The global Payment Card Industry Security Standards Council (PCI SSC), of which Syntec is a participating member organisation, has just published its most important guidance on
payments by phone (and related
card data security) since 2011.
Protecting Telephone-Based Payment Card Data brings up to date guidance on how merchants should protect their own customers' card data in this complex 'Cardholder Not Present' (CNP) operating environment, reinforcing the hundreds of security controls which are mandated under the 12 high-level requirements of PCI DSS.
Much has changed since guidelines were first published by the PCI SSC, not least the rapid growth of cloud infrastructure, multi-channel communication and internet telephony, as well as the advent of the new GDPR data protection legislation and growing threats to customers' data.
This new Syntec report represents a major update to our research last conducted in 2016, and it couldn't be more timely, taking into account as it does the updated PCI SSC guidelines.
Payment card data security has never been more of an issue and call centres are increasingly seen as the weakest link for organisations, vulnerable to fraud on multiple fronts both from outside and within.
Findings from survey of 750 consumers in the UK, USA and Australia
20+ interviews with industry experts
Literature review of latest research
Updated to take into account new PCI SSC guidelines and GDPR
Our research shows that consumers are growing ever more concerned about payment card security when paying over the telephone and that expert advice is moving away from recommending the use of mitigating controls such as pause and resume and white rooming, towards the emerging new standard of DTMF masking or 'keypad payment by phone'.
We have an active social media presence on Facebook, Twitter, LinkedIn, YouTube and Google+ so please connect with us for regular updates on product developments, events, research and industry developments.