Secure and compliant phone payments
When we talk about secure and compliant phone payments, we mean YOU being secure and compliant. Others refer to their solution being compliant, but that doesn’t help YOU.
The sad fact is that most companies selling phone payments are actually just selling a virtual terminal, and while they are secure and compliant, you are not. This leaves you exposed to fraud, data breaches and the risks of non-compliance.
If you take card payments (in store, on your website, over the phone or webchat) you need to comply with the Payment Card Industry Data Security Standard (PCI DSS), issued by the PCI Security Standards Council.
Now here's the kicker.
While the solution you use might to do this is PCI compliant, your organisation ALSO needs to be compliant. Here’s the latest guidance from the PCI SSC:
Click here to download the latest guidance from the PCI SSC on phone payments.
Yup it’s quite a read and I can imagine you have better things to do! Well, we have read it word for word and can help you get it right.
The easiest way to reduce your compliance burden is to remove your organisation from scope. This means that your staff, as well as your phone system, computers, keyboards and network are not exposed to sensitive card information.
How can I do that and still take a card payment over the phone I hear you ask!
Using PayGuard you can ask customers paying over the phone to enter their long card number, expiry date and security code using their telephone keypad (as if they were dialling a phone number). You continue to talk to your customer throughout, so you don’t have to hand-off your customer to an automated service. It’s really quite ingenious.
With PayGuard your compliance with the PCI DSS is a synch, and we’ll help you complete the paperwork. Our technology keeps you, as well as us, secure and compliant, so you can concentrate on doing what you do best.
Here are comments we most often come across:
It’s okay, I don’t record calls, or I stop the call recording when taking card information (pause and resume).
We hear that a lot. And we typically say great! Now you only have the hundreds of other compliance requirements to adhere to, such as scanning everything in scope every quarter (no you can’t do it, you must contract an Approved Scanning Vendor, or ASV, to do it). Unfortunately recording calls is just the tip of the iceberg when it comes to compliance.
I don’t take many card payments, so compliance doesn’t really affect me.
Hmmm nice try! Even if you take one payment a year, you must comply with the PCI DSS.
I’ll get away with not being strictly compliant.
Maybe. Maybe not. Look at it this way:
An insurance. More than 60% of small business who suffer a breach go under in 6 months due to audit fees, penalty fees and losing card facilities. You have insurance against other things that could close your doors like Public Liability and Professional Indemnity even though they aren’t likely, why not pay the small price required to protect you from this possibility?
Also, if you’re not worried about you, what about your responsibility to your customers protecting their sensitive card information?
Phone payments are risky.
Taking card payments over the phone is a great way to secure payment in the moment you have the customer ready to buy, and with new technology like PayGuard you can ensure you are secure and compliant, making your customers happy and allowing you to crack on with the fun stuff.
