Why does your cloud partner need to be PCI DSS Level 1 compliant?

OK, so the terminology doesn’t exactly roll off the tongue! However, if you take card payment details from a customer or supplier over the phone, PCI DSS Level 1 compliance MUST be on your radar. Firstly, let’s start by understanding what the letters actually mean.

PCI DSS is the global Payment Card Industry Data Security Standard, designed to ensure the robust storage, transmission and processing of a cardholder’s details. The standard is made up of a 12-point framework, which evidences the lengths your organisation has gone to, to prevent sensitive data from being breached and used fraudulently – because we all know the penalties for poor data protection practices! And, that’s before the much-debated GDPR comes into force in May 2018!

It’s also important to note that the considerations surrounding PCI DSS compliance must extend beyond your organisation’s own activities. So, if you’re using a cloud or telecoms partner to facilitate the exchange of bank details over the phone, for instance, they must also demonstrate compliance with the standard. Why? Because the responsibility for that data lies with you, regardless of who processes it on your behalf!

Compliance is graded at different levels, with Level 1 demonstrating ultimate robustness and security. Partners must undergo an extensive audit to achieve compliant partner status, which is no mean feat – significant experience in the capture and storage of data is required. But sourcing that much-needed partner is essential, if you’re to stay on the right side of the law.

Some brands have long prioritised the secure processing of callers’ payment details. We have a charity client that handles millions of valuable donations, every year, for example, so data security is paramount. However, using our HÖLLR platform, they’re able to automatically stop the call recording facility when the caller inputs their all-important digits. The DTMF (Dual Tone Multiple Frequencies) tones are also masked so that the operator hears only a flat sound – given there is a risk that the details could otherwise be decoded. As soon as the three-digit CVC code is inputted, HÖLLR then knows to immediately re-start the recording.

In truth, it’s all very straightforward. However, a vast number of brands with contact centres, are overlooking this crucial deciding factor, when sourcing their comms partner.  Many organisations may have fortunately escaped any penalties, so far. But with ransomware attacks and hacks taking place on what seems like a weekly basis, such an oversight is becoming too big a risk to take. Fines are already being imposed and GDPR isn’t even here yet…

It probably won’t surprise you to learn that Vapour Cloud’s HÖLLR platform is PCI DSS Level 1 compliant, hence the reason we’ve proudly authored this blog on the very topic! So, if you’re concerned about the security of the card payment details you’re responsible for, talk to us about how we can help.

Posted by Katie Mallinson
on August 14, 2017

Become a partner