Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
proprietary & confidential 1
Protecting Phone-Based
Transactions and
Understanding
PCI Compliance
VG FOA Fa l l , O CTOBER 2018
JASON HERBERT, SENIOR ACCOUNT MANAGER
proprietary & confidential 2
C h a r l o t t e , N C – P a y m e n t u s H e a d q u a r t e r s
WHO WE ARE
PAYMENTUS
Paymentus is a leading provider of eBilling and Payment solutions in
North America
Founded in 2004
1,300 Local Government and Municipal Utility Clients
99.7% Annual Client Retention Rate
PCI Level 1 Hosted Service Provider
Recognized by Deloitte to be among the fastest growing
companies in North America
proprietary & confidential 3
WHAT IS PCI DSS? PAYMENTUS
The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
PCI DSS was created jointly by Visa, MasterCard, Discover and American Express in 2004
proprietary & confidential 4
WHAT IS PCI DSS? PAYMENTUS
A secure network must be maintained in which transactions can be conducted.
There are 6 major objectives:
Cardholder information must be protected wherever it is stored.
Systems should be protected against the activities of malicious hackers.
Access to system information and operations should be restricted and controlled.
Networks must be constantly monitored and regularly tested to ensure that all security measures and processes are in place, functioning properly, and are kept up-to-date.
A formal information security policy must be defined, maintained and followed at all times and by all participating entities.
4.
1. 2. 3.
5. 6.
proprietary & confidential 5
DOES PCI DSS AFFECT MY BUSINESS? PAYMENTUS
PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers.
PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).
Does PCI DSS apply to Telephone Call Centers – Absolutely!
proprietary & confidential 6
HOW YOUR BUSINESS IS IN PCI SCOPE
PAYMENTUS
Cardholder data passes through, and can be potentially stored, accessed, or directly compromised at a variety of points during a transaction… starting the moment the information is relayed from the cardholder.
proprietary & confidential 7
PCI PENALTIES AND FINES PAYMENTUS
If your business is found to be out of compliance, your business can be fined from $5,000 up to $500,000, depending on:
Size of business
Length of non-compliance
Degree of non-compliance
If non-compliance leads to a breach, the penalties can be even more damaging:
$50-90 fine for each compromised cardholder.
Suspension of credit card acceptance by credit card account provider.
Potential litigation.
Damage (potentially permanent) to public perception of the trustworthiness of your brand.
proprietary & confidential 8
PATHS TO CALL CENTER COMPROMISATION
PAYMENTUS
Call centers are not immune to sources of breach, CSRs have a variety of means and opportunities to record cardholder data…
Notebook and Pen
Mobile phone
— Camera
— Voice recorder
— Notes
Bluetooth recorder
Memory Stick
Key Logger
EXISTING SOLUTIONS PAYMENTUS
proprietary & confidential 10
EXISTING SOLUTIONS CURRENT ENVI RO NMENT
The most common approaches to
facilitate payments during a phone-based
request are loaded with risk (financial,
customer and security risk):
COMMON APPROACH #1
Customer reads card information to
employee who enters it into a payment
terminal
Significant security risks.
Business is in PCI scope.
proprietary & confidential 11
EXISTING SOLUTIONS CURRENT ENVI RO NMENT
COMMON APPROACH #2
Employee directs customer to website
to make a payment
Customer satisfaction risk.
Potential non-payment.
proprietary & confidential 12
EXISTING SOLUTIONS CURRENT ENVI RO NMENT
COMMON APPROACH #3
Employee transfers customer to IVR
to make payment
Customer satisfaction risk.
proprietary & confidential 13
EXISTING SOLUTIONS CURRENT ENVI RO NMENT
COMMON APPROACH #4
Employee engages IVR and uses DTMF
masking to hide payment details
Security risks exist and business is in
PCI scope.
Can be expensive.
proprietary & confidential 14
SECURE SERVICETM
SO LUTIONS
Paymentus Solution:
• Paymentus has developed a proprietary, patented solution (Secure Service™) that is positively changing how businesses conduct
phone based transactions
Critical Success Factor Secure Service™
Does not require additional action by customer (bill payer)
Removes call center from PCI scope (solution approved by PCI Council)
Supports continued connectivity between CSR and customer throughout service encounter
Is compatible with existing phone systems
Is easy to implement
Results in successful payment
Improves CSR productivity