PCI Compliance and What to Look for in a Vendor

Did you know that you’re responsible for protecting all your customers’ card data and payment details? Unless you’re able to prove you handle payments and store data in a way that’s PCI DSS compliant (Payment Card Industry Data Security Standard), the payment card companies won’t underwrite any fraudulent losses. That can be an expensive mistake!

Last month, the PCI Security Standards Council (PCI SSC), offered guidance for securing payment card data in cloud environments. More than 100 global organisations, including a range of technology vendors, came together to help businesses identify and address the security challenges for different cloud architecture and models, and understand their PCI DSS responsibilities when implementing these solutions.

So what should you look for when selecting a cloud PCI vendor?

It's not enough just to get their certificate. As the report recommends, companies that have undergone PCI DSS compliance assessment and validation, will be able to provide clients with proof of compliance documentation, such as the Attestation of Compliance (AOC) and appliance sections from the Report on Compliance (ROC), including the date of assessment. They should also be willing to share evidence of system components and services that were excluded from the assessment.

Specific due-diligence processes and goals will vary for each organisation, but typically, it is recommended that you look for the following:

  • A history of sound work practices and ethical behaviour
  • Potential risks with the provider that may impact your business
  • Areas of the service that need to be clarified and included in the service agreement
  • Assurance that the provider is compatible with your business image and risk profile

If you are taking credit card orders, or if your customer service agents are exposed to your customers' credit card information, it’s so important to take a hard look at your contact centre vendor. They really do need to be a PSI DSS tier 1 validated service provider, as that means they have been externally audited rather than self-certified. After all, do you really want to trust your customers’ card details with someone who has marked their own homework?

Keep the Perspectives Coming!
Get our top articles delivered right to your inbox, every other week.

Please correct the fields marked above.

Confirmed!

We're delighted to begin sharing the latest articles from Perspectives---directly in your email inbox. Look for your first installment soon, and thank you for subscribing!

Recommended For You
Find out how Vonage can help your business communicate better.

Tell us about your business.

There was a problem with some of your entries. Please correct the fields marked above.

Thank You.
A specialist will contact you soon.

You can contact us any time by calling 1.877.862.2562 or email sales@vonagebusiness.com.

Get Started
Request a Free Quote

There was a problem with some of your entries. Please correct the fields marked above.

Thank You.
A specialist will contact you soon.

You can contact us any time by calling 1.877.862.2562 or email sales@vonagebusiness.com.

Buy Now