physical handsets and wider buildings. There’s so much PCI auditors need to look at and assess.

From March 2024 it will no longer be good enough just to say, “you have a process”. You and your organisation will need to prove it and provide evidence. It will potentially become a huge operational issue for businesses.

Helping Hand

At Evolve IP, we believe solutions should work for everyone. Evolve IP is here to help with the launch of Anywhere Secure Call, the latest addition to our Anywhere Product Suite. Anywhere Secure Call is cost-effective and can easily be rolled out from one person to one thousand. It’s simple to set up and has been built from the ground up by our in-house technical experts.

The time to act is now. Be prepared for the changes that are being implemented for PCI in March 2024. Don’t wait any longer.

To learn more visit

Related Topics

Share this story