Overview

Payment Card Industry

Posted on 28 April 2009 by
Does anyone carry cash anymore?  Do you think we’ll see ATMs fall away like public pay phones?  Regardless of how you feel about carrying cash it will not help you pay your bill over the phone. 

If you are operating a contact center and taking credit cards over the phone, you have likely been impacted by the Payment Card Industry’s Data Security Standards (PCI DSS).  The trick to PCI compliance
isn’t in the application, but in the policy used to adhere to the guidelines.  In my role I see many questions about PCI compliance.  What’s important to note is that a application cannot be PCI certified.  It is the organization that is responsible for becoming certified compliant.  With that said, I will add that certain applications can sure make policy adherence easier and less costly.  There are three main stages to PCI DSS compliance: Collecting and Storing, Reporting, and Monitoring and Alerting.  Non-compliance can be costly.

PCI Security Standards website
https://www.pcisecuritystandards.org/

Take a look at this link.  You’ll find a great overview list of PCI DSS Do’s and Don’ts
https://www.pcisecuritystandards.org/education/fact_sheets.shtml

Here’s an idea… what about using something like RSA SecureID with a revolving token to replace credit cards?  You know, the same technology used by some organizations to control VPN access. Think that could ever happen or even work?  What do you think will happen to how we make payment transactions in the future?  What regulatory standards impact you? 

Peter "Cashless" Nees

Category: Best Practices

2 comments to Payment Card Industry

  • Sean Jaggernauth
    May 20, 2009 at 11:26 am · Reply
    Revolving tokens might be a viable replacement for credit cards but I think it might be a high cost solution. Since PCI affects organizations of all sizes who use payment cards, we need an fast and low cost answers to PCI compliance. There are many applications, some even end to end solutions, that can make becoming compliant easier and less costly and they are listed in the PCI SSC website. It is important to also note that liability for PCI compliance extends to third parties involved in an organizations process flow, so they must be compliant also.
  • Peter Nees
    May 27, 2009 at 1:33 pm · Reply
    The PCI standards recommend setting up a legal contract when exchanging sensitive information with a third party. The contract is recommended in a effort to absolve the first party from any legal action if the information exchanged to the third party is compromised.I agree that the revolving token idea is a much longer term solution. I think it could be eventually a low cost solution if the credit card companies get behind it and extend the capabilities of their chips built into their cards.

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>