This page contains a Flash digital edition of a book.
SOCIAL HOUSING & COMMUNITY FACILITIES


The Cyber Essentials scheme shows how to put these controls in place.


PCI DSS COMPLIANCE Safeguarding payments is paramount


in the face of cyber threats and being fully PCI DSS-compliant is a crucial step towards a secure payment environment and reassures buyers that suppliers are taking the appropriate measures to protect data.


PCI DSS, or the Payment Card Industry Data Security Standard, is a set of security standards that any organisation that processes, stores or transmits debit and credit card information must adhere to. By becoming PCI DSS-compliant, organisations such as housing associations, local authorities and Central Government can preserve customer trust, ensure compliance, lower costs and importantly, reduce risk.


schemes like Cyber Essential Plus, to ensure they are sufficiently covered.


At allpay Limited we recently joined a small number of payment companies in being accredited to this scheme, which verifies that organisations have the appropriate security protocols in place to stave off the most prevalent forms of attack. The scheme discourages suppliers from being irresponsible about cyber security, whilst continuing to protect customer data.


A landmark report on Common Cyber Attacks issued by GCHQ detailed for the first time the common attacks used by cyber criminals. The report used real case studies to explain the nature of the risk and how it can be prevented. Around 80% of cyber-attacks could be prevented if businesses put simple security controls in place.


www.tomorrowsfm.com


Worryingly however, Freedom of Information requests sent to local authorities in 2015 by the Card Processing Advisory Service (CPRAS) revealed that more than 65% are not fully PCI-DSS compliant. The UK Cards Association stipulates that, should a business lose card data and not be PCI DSS-compliant, it faces non-compliance fines and the operational costs associated with replacing accounts, as well as liability for any fraud losses.


Latest revisions of the PCI DSS standards have tightened security requirements, and technology can help to mitigate risks for organisations.


A good example is where organisations are taking payments via their call centres, with the potential for security breaches when handling customers’ card data. Recent innovations such as cloud-based call masking services can help to create a secure environment when operatives are handling card data when processing a payment. By rerouting the call through a secure cloud- based environment, it can completely remove desktops, IT and telephony systems, agents and call recordings from PCI DSS compliance scope, enabling customers to type their card


numbers securely into the telephone keypad, rather than speaking them aloud to an agent, which can be potentially be recorded and/or stored.


Great Places Housing Group recently procured allpay’s DTMF tone masking solution in order to reduce the risk of fraud and data breaches. The group, which owns and manages more than 18,000 homes across the North West and Yorkshire region, is one of the largest developing housing associations in the North of England, so protecting its database and customer information was fundamental.


Becoming PCI DSS-compliant independently, and achieving ongoing compliance, can be an onerous and complex process for organisations, incurring high fees and using valuable staff time that could be invested more effectively elsewhere.


“CLOUD-BASED CALL MASKING SERVICES CAN


HELP TO CREATE A SECURE ENVIRONMENT.”


Outsourcing PCI compliance to a Level 1 PCI DSS compliant payment service provider can make a material difference in administration and cost. For example, outsourcing can see organisations only having to complete a shorter version of a mandatory Self-Assessment Questionnaire (SAQ) to their merchant acquirer. Where SAQ A is the least onerous with circa 10 requirements; SAQ D is the most onerous with in excess of 250 requirements, which would also include quarterly scans of their card payment environment. If the solution is outsourced the organisation only requires the completion of SAQ A.


At a time where protection of data and security is all too prevalent in the news, it’s important to ensure systems are protected – and for this to be done in a cost effective and efficient manner. This needn’t be costly or arduous – with much of the risk, compliance and cost outsourced to third-party providers.


www.allpay.net TOMORROW’S FM | 27


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56