TTG Toolkit Advisor A brand new card game

While some are dreading the new card payment rules in March, others are looking forward to a business boost. Eckoh’s head of global marketing, Tony Porter, reveals why

What’s the issue? From March this year, Iata-accredited travel agents need to be compliant with Payment Card Industry Data Security Standards (PCI DSS) to reduce the risk of fraud. What’s more, compliance is mandatory. If you store, process or transmit people’s payment card data and want to keep taking card payments, then this applies to you.

Why is it important? Card-not-present (CNP) fraud (when card payments are taken over the phone, web or via mail when the cardholder is physically not present) in the UK cost businesses £432 million in 2016 and, according to the Office for National Statistics, is set to rise by 120% by 2021. More than a third of CNP fraud is happening in contact centres as criminals become smarter. If your agents are asking customers to read out their payment card details over the phone, that sensitive information is exposed to the agent as well as being stored in your systems, call recordings and transmitted through your processes. That makes it vulnerable to theft via a breach or agent misuse. Customers trust you to keep their data safe, so if you don’t want to risk losing them, incurring fines and damaging your reputation, you need to be compliant to reduce the risks and show them that you take their data security seriously.

What are the penalties for non-compliance? Non-compliance often comes to light when there’s a data breach. Payment brands can issue fines that may run into hundreds of thousands of pounds. Companies may also face increased transaction fees or even be

52 22.02.2018

prevented from accepting payments by card. They may also have to pay for a forensic investigation into the causes of any compromise. A breach can also be followed by bad publicity, a damaged reputation, costly compensation to customers and lost business.

The journey to compliance Put simply, the journey to PCI DSS means you’ll need to lock down how you handle card payments over any channel.

In-house security is difficult to maintain because it is time- consuming to keep “clean room” processes working well and control use of recording devices such as paper, pens or logs. High staff turnover can reduce understanding and just one change to an IT

system can impact others. You will need to:

• Identify all locations where cardholder data is held and any vulnerabilities

• Build and operate secure networks and systems to secure weak points

• Document all assessments and remediation

• Maintain a vulnerability management programme

• Implement strong access controls • Regularly monitor and test networks and systems

• Submit compliance reports to your acquiring banks/card brands

• Maintain an information security policy What’s more, you need to maintain the standard constantly to reduce the risks involved. Using an expert payment service

provider can help you more easily achieve compliance without the complexity and drain on resources.

The benefits of compliance Beyond avoiding hefty fines, being PCI DSS compliant can give you three clear advantages:

1. Protect income and focus on what you do best Compliance means you can continue to take card payments securely. You can also reduce the threat of your systems and contact centre being infiltrated by card data fraudsters.

2. A boost for customer confidence Today’s consumers are increasingly aware of card fraud and scams. So, it’s good to share the news that travellers’ card details will be more secure when they make payments to your team. The right PCI DSS solution will make the process more secure and seamless as well as forming part of the forthcoming GDPR compliance.

3. New channels to delight customers With the right PCI DSS partner, there are ways to offer new payment channels to your customers — and be 100% confident about their security. Get the edge over competitors by letting your clients make secure payments via Live Chat over the web, Apple Pay over the phone, and self-service payments via interactive voice response and mobile apps.

Eckoh offers PCI DSS Compliance solutions, which can be rolled out quickly. For more information download its free guide to PCI DSS at: Contact Eckoh on: T: 01442 458 460 E:

Security is a priority as customers’ card data is vulnerable to theft

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90