Why Telephone Card Payment Security is Important?
In face-to-face and e-commerce environments, risk-mitigating technologies have helped significantly reduce fraud rates, resulting in a shift of card fraud towards the Mail Order / Telephone Order (MOTO) space.
Additionally, a number of regulatory bodies are requiring some companies to record and store telephone conversations in a range of situations. The Payment Card Industry Data Security Standard (PCI DSS), however, stipulates that the three-digit or four-digit card verification code or value printed on the card (CVV2, CVC2, CID, or CAV2) cannot be retained after authorization, and full primary account numbers (PANs) cannot be kept without further protection measures.
As such, there is a risk that organizations taking customer payment card details over the telephone may be recording the full cardholder details to comply with various regulatory bodies, thereby causing them to be in contravention of PCI DSS requirements and potentially exposing cardholder data to unnecessary risk.
PCI DSS Requirements for Stored Cardholder Data
In general, no cardholder data should ever be stored unless it is necessary to meet the needs of the business. Sensitive data on the chip or magnetic stripe must never be stored after authorization. If an organization stores the primary account number (PAN), it is crucial to render it unreadable (see PCI DSS Requirement 3.4).
Organizations also must comply with Requirements 3.1 through 3.6 of the PCI DSS with respect to protection of stored data. It is important to understand the various elements that are classified as cardholder data, and especially what constitutes sensitive authentication data.
Share this on social media:
We support Fusion People with their IT and telecommunications. Watch how they made an annual saving of 40%.
Contact us today for help or advice on your IT & telecoms and receive a FREE Costa!
The player supports TAB to change the controls. Update Required<br/>To play the media you will need to either update your browser to a recent version or update your <a href='http://get.adobe.com/flashplayer/' target='_blank'>Flash plugin</a>.