Who are we?

PCI Telecom is a well established, ambitious UK technology specialist focusing on telephony and e-commerce PCI DSS solutions across all markets. We are focused on delivering solutions to merchants who feel restrained by the requirements of PCI DSS.

Our hosted telephony and card processing platform has an accredited Level 1 PCI DSS accreditation with security at the core of everything we do. We have expert knowledge in the field of telecommunications, card processing, PCI DSS and solution mobilisation.

We deliver solutions for SMEs and Public Sector organisations right through to Large Corporates and we pride ourselves on our knowledge and high levels of customer service. We’re here to make the responsibility of PCI DSS compliance a much smaller consideration, making it easier to re-focus on what really matters to your business and your customers.

Frequently Asked Questions

What is PCI DSS and who does it apply to?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements relating to the security and storage environment of any company processing, storing or transmitting debit or credit card information. The standard and the management of it, by the Payment Card Industry Security Standards Council (PCI SSC), were created by the major payment card providers – Visa, MasterCard, American Express, Discover and JCB. No matter how large or small your business, PCI DSS compliance is mandatory and must be applied by any organisation paying money into their merchant account directly using credit or debit card information from a customer or third party. 

What happens if we don’t comply with PCI DSS?

Failure to meet the standard leaves you with potential fines per infringement. Your business could be identified as having suffered a breach of card and customer data or be reported to the PCI SSC by any number of stakeholders. This can lead to an invasive forensic investigation into your business and its compliancy practices.

You will be liable for the full cost of a forensic investigation (often running into thousands of pounds) should you be found to have broken PCI DSS regulations or had an actual data breach.

Although financial penalties could significantly impact your cashflow, the potential reputational damage suffered could be irreversible. Worse still, if the investigation finds a serious breach, your business could be barred from the card acceptance programme altogether.

What are vulnerability scans and do we need them?

If you hold card information post authorisation then your business requires a quarterly scan by a PCI SCC Approved Scanning Vendor. These vulnerability scans are also known as penetration tests. Failure to comply or update systems that have failed a scan/test can result in a forensic investigation. A vulnerability scan is an automated tool that checks your merchant systems for vulnerabilities or weaknesses. These non-intrusive scans are designed to highlight the potential for hackers to intercept or target your organisations systems.

Should we use third party solutions?

To be compliant, your businesses must demonstrate an ongoing level of security awareness showing they understand that losing or siphoning card information is more highly regarded than that of a non-compliant organisation. Hosted solutions provide a way of reducing the number of requirements that are relevant for your businesses PCI DSS processes. The easiest way to achieve this is to pass the responsibility over to a third party provider or solution. This often dramatically reduces overheads assigned to PCI DSS whilst also increasing the level of PCI compliance your business can operate at (for example using a Level One compliant solution).

What is 3D-Secure?

Also known as ‘Verified by Visa’ and ‘MasterCard Secure Code’, the 3D-Secure XML-based protocol authentication is an additional layer of security surrounding online payments on VISA, VISA DEBIT, MASTERCARD, MASTERCARD DEBIT, INTERNATIONAL MAESTRO, UK MAESTRO and VISA ELECTRON. Our 3D-Secure technology is designed to reduce the possibility of fraudulent card use by authenticating the cardholder at the actual time of the transaction. This creates a liability shift from your business (acting as the merchant) to the acquiring bank.

What is an IVR?

Interactive Voice Response services (or IVRs) are hosted solutions designed to manage the interaction between humans and computers over voice and DTMF channels. An IVR allows attended calls to be routed to specific target destinations, retain and store data, calculate and respond to inputted data and provide information to callers without relying on a human at the other end of the call. They are highly efficient in the automated processing of card payments, appointments, real-time information and emergency information as they are often fully integrated directly with databases or computers.

Why is a hosted solution less intrusive?

Many PCI DSS products or solutions require an element of hardware adjustment on-site. This can often involve detailed updates to your PBX, servers, cabling, handsets and more. It can take many hours to complete and when updates or changes are required in the future, another on-site visit is required with some or all of the original interferences re-affected. There are often significant CAPEX costs and OPEX maintenance contracts with poor Service Level Agreements (SLAs) due to the requirement always being to have a person on-site. Depreciation is also a major factor when installing hardware with an obvious end-of-life juncture after a given period. Implementing a hosted solution gives flexibility, provides ongoing improvements in technology, has very little CAPEX, does not require hardware changes on-site, does not require PBX changes and provides very efficient SLAs due to the solution(s) being accessible in a cloud environment at any time.

What is a ‘card not present’ transaction?

A card not present transaction is a payment made where the cardholder does not or cannot physically present the card for a merchant’s visual examination at the time the request is given and potentially processed. These usually apply to mail-order transactions performed by mail, fax, telephone or the internet (online).