Q1: What is PCI?
A: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
The Payment Card Industry Security Standards Council (PCI SSC) was launched in 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with a focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.). It is important to note that the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.
Q2: To whom does the PCI DSS apply?
A: The PCI DSS applies to ANY organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.
Q3: Why is PCI important to Telecom?
A: For a company to be PCI compliant it needs to pass strict standards regarding its People, Processes and Technology. For “People”, PCI standards look at such things as the background of the employee a company hires within their call center. For “Processes”, PCI standards looks at how those people document and handle the credit card information they are given. For “Technology” that is where telecom comes into play: Many times credit card information is given out over the phone to a call center agent on the receiving end. Even though the information is verbally spoken, a call center has the ability to record and store all conversations. So where is that voice recording stored? Who has access to it? how many years is it stored? All these questions need to be weighed carefully when evaluating PCI compliancy.
Other telecom related PCI compliance issues include things like patching the voice network frequently. System Configurations and Network security are a factor – there needs to be safe firewalls to guard against hacks. It is extremely important to update and monitor the anti-virus software on PCs and servers that are tied to the telecom equipment.
Any company, small or large, must be aware of PCI if they are handling credit card data in any way. Hiring a telecom service provider that is aware of the issues and knowledgeable about the PCI compliancy rules is a critical first step to managing your telecom infrastructure.