What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of minimum-security requirements that merchants are required to reach in order to reduce the risk of card data fraud and to ensure that payment information is handled securely.
This security standard is monitored and managed by the Payment Card Industry Security Standards Council.
All businesses that accept card payments either, over the phone, online or in store are required to become PCI compliant. The PCI DSS requires companies to:
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Why is PCI DSS so important?
The Payment Card Industry Data Security Standards (PCI DSS) is a set of requirements for enhancing payment account data security. These standards were developed by the PCI Security Standards Council (PCI SSC), which was founded by Visa, MasterCard, JCB, Discover and American Express to facilitate industry-wide implementation of consistent data security measures on a global basis.
The PCI DSS standard, which focuses on infrastructure and incorporates the first two standards. PCI DSS is applicable to all organisations that collect, process, or transmit card data. It covers technical and operating system components such as servers, applications, network devices, and locations.
The idea of PCI DSS is to protect the entire card data flow. The standard is in practice focused on both the merchant and the institutions that process and collect the card data.
It applies to all businesses that take credit and debit cards, regardless of size or transaction volume. Any business involved in the storage, processing and/or transmission of payment card numbers must comply.
The fallout of non-compliance can have a domino effect on your business, as the financial implications of a breach can affect businesses of any size. You can mitigate risk by maintaining compliance and providing verification and certification as required by the industry. By following the standardised PCI DSS procedures, you can:
- Protect your customers’ personal data
- Boost customer confidence through a higher level of data security
- Insulate your organisation from financial losses and remediation costs
- Maintain customer trust and safeguard the reputation of your brand
What MojoU offer:
MojoU’s PCI Consultancy service will advise and guide you on your PCI compliance journey, within the framework of this service we will undertake the following:
A scope reduction which will look at what you’re currently using for PCI DSS and minimise the scope with our cloud-based solution taking away unnecessary steps in your current data security process.
We will commence a GAP analysis, which will enable you to see if the correct requirements are met within your establishment.
MojoU will guide and help with any policy documentation taking away the time and headache for you, here at MojoU we’ve been listening to our customers struggles with regards to being compliant and following policies and procedures, we have a strong understanding of accurate documentation and putting the correct policies and practices in place, it was only natural to offer our expertise to handle this task so you don’t have to.
MojoU will guarantee the correct guidelines are followed on your journey through PCI compliance. Subsequently we will advise and guide you in evolving strong procedure and documentation development.
MojoU are committed to giving you a Technical solution design this means we will be defining a specific technical problem to be solved, identifying where it can be better, and then implementing those changes by using the right technology for you.
SAQ Validation and Support
MojoU will guide and advise your company to complete a SAQ (a self-assessment questionnaire) which is designed as a validation tool to assess security for cardholder data. The PCI Council has various types of SAQ questionnaires depending on the merchant or service provider. We will assist and support this process for you.
We are committed to helping you and your customers keep data protected, especially card data, our Penetration testing is designed to specifically target your company’s infrastructure and identify your key assets and the protection they are provided.
It begins by profiling your systems and looking for weaknesses or oversights that can be exploited and then using this information to penetrate further into your network.
Being certified by the PCI Security Standard Council, MojoU can offer ASV Scanning, this must be completed every quarter. ASV Scanning (Approved scanning vendor) is an important factor when becoming compliant. We offer two packages:
- A Standard Package which is ideal for level 3 and 4 merchants: MojoU can undertake ten scans per quarter for up to five IP addresses.
- The Enterprise Package which would be ideal for larger organisations: This will give you unlimited scans for up to twenty IP addresses.
Policy and Procedure development
MojoU will provide you with a document tool kit, we will help you continuously with the development of your policies and procedures. As you may know documentation is a fundamental part of being PCI compliant, having the right tools in place and compiling these policies will save you time and unwanted challenges.
Security awareness and training
Being aware of the security breaches and how to prevent it is half the battle. Here at MojoU we are equipped with helping you not only be aware of the breaches you can encounter, but also train you on being more mindful regarding card payments and security in the future.
In our constant evolving world, we are always facing new threats, it is essential to feel confident that you are fully equipped with the knowledge to avoid security breaches, network breaches, rogue agents and non-compliance.
MojoU can help you confront these threats, teach you how to eliminate them and seamlessly integrate PCI into your payment infrastructure.
How does MojoU’s PCI Cloud Solution Work?
We have talked about how PCI DSS compliance can be a complex on-going process that can be time consuming, expensive, and can sometimes limit business agility. However, non-compliance with these standards could damage your reputation, credibility, customer loyalty and expose you to legal issues.
With MojoU’s cloud-based PCI solution being so simple and scalable, it makes paying over the phone simple but most importantly secure, keeping your contacting centre compliant.
So how does it work? When a customer calls the contact centre and chooses to pay by card MojoU’s Cloud based PCI solution is activated and all the details are sent to the payment system, bypassing the contact centre.
Up until the point of taking payment, Dial Tone Multi-Frequency (DTMF) tones and Interactive Voice Responses (IVR) are enabled and may be navigated. But at the point of payment, MojoU’s cloud-based PCI solution is activated, and agents (and call recordings) hear a flat tone.
Payment details are then either passed directly to the payment gateway or the CRM for secure onward processing. MojoU ensure that card details are never captured in recordings, but the rest of the conversation is. This will help not only your customers and staff, it will improve employee morale, business process and eliminate extensive and time-consuming audits.
Contact us today for more information on our extensive portfolio of proven PCI solutions.