Revisit your PCI DSS compliance this European Cyber Security Month

Despite what we see in the shops, October isn’t just about the ghosts and ghouls of Halloween. Perhaps not as exciting for the kids but, for some, a scary topic nonetheless, October also plays host to the annual European Cyber Security Month generating awareness and promoting the importance of information security.

PCI DSS compliance plays a crucial role in cyber security, designed to ensure that card payments taken face-to-face, over-the-phone and online are done so in the most secure environment possible. It applies to any organisation that accepts card payments regardless of size or industry, with varying requirements depending on the number and frequency of transactions and includes implementing and maintaining secure networks, regular monitoring and testing of systems to identify possible weaknesses and developing an effective information security policy.

So, this European Cyber Security Month we thought we’d remind you of our top three reasons your business should be addressing and keeping on top of its PCI DSS compliance.

Earn and maintain customer trust

Today’s consumers have high expectations when it comes to businesses protecting their data; more so as high-profile cases of data breaches hit the headlines. Investing in processes and practices that are up to date and adhere to the latest PCI DSS guidelines demonstrates that you’re on top of data protection and take your card payment security seriously. Gaining trust from your customers will ensure they return to you in future, rewarding you that much sought-after edge over your competitors.

Protect your business from card fraud and hefty fines

PCI DSS isn’t just about protecting the consumer during the transaction process. It also seeks to shield the business from card fraudsters and reduce the risk of your networks falling victim to cyber criminals too.

As well as this, it’s worth noting that should your business suffer a data breach, not having sufficient data protection and IT security in place will undoubtedly result in a substantial fine and, in many ways worse, significant reputational damage to your business.

Be part of the global force against cyber crime

No IT system or network is ever going to be considered 100% secure from cyber criminals as their techniques become progressively sophisticated. Data protection and PCI DSS compliance is designed to stay one step ahead of the hackers, creating barriers to make their target much harder to reach. Every business has a responsibility to take their data security seriously and to invest in adequate processes and by doing so, they play their vital role in combatting cyber crime.


At PCI Telecom, we deliver bespoke card payment solutions that have PCI DSS Level 1 accreditation for payments made over the phone and online. Outsourcing your card payment processing offsite to us de-scopes your business from its PCI compliance obligations so it’s us that do the planning, maintenance, updates and regular checks and not you. Contact us for more information.

How your card payment process can help you handle fluctuations in business

We’ve worked with a broad range of clients including visitor attractions, transport providers and retailers so we know that the summer can present a big challenge for businesses, balancing significantly higher than usual call frequency with employees on summer leave. This can be particularly problematic for smaller businesses with fewer resources, experiencing the peaks and troughs of variances in sales and demand more intensely than their larger counterparts.

Investing in the right card payment processing solution can help to manage these fluctuations in business. Here’s how:

Introduce automated over-the-phone card payments

IVR (Interactive Voice Response) technology enables calls and payments to be dealt with and processed without the involvement of an agent or call handler. The automated call handling system allows customers to select options and move through the payment process independently, entering their card details into a secure transaction environment. For your business, this means that during busy times or when there are fewer staff available, general payments can be directed to the automated process while your attention can move to handling the more detailed enquiries. Most importantly, you keep your customers happy by not putting them on hold for long periods and being able to accept payments at convenient times outside of office hours.

Speed up the payment process

Swift and efficient transactions lead to more satisfied customers but they also improve your business’ productivity by saving time, freeing up staff to focus on other areas of the business. An improved card payment solution which integrates with your other back end systems such as the CRM database and stock monitoring also cuts the number of steps required in the transaction process, in turn improving efficiency and reducing the need for staff involvement.

Adapt to demand by introducing flexible solutions

Opt for card payment solutions that offer flexibility and scalability so that you can handle higher demand during busy periods by adding and removing users as required. This assists with the planning in advance of busy periods to ensure you have the right amount of staff available to manage calls effectively and maintain a positive customer experience.


At PCI Telecom we offer a range of Level 1 accredited PCI DSS compliant card payment solutions that are created to suit the specific needs and requirements of your business. Whether you’re an SME or a larger enterprise, we can provide a solution that works for you and your budget, that fits seamlessly with your existing systems without the need for major infrastructure changes. For more information and to discuss your requirements, get in touch with us here.

More about our PCI DSS compliant card payment solutions:

PCI Agent ™, PCI Agent™ Outbound, PCI Agent™ TFR, PCI Agent™ Advance – whether you’re a one-man-band business, an SME with up to 100 employees or a larger organisation, we have a variety of solutions for card payments made over the phone.

 Auto IVR solutions enable fast, effective payments to be made automatically by callers any time of day without the need to speak to a person or wait in a queue.

Our ONLINE card payment solutions come with EV SSL and 3D-Secure processes as standard so you and your customers can rest easy that personal and payment data is protected throughout the transaction.

 PCI MOBILE™ chip & pin solution means you can take payments from customers in person while out and about and on the move. Fully secure with end-2-end Level 1 accreditation.

External penetration testing: what it means for your business and your PCI compliance.

What better way could there be to test the capability of your business’s security measures than looking at them through the eyes of a cyber criminal? That’s essentially the purpose of external penetration testing, or PEN testing as it’s commonly known.

PEN testing involves an organised, third party attempt at accessing your business’s IT systems and networks, replicating the tactics and practices of hackers to identify weaknesses and flaws that could be taken advantage of. The testing looks at the efficiency of firewalls and assesses the possibility of an intruder entering interior networks and accessing sensitive data such as customers’ personal information and card payment details. The process focuses on areas where the most common weaknesses occur, usually at the point that two systems integrate.

Protect your reputation

With the ever-increasing threat of cyber-attack, data security is at the forefront of many minds. Today’s consumers have high expectations when it comes to the storing and processing of their personal details. They want to know that your business is doing its utmost to provide a secure transaction environment.

Failure to protect customer data can lead to a serious breach in consumer trust and deal a devastating blow to your brand reputation. Staying one step ahead of the hackers by carrying out penetration testing and addressing vulnerabilities in your networks and processes, reduces the risk of falling victim to cyber criminals while maintaining and reassuring customers that their data is being dealt with in the securest of environments.

Penetration testing and PCI DSS

For businesses that process card payment transactions over the phone and online, PEN testing is an essential part of PCI DSS compliance. The regulations require that penetration testing takes place at least on an annual basis or as and when upgrades and modifications are made to IT systems and networks. To comply with PCI DSS, the PEN testing must include the perimeter of the Cardholder Data Environment (CDE), as well as any systems which, if compromised, could impact the security of it.


At PCI Telecom, we undertake regular penetration testing of our card payment solutions and how they integrate with other systems, rectifying any potential areas that could become vulnerable to cyber-attack. Our cloud-based solutions are accredited to a Level 1 PCI DSS standard and are created and developed to meet the exact needs and requirements of each business that we work with.

By outsourcing your card payment processing to us, you descope your transaction environment from PCI compliance obligations altogether so that you can spend more time focusing on what really matters – delivering your core business to your customers. To find out more about what we can do visit our Solutions page. Alternatively, give us a call to talk through your specific requirements.

New SCA requirements and what they mean for your business

There has been a lot of talk recently about the introduction of the new Strong Customer Authentication (SCA) requirements for online card transactions coming into effect this September. So what are they and what do they mean for your business?

What is Strong Customer Authentication (SCA)?

Following a steady increase in cases of payment fraud loss over the last few years, the new EU Payments Services Directive (PSD2), which was launched in January 2018, features a core component to enhance consumer rights and reduce online fraud. Strong Customer Authentication (SCA) is a key element of this, introducing additional security authentications for online transactions.

From 14 September 2019, any purchase made online over €30, will require extra form of customer identification. Also known as ‘two-factor’ or ‘multi-factor’ authentication, this will include at least two of the following:

  • Something they know, for example a PIN or password
  • Something they have such as a smart phone
  • Something they are, using biometric data such as fingerprint or facial recognition

The SCA requirements will apply to transactions where both the purchaser and the merchant are based in the European Economic Area (EEA).

So will SCA still apply after Brexit?

It is expected that the SCA regulations will be enforced regardless of the process or conclusion of the UK leaving the EU.

What SCA means for your business?

As a merchant, implementing and complying with SCA isn’t something that you can address yourself. The responsibility sits with the card issuer to put a mechanism in place for authentication via your payment service provider (PSP).

Currently, any payment that a card issuer deems as risky is usually diverted to the 3D Secure service, sometimes known as Verified by Visa or Mastercard Securecode, as a means of authenticating the customer. The new SCA requires nearly all online transactions (bar a few exemptions) to be diverted to a new improved version of 3D Secure – named 3D Secure v2 (or 3DSv2) – which will be in place from September. This new service will address the new SCA requirements, promising ‘frictionless authentication’ including the use of biometric data and better integration with devices such as smartphones.

Here at PCI Telecom, we know how important it is to ensure your customer journey is as smooth as possible so, to aid the transition, we are upgrading our processing solutions to support 3DSv2 to meet the requirements of SCA for online transactions. You can find out more about our Online card payment processing solutions as well as our over the phone card payment systems by visiting our Solutions page or get in touch to discuss your requirements in more detail.

PCI Telecom | man in shirt on mobile phone

Try keeping it simple. Are seemingly complex systems putting you off addressing your PCI DSS compliance?

One of the most common themes that came up from speaking to business owners, contact centre consultants and managers at this year’s Call & Contact Centre Expo was the need for simplicity. For many, finding a card payment solution that works for their business while at the same time addressing ever-changing PCI DSS compliance obligations, can seem like an impossible task. Research into options uncover many all-singing-all-dancing products which, while they can be appealing, come with a high price tag and an added level of complexity which for many businesses is completely unnecessary.

Here at PCI Telecom, we aim to deliver card payment processing systems that are affordable, effective and reliable. Our focus is to provide solutions that actually work for your business and your customers as well as addressing your PCI compliance so that you don’t have to worry about it anymore. And we strongly believe in keeping things simple. Here’s how.

Simple to install

Because our solutions are cloud-based, they can be created and installed quickly and easily with no need for intrusive bits of equipment nor major disruption to your service delivery. All of our solutions are created from scratch to meet the exact requirements of your business, either as a stand-alone service or integrating with your CRM and database software, so you don’t pay for any extras that you don’t need.

Simple to use

Our PCI Agent attended solutions are super easy to use both for the agent as well as the customer. Take our revolutionary PCI Agent TFR product. At the point of payment, the operator simply clicks on the PCI Telecom icon on their screen and advises the customer that they are being transferred to secure mode. The same call is then re-connected via PCI Telecom and the customer is prompted to enter their card details. At no point does the operator see the card number as they appear encrypted on the screen nor do they hear DTMF tones. It’s as simple as that AND it also means that the operators are removed entirely from PCI DSS compliance scope so you tick that box too.
From the customers’ perspective, they benefit from moving seamlessly to a secure and unique transaction environment, remaining on the line to the agent, entering their own information via their telephone keypad without needing to read aloud personal data or be passed over to an unattended automated IVR. This reassuringly smooth process adds to their overall experience meaning they’re more likely to buy from you again in future.

Simple to update

We know that businesses are changing all the time. Whether it’s steady growth or intense busy periods, you want to know that your processes are able to adjust with demand. That’s why we make sure that our card payment solutions are flexible so that you’re always able to deliver a high quality level of service to your customer. Our services are all accredited to the latest PCI DSS Level 1 standard, keeping your customer data secure and protecting you from the risks associated with a data breach.

To find out more about our PCI Agent attended solutions as well as our unattended solutions such as AUTO IVR and ONLINE, visit our Solutions page. Alternatively, you can get in touch here.

Call & Contact Centre Expo PCI Telecom exhibition stand

What we learnt at last month’s Call & Contact Centre Expo

Last month saw us dipping our toes for the first time into the world of exhibitions, showcasing our products at the Call & Contact Centre Expo at Excel London. It proved to be a very positive experience for us, meeting many potential clients as well as other card payment solution providers, and gave us a great insight into the challenges facing businesses in ensuring their card payment processes are efficient and secure and in line with ever-changing compliance obligations. Here’s a little bit of what we learnt over the two days:

  1. As we’ve suspected for a while, we are filling a gap in the market in delivering PCI compliant card payment solutions targeted specifically towards the needs of SMEs. We know that for many small and medium sized businesses, with fewer resources to hand than their larger corporate counterparts, providing an affordable solution that is efficient at processing payments while integrating with existing systems such as the phone network and accounting software is vital.
  2. Businesses are well aware of the risk of not complying with PCI DSS and are keen to address it. However, we met many that are unsure what is required and feel daunted by the process of achieving compliance, leading to concerns that this confusion could be exploited and result in the investment in software and processes that don’t work for their business. They are keen to work with suppliers that offer bespoke customer service and deliver solutions that meet all of their needs and tick all the boxes when it comes to complying with PCI DSS and broader data protection regulations.
  3. Businesses want a solution that is easy to use and simple to install without the need for expensive pieces of equipment or extensive training required for staff to use it effectively. Simplicity is key.

Can we help your business?

Our PCI compliant card payment processing solutions are:

  • Affordable
  • Simple to install
  • Cloud-based (so no need for the installation of new equipment)
  • Easy to use
  • PCI compliant with Level 1 accreditation

They are created from scratch to suit the needs of your business, integrating seamlessly with other areas of the business and are robust against the threat of cyber attack and the risk of data breach. If you would like to know more about our solutions, be it for payments made over the phone or online, visit our Solutions page or contact us here.

Choosing a card payment solution provider? Here are the questions you need to ask.

This week sees the Call & Contact Centre Expo taking place at London ExCel featuring industry professionals, guest speakers and exhibitors from a range of businesses specialising in customer engagement. If you’re heading along, maybe you’ll be on the lookout for a new card payment processing solution for your business. How do you choose the right one for you? Here are some questions you’ll want to consider asking.

How much will it cost?

Essential for managing your budget is having a clear idea of what you’d like to spend and exploring the options within that bracket. Bear in mind that an expensive, all-singing all-dancing, off-the-shelf software solution might sound great on paper but is it really the best fit for your business? Does it integrate with your existing systems or will you be spending money on functions that you don’t need?

Be sure to check, in addition to the initial setup costs, what the ongoing charges will be, for example transaction costs and user licence fees, to avoid any nasty bill surprises further down the line.

What equipment is needed?

There are many different options when it comes to call handling and card processing. Finding the one that works for you will include assessing the equipment required. Will you need new infrastructure to be installed or is it hosted off-site? Does the provider support the setup of the system and the ongoing maintenance?

What support is provided?

A problem occurring in your payment system can cause significant disruption to your business as well as your customers. You need to know that if a glitch occurs, you have the support you need to rectify the problem and get you back up and running as soon as possible.

How flexible is the system?

Whether it’s due to an increase in transactions, a broader stock range or more users during busy periods, you want to know that the system you’re investing in can be adapted as your business grows and morphs over time and avoid the need to reinvest again in new software sooner than you expect.

A solution that can integrate with other areas of the business, such as accounting and the customer database, will improve efficiency with great benefit to business performance.

Does it comply with PCI DSS?

Any business that takes card payments, be it in person, over the phone or online, is obliged to comply with a list of requirements set out by the card schemes, known as PCI DSS. The requirements aim to protect customers by creating a secure environment for processing transactions as well as preventing the business from falling victim to credit card fraudsters. A solution that offers full compliance to these guidelines is a must.

While some solutions may partially address the PCI DSS principles, others, like those we provide here at PCI Telecom, entirely descope your business from its compliance obligations by managing the payment process as a separately entity. Our solutions are hosted on our cloud platform with Level 1 PCI DSS accreditation creating a secure link to any merchant account and protecting your customer data. There is no need to invest in expensive infrastructure to be installed on-site nor do you need to change your current telephone number(s) or network. And our solutions are flexible to integrate with other areas of your business, such as the CRM or database driven software, so your customers experience a seamless card payment process.

We create all our card payment systems entirely from scratch to fully suit the needs of your business, whether you’re an SME or a larger organisation. Our systems are robust and reliable so you can process transactions smoothly and efficiently, boosting your productivity and providing a positive experience for your customer. We make sure that our solutions are affordable and we’re clear from the start about the all the costs so you can budget effectively.

You can read more about our Solutions for taking payments over the phone and online here. Alternatively, come and see us at Call & Contact Centre Expo this week, stand no. 876. We look forward to meeting you there.

Secure your card payment processes during Brexit uncertainty

Three reasons why you should secure your card payment processes during Brexit uncertainty

There’s no doubt that the UK is currently in uncharted territory when it comes to exiting the EU. Brexit uncertainty is causing concern for businesses of all shapes and sizes across the country, creating challenges with planning, budgeting, resourcing and adding pressure to day to day trading.

In these uncertain times, there’s a chance that focus shifts away from usual priorities, with functions such as IT provision and security moving lower in the importance list. But it’s essential not to take your eye off the ball when it comes to data protection and PCI DSS compliance. In fact, in many ways, now is the time to consider stepping up and investing in your data security and card payment processes. Here are our three reasons why:

1. Increase your competitive advantage to future-proof your business

We’ve all heard the projections of economic downturn should the UK leave the EU without an adequate deal in place. None of us can predict the future but if the economy and trade is affected then the challenge for businesses will be to gain an advantage over their competitors.

We know that for today’s consumers, the safeguarding of their personal data holds significant value when choosing a business to buy from. Customers want to know that their data is stored and payments processed in a secure environment. A study in 2018 showed this to be the case with 86% of UK consumers confirming that, during the transaction process, they would rather the focus be on security rather than convenience compared to only 59% of business executives placing security ahead of convenience*. Investing in an efficient and secure card payment processing solution will reassure your customers that you take data security seriously which could be the key selling point you need to get ahead of rival businesses should times get tough.

2. Protect from the increased risk of a cyber attack

Uncertainty and security tend not to go hand in hand. While businesses may be distracted and navigating their way through different and challenging trading conditions, cyber criminals will be continuing to develop new ways to hack into systems, potentially preying on those with weaker security in place. There has been a significant increase in the number of smaller businesses falling victim to cyber security attacks over recent years largely due to the perception of them been easier targets with less stringent security barriers in place.

Suffering a data breach can deal a devastating blow to a business. According to the NCSA, 60% of small and medium size businesses that have been breached close within six months**. The aim of PCI DSS is to enforce controls on the storage, transmission and processing of cardholder data. Making sure your card payment process complies with the objectives set out within PCI DSS will help to protect your business and your customers.

3. Protect your budget and save money

We know that for smaller businesses, managing cashflow can be tricky at the best of times. That is why we have created a range of PCI compliant card processing solutions for payments over the phone and online that are effective and affordable, with a clear outline of the costs from the outset. Our bespoke solutions are created to suit your exact requirements so you’ll only ever pay for the things you actually need. All our card payment processing systems are cloud-based so it won’t be necessary to invest in expensive pieces of equipment to be installed on-site and this also means that the set up can be easily modified by us should your business change, for example tweaking the payment process or amending the number of users. Our Auto IVR and online solutions mean that caller payments can happen out of hours or without the need for an agent to be on the line so you can handle more transactions and save money on staff resourcing.

Crucially, the systems are all compliant with PCI DSS to a Level 1 standard which means that you’re less likely to suffer a breach of data should you be targeted by hackers and in turn, avoiding the risk of being in receipt of a hefty non-compliance fine.


While none of us can predict what is going to happen in the next few weeks and months with Brexit, what we can do is put in place the tools we need to safeguard our businesses, to help them retain and grow customer bases and protect from the increasing threat of cyber crime. If you would like to know more about our PCI DSS compliant card payment solutions, visit our Solutions page or get in touch to discuss your needs.

And don’t forget, we’re at the Call & Contact Centre Expo next month on 27/28 March at Excel London showcasing our range of PCI compliant card payment solutions for over-the-phone and online transactions. Come see us there on Stand no. 876.


* ‘Global state of digital trust survey and index 2018’, Forbes & Sullivan, commissioned by CA Technologies

** NCSA via PCI Security Standards Council blog ‘Resource for Small Merchants: Common Payment Systems’, February 2019


Why you need to visit us at the 2019 Call & Contact Centre Expo

There are two months to go until the 2019 Call & Contact Centre Expo on 27-28 March at Excel London at which we’ll be one of around 1,000 exhibitors showcasing the latest in customer engagement technologies, from communications platforms and telephony services to, of course, card payment processing systems.

With that many stands to get around, prioritising which ones to visit is a must. If what you’re looking for is PCI DSS compliant card payment solutions for over-the-phone and online transactions then we recommend you pay us a visit. We’ve seen from the many data security breaches appearing in recent headlines that having robust systems in place is essential and there are many card payment service providers out there vying for your business, promising to deliver solutions to make your payment process more secure. But how can you be sure to choose the right one for you? Here are a few things to consider, how we differ from the rest and why we might be the provider you’re looking for.

The value of extensive experience

Many see the benefit of working with a larger provider as being the safer, more reliable option. But that isn’t always the case with many delivering ‘off-the-shelf’ solutions that don’t meet the needs of your business and impersonal customer service. While we might be smaller, we have expert knowledge in the field of telecommunications, card processing, PCI DSS and back office services with over 75 years of combined experience. We’ve worked with all sorts of businesses including public transport providers, retailers and tourist attractions. Each system is built from scratch to suit the needs of the business and we use our knowledge to advise on functions and features that might or might not be required. And we don’t just focus on being PCI DSS compliant – we want to create a system that supports the growth of your business and improves your efficiency too.

As a small team, we each have experience of every aspect of the project, from assessing the needs of the client through to developing and launching the product. We pride ourselves on our customer service and get to know the exact needs of your business and tailor our support specifically to you.

Providing solutions at the right price for your budget

We know that managing cashflow and staying within budget is important for smaller enterprises. We want to provide a service to fellow small and medium sized businesses that functions effectively, is tailored to your needs and that ticks all the boxes for PCI compliance but doesn’t break the bank. As a small business ourselves, our overheads are low which helps us to keep our prices low too. All our costs are clear from the start so you won’t get any nasty surprise charges further down the line.

Solutions that are cloud-based and flexible

All of our solutions are cloud-based so there are no bits of bulky equipment or intrusive hardware needed on-site. This also means that we can make tweaks and adjustments as and when you need them, whether it’s increasing the number of agents and users or integrating with a new back end system. Changes are made by us remotely so you won’t need to hang around for an engineer to appear.

PCI DSS compliant to the highest standard

We are accredited to a Level 1 PCI DSS compliance standard which means that all our solutions are protected to the same high security standard as that required by large scale organisations, regardless of your size. Implementing one of our cloud-based card payment processing solutions removes much of the compliance obligation from you onto us, descoping your business and freeing up your time to spend on other core areas of the business.

Make a note in your diary to come and see us at Excel London for the 2019 Call & Contact Centre Expo on 27/28 March. We’ll be on Stand 876 waiting to meet you. On display will be our recently launched PCI Agent TFR solution – which enables you to take payments over the phone, encrypting card data entered via the keypad while the call-handler remains on the line so you can maintain a high level of customer service while descoping your business of its PCI DSS obligations. Find out more about our Solutions here or book your ticket to the Expo here.

card payment over the phone

New PCI SSC guidelines for taking card payments over the phone

A revised supplementary guidance document entitled ‘Protecting Telephone-Based Payment Card Data’* was issued in November by PCI SSC (Payment Card Industry Security Standards Council), providing additional advice for businesses on taking payments over the telephone, reducing the risk of fraudulent activity and ensuring that cardholder data is kept secure during every transaction.

The document, that is aimed at businesses of all shapes and sizes, clearly sets out areas and processes that are in scope for PCI DSS and offers practical guidance to address the twelve principles that are fundamental for compliance. It also includes options for where external systems can be implemented that descope the business of certain compliance responsibilities and provide the most secure transaction environment for the customer.

Two of our most popular products fit in to exactly the advice being provided:

PCI Agent: our attended solution

PCI Agent is our ‘attended’ telephony-based solution through which the agent remains on the line at all times with the caller, for those businesses who see value in providing one-to-one customer service throughout the transaction. The system relies on the customer entering their card data via their telephone keypad using DTMF suppression to mask the tones as they are entered and showing only asterisks on the agent’s screen. No data is captured or stored by the business’s network. Instead, the transaction is processed in direct and instant interfacing with the issuing bank.

Because the agent doesn’t see or hear the cardholder data nor the DTMF tones that could identify the details, the system removes entirely the human error risk that so many other processes still feature, therefore fully descoping this area of the business from PCI DSS compliance obligations.

As stated in the supplementary guidance document, ‘A properly designed and deployed DTMF-masking solution can take not only the telephony environment, but also the agent environment and CRM system out of scope. Entities should avoid solutions that leave agent environments in scope unless there is an unavoidable business requirement to do so.’

AUTO IVR: our un-attended solution

Unlike PCI Agent, our Auto IVR solution enables businesses to take over-the-phone payments using an automated call-handling system without the need for an agent to be involved in the transaction. The system takes the customer through the payment process, prompting them to enter their details via their telephone keypad which remain entirely encrypted and hidden from employees at the business. In addition to providing a secure environment for customers, the business saves on the need to employ as many agents and can continue to take payments out of hours.

The guidance document states, ‘When properly implemented, an unattended transaction solution could reduce applicability of PCI DSS requirements to the agent and agent desktop environment.’


All of our solutions are created specially to suit the needs of your business, integrating with your existing telephony and IT systems. They are simple to set up, easy to use and flexible so that changes can be made as the business grows and develops. Best of all, we don’t charge the earth and our costs are clear from the beginning so there’ll be no hidden surprises once you’re up and running.

Want to know more? Get in touch with us here or visit our Solutions page for more information. Alternatively, come and see us at next year’s Call & Contact Centre Expo 2019 (stand no. 876), 27-28 March at Excel London.

*Read the full version of the PCI SSC report ‘Protecting telephone-based card payment data’ November 2018 here.

Is it time to start accepting American Express?

Are you excluding customers because of their preferred payment method? Is it time to start accepting American Express?

Many of us know that using American Express as a method of payment at businesses across the UK and the world has been notoriously hit and miss in the past. Put off by high transaction fees, many merchants chose to reject payments via Amex, opting to limit payments to the more preferred card schemes of Visa and Mastercard.

According to statistics from The Nilson Report (July 2018)*, American Express was used in 4% of purchases made in Europe last year compared to 62% by Visa and 34% by Mastercard. But this is changing. As of March, American Express reduced their transaction fees, bringing them more in line with their competing credit card companies with a knock-on effect of many brands now accepting Amex and in turn leading to many consumers opting to use it as their principle method of payment. So is it time for you to start accepting American Express too?

For today’s consumers, having their preferred payment card refused at the point of sale is frustrating and will ultimately push them to spend at a competing business. Being able to offer a wide variety of payment methods is therefore an obvious win for businesses to attract more customers. But, especially for smaller businesses, this isn’t always easy to set up or maintain.

That’s why, we made sure that our credit card payment solutions have the functionality to process all the major card brands, including American Express, so that you can offer accessibility and flexibility to all potential customers. We offer full integration with all the major UK banks; Sage Pay, Worldpay, JCB and Discover cards (which include Diners Club International). Our systems work with multiple currencies with specialism in Sterling (£), Euro (є) and US Dollar ($).

Our card payment solutions are created specifically to suit the needs of your business, offering a seamless, secure payment experience whether the transaction is made over the phone or online. The systems are easy to set up, simple to use and affordable for businesses on a budget. They’re also PCI compliant with Level 1 accreditation so that you descope from your PCI DSS obligations freeing up more time for you to focus on delivering your core business.

Don’t let lesser-used methods of payment be a sticking point for your business. Visit our Solutions page for more information or contact us to talk through your needs.

And don’t forget, you can see us next year on stand no. 876 at the Call & Contact Centre Expo, 27-28 March at Excel London. Come along to meet the team, find out more about us and see our card payment solutions in action.


The Nilson Report, July 2018 ‘Europe Market Shares of Purchase Volume 2017’

card payment Black Friday

Are you ready for shopping season? How improving your card payment process can boost your business this Black Friday, Cyber Monday and in the lead up to Christmas.

The shopping season will very soon be upon us when shoppers go crazy for a bargain on Black Friday and hunt frantically for the perfect gifts for Christmas. How a business handles this increase in trade can take some planning, ensuring your systems are ready for the rise in demand to keep the business going and customers happy.  While the focus is often on marketing and tweaking the product offering, many forget to think about the purchasing process be it online or over the phone, leading to bad customer experiences and overloaded workforce.

There’s a simple way to avoid this. Investing in a card payment transaction system that works for your business will support you through the busy times and beyond. Here’s how:

Speed up the payment process

No customer wants to sit on hold. And no business should be happy about it either – a frustrated customer is less likely to spend money with you and much more likely to go to your competitor. Moving to a payment system that is faster and more efficient means you’ll be able to process more calls and transactions in less time – a win win all round.

Choosing to install a cloud-based solution, like those in our PCI Agent suite, offers flexibility and scalability to handle higher demand during busy periods by enabling you to add and remove users as required and ensuring you have the right amount of staff available to manage calls effectively. Add to that our Auto IFR solution enabling purchases and payments out of hours, without the need for a call handler, and you have yourself an all-round solution that delivers a positive purchasing experience for the customer, meaning they’ll be more inclined to return in future.

Integrate with back end systems

Investing in a system that works with other back end processes such as CRM database and stock monitoring means that you can deliver the best possible service to customers and while supporting other business functions. At PCI Telecom, our card transaction solutions support payments made over the phone as well as online and integrate seamlessly with other business functions. This includes monitoring and analysing traffic so that you can plan for the busy periods.

Protect customer payment card data

Many small businesses make the mistake of thinking that they are under the radar when it comes to cyber attack and too small to be of interest to hackers. Actually, small businesses are just as vulnerable to attack and perceived to be easier targets, especially at this time of year. Making sure you’re up to speed with the latest PCI compliance recommendations relevant to the size of your business is a must. Alternatively, descoping your business from its PCI DSS compliance obligations by outsourcing your card payment system to an external provider, such as us, means you’ll free up more time to focus on managing your core business of delivering products and services to your customer. Our PCI compliant card payment solutions feature end to end encryption so at no point is your client card data accessible to staff and transactions are carried out directly between our cloud-based system and the issuing bank avoiding the risk of data breach.


We know from working with clients that the one size fits all approach to creating card payment processing systems doesn’t always work for smaller businesses who feel the peaks and troughs of variances in sales more intensely than their larger counterparts. That’s why we have created a suite of solutions that can be adjusted to suit the needs of businesses of any shape and size. Our solutions are cloud-based, affordable, flexible and meet all the criteria for complying with PCI DSS guidelines. To find out more, visit our solutions page or to talk through your requirements, get in touch here.

card payment convenience

For today’s consumer, card payment convenience is key

Did you know that there are still three million businesses in the UK that don’t accept payment by credit card? A risky decision when the recent study also showed that one in six British shoppers now choose only to pay by card*. While making it easier for your customers to pay is an obvious way to secure sales and maintain your place in the market, it is clear that there are still many businesses for whom there is a barrier to allowing card payments in store.

Keeping a competitive edge isn’t just about IF you take payments by card, it also matters HOW. Today’s consumers are time poor; they want convenience and hassle-free transactions wherever possible, be it paying for items in person as well as over the phone and online. Guaranteeing an easy and pleasant buying experience is likely to ensure that customers return in future and refer you to their friends. Phone transactions in particular are considered to be the most profitable if achieved quickly and easily as customers have less time to ponder their purchase.

To many small businesses, the process of setting up a card payment process can seem daunting and complicated with many compliance hoops to jump through. As the recent data breach at British Airways shows, even the biggest of companies can fall victim to a cyber attack so it is unsurprising that many smaller businesses are overwhelmed by the prospect of taking customer card details and processing them securely.

In reality, the process of securing card payments doesn’t have to be complicated at all. Here at PCI Telecom we have created card payment processing solutions for payments made over the phone and online that are simple to set up, easy to use and affordable for SMEs. For small businesses, we know that an off-the-shelf card payment product from one of the larger suppliers won’t always do what you want it to do so we tailor each system we create to suit the exact needs of your business, whether it’s integration with existing back-end systems or being flexible with the number of users. Plus, because we’re a small business too, we can provide the personalised technical support as and when you require it.

If it’s the data protection and compliance obligations that you’re concerned by, rest assured that our solutions are all compliant with the latest PCI DSS guidelines, set out by the major credit card brands to ensure that card transactions are processed safely and securely. And because our solutions are all cloud-based, should there be any updates, we deal with them remotely.

More about our PCI DSS compliant card payment solutions:

PCI Agent ™, PCI Agent™ Outbound, PCI Agent™ TFR, PCI Agent™ Advance – whether you’re a one-man-band business, an SME of up to 100 employees or a larger organisation, we have a variety of solutions for card payments made over the phone.

 Auto IVR solutions enable fast, effective payments to be made automatically by callers any time of day without the need to speak to a person or wait in a queue.

Our ONLINE card payment solutions come with EV SSL and 3D-Secure processes as standard so you and your customers can rest easy that personal and payment data is protected throughout the transaction.

 PCI MOBILE™ chip & pin solution means you can take payments from customers in person while out and about and on the move. Fully secure with end-2-end Level 1 accreditation.

For more information about these or if you have any other queries, please do get in touch.


Is human error putting your small business at risk?

Is human error putting your small business at risk?

According to the Information Commissioner’s Office (ICO), reported data security incidents rose significantly in the final quarter, Jan-Mar, of the 2017/18 financial year, up 17% from the previous quarter with the five most common causes put down to human error. While some of this increase could be related to greater consumer awareness of data protection in the lead up to the launch of GDPR legislation, it highlights the need for businesses to be aware of the risks associated with human error when it comes to protecting their customers’ data.

While we like to think that our staff are always alert and have the business’s best interests at heart, that might not always be the case. It only takes one careless mistake or a disgruntled employee to cause a significant amount of chaos and could cost you not only a vast amount of money to sort and pay the potential fines for breaking data protection laws but even worse, cause irreparable damage to your business brand.

So what steps can businesses take to protect themselves from human error leading to a data breach? We know that businesses find PCI DSS compliance a headache and it can be particularly challenging for small businesses, limited by budget and resources. However, believe it or not, it isn’t just about ticking boxes. Going through the process of becoming PCI DSS compliant and maintaining that compliance will help to protect your business too by ensuring that you employ robust systems and that reliable processes and procedures are in place to deal with a breach should one occur. These include:

  • Creating and implementing a clear policy with regard to the handling of customer data that is adhered to by everyone from board level through to customer-facing staff. This should be communicated during the induction period and in a staff handbook with regular updates when necessary.
  • Relevant and consistent training carried out regularly for new and existing staff so that all are aware of their responsibilities when it comes to protecting customer data, what they should look out for and how to deal with suspicious activity.
  • An organisation-wide knowledge and understanding of data protection and PCI DSS compliance and the possible consequences if rules are broken and a breach of data occurs.

While loss of customers’ personal information is a problem, a breach of their card payment details is serious. You can remove a significant level of risk by implementing a secure card payment processing system to avoid potential mishaps with customer card details. Here at PCI Telecom, we create card payment processing solutions that are PCI DSS compliant with Level 1 accreditation. That means, as a small business, you can get a card processing solution with PCI compliance at a level equivalent to that required by your larger corporate counterparts. For payments made over the phone using our PCI Agent solution, card details are kept hidden from the call handler, encrypting them on entry by the customer via their phone keypad even though they remain on the line at all times – no need to be transferred to an external service and entirely secure. The system is cloud-based so there’s no requirement for equipment being installed on-site, keeping initial capital outlay very low. This, along with low set up costs and ongoing transaction charges makes our card processing system the perfect solution for small and medium sized business budgets.

Visit our Solutions page to find out more or get in touch today.

To read the latest statistics on reported data security incidents visit the ICO website.

Cost effective PCI DSS solutions for small businesses

The hidden costs of running a small business. Don’t let card payment processing be one of them

There’s always more to setting up a small business than you think. Whether it’s unexpected legal fees, higher-than-you-thought tax obligations or data security and compliance costs that you didn’t know existed, at a time when you’re trying to get a business off the ground and cash flow is low and irregular, you could do without the surprises.

So what can you do to avoid these hidden costs? Well, for starters, finding services that are targeted at small businesses will help and this includes card payment processing and PCI DSS compliance provision.

We know from what our clients have told us, that finding a supplier of card processing solutions that suit a small business can be challenging. Many of the larger providers are interested only in dealing with larger companies with 100+ operators or with a contact centre. They offer very little in the way of a bespoke system, supplying only off-the-shelf products at corporate prices with often high licensing and transaction costs.

What is the alternative?

Here at PCI Telecom, we have created a card processing system that is low in price and can be adapted to suit the needs of your business, whatever its size and type. Our PCI Agent TFR solution is a revolutionary product for SME’s with up to 100 operators with benefits including a really simple set-up and the ability to keep your existing phone numbers.  It is cloud-based so no need for the installation of intrusive equipment on-site and callers are able to input their card details into a safe, secure and PCI compliant environment without the need to be cut off or transferred into a different system.

And unlike our competitors, it won’t cost you the earth and you’ll know all the charges right up front so no nasty unwanted surprises hiding round the corner. Here’s a breakdown of the costs involved:

  • A one-off set up price – we’ll create a card payment processing system that does EXACTLY what YOU want it to including integrating with other areas of your business, such as stock monitoring and accounts. And it’s easily adaptable whenever you need to make changes.
  • Monthly rental cost – a pre-agreed ongoing cost for us to host the system on our cloud. Again, this can be flexible and amended to an annual cost if it suits you better.
  • Operator licenses – this can be as many or as few as you wish and can be adapted as your business increases in size.
  • The price per transaction – again, there is no minimum or maximum number of transactions. You just pay a small charge each time the system processes a payment.

And that’s it. All completely up front and adaptable to suit your needs and much more reasonably priced than similar products on the market that don’t offer the same flexibility.

Sounds interesting? Why not give us a call today to find out more. We’ll be able to give you an immediate quote based on what you tell us.

We’ll be showcasing our PCI Agent TFR system, along with all our other PCI DSS solutions, at next year’s Call & Contact Centre Expo, 27 – 28 March 2019 at Excel London. Find out more and book tickets here.

Over-the-phone card payments SMEs

PCI Telecom launches new over-the-phone card payment solution especially for SMEs

Being put on hold or being passed between different departments are some of the biggest bugbears for 21st century consumers. But for businesses, especially SMEs, managing incoming calls and taking card payments over the phone creates all sorts of challenges and risks. ‘Card not present’ (or CNP) payments involve a much higher chance of fraud compared to in-store transactions so getting the right system in place is crucial when it comes to maintaining data security and PCI DSS compliance while at the same time keeping the customer happy.

Which is why we’re so excited to launch our brand new, revolutionary PCI Agent TFR solution. Gone are the days of expensive and arduous over-the-phone card transactions. Created especially for SMEs, PCI Agent TFR paves the way for businesses to introduce a PCI DSS compliant, live operator, card payment solution that works for both the company and the customer without costing the earth.

How does it work?

Designed for businesses with up to 100 operators with individual DDIs (Direct Dial In numbers), the PCI Agent TFR solution enables customers to input their card details via their telephone keypad into a secure system while remaining on the line to the live operator, with no need to interrupt the call or be transferred to a third party contact centre. The process is quick and easy and entirely secure.

Watch our short video on how the system works from the operator’s perspective here.

What are the benefits for SMEs?

Entirely hosted off site

The system is hosted by us so doesn’t require any intrusive bits of equipment to be installed on site. This makes it easy to maintain and tweak as and when required and there’s no need to arrange for engineers to visit when you want to make changes.

Cost effective

We know that for small businesses, keeping costs to a minimum is important. No expensive bits of equipment mean set up charges remain low. There are no additional call charges or costs for modifications such as call recording and we also maintain low monthly agent license and ‘secure mode’ transaction charges.

PCI DSS compliant to Level 1 standard

The card payment process is totally secure and adheres to PCI DSS compliance regulations at a Level 1 standard. The operator hears no DTMF tones when card details are being inputted and card numbers don’t appear on the screen, keeping the data entirely hidden and encrypted on a cloud based server.

Smooth interaction with the customer

Customers stay in control, inputting their own card details so there’s no need for them to read sensitive information out loud, reducing the risk of their details being syphoned. Data security means a lot to today’s customer so enabling them to pay in a safe and secure environment can give you that competitive edge over your competitors.

Flexible to fit in with the needs of your business

We’re a small business too so we understand that sometimes an ‘off-the-shelf’ solution doesn’t always tick all the boxes. We can create a card payment solution that fits in with all your business’s needs while at the same time still maintaining that PCI DSS Level 1 accredited standard. You get to keep your existing telephone numbers and the system can be tweaked to add new features – such as call recording – at any time.

This new solution sits amongst our other three PCI Agent solutions, designed to cover the needs of all types of business – PCI Agent, PCI Agent Outbound and PCI Agent Advance. Find out more about these along with our other PCI DSS card payment solutions here.

IVR Payments

IVR Payments: are the benefits passing you by?

If you haven’t considered installing an IVR payments system before then now might be the time.

As a business owner or manager, you’ll often be faced with the challenging task of sourcing ways to increase productivity and cut costs while maintaining the same high standard of service for your customers. If you haven’t done so already, then introducing an IVR Payments system could be an easy way to achieve all of those things in one go.

IVR (or Interactive Voice Response) is a technology that enables interaction between humans and computers using voice prompts and/or DTMF tones input via a telephone keypad. For businesses it enables customers to communicate as well as purchase goods and services over the telephone without the need to speak to a live agent. Here at PCI Telecom, we think the list of benefits of installing an IVR payment system is almost endless but here are our highlights:

IVR Payments save your business time…

Our IVR Payment solution, AUTO IVR, is entirely customisable which means that our clients can use a variety of building blocks to create a system that works exactly how they want it to. One of the biggest benefits of IVR Payments is the capacity to integrate with your existing database systems, removing the need to spend hours inputting sales and customer data separately.

And because the system is entirely configured to suit the requirements of your business, you can create bespoke integrations with other business functions, for example online ticket allocation software liaising with box office sales.

…in turn saving you money

Introducing an efficient automated system means you don’t need to pay as many staff hours to do the same job, be it answering enquiries or inputting sales data to generate reports. So you get to invest your profits into improving and developing other areas of the business and promoting your products and services.

It makes it easier for your customers to engage with you

Consumers today lead busy lives. They’re often time-poor and eager to find ways to simplify hectic schedules. Making your business as engaging and accessible as possible is therefore a must. With IVR Payments, customers can communicate with your business using one standard telephone number and purchase products out of hours or be diverted to an automated service during busy periods so they can always achieve their purpose for getting in touch. They’ll be less likely to go to alternative suppliers giving you that increasingly important competitive edge.

And it’s not just about always being available. Integrating IVR Payments with behind-the-scenes CRM systems means that you can create a bespoke service to existing customers, with menus tailored to their needs based on previous purchases or using stored data to complete orders without the need for them to re-enter information each time.

IVR Payments strengthen your PCI DSS compliance

Because there is no human element involved in the interaction with the customer when using IVR Payments, you remove many of the risks and stresses associated with ensuring that members of staff are upholding compliance requirements. PCI Telecom’s AUTO IVR Payment solution is entirely compliant with PCI DSS guidelines, accredited to a Level 1 standard. Our hosted, cloud-based AUTO IVR captures, processes and stores payment information with full encryption meaning that no human error will lead to a breach.

So what are you waiting for? What could be better than a system that makes your business more efficient AND saves you money at the same time?

For more detail on how the AUTO IVR Payment system works including ideas on the different ways that it can be used, view our IVR Payments with AUTO IVR brochure here or get in touch for more information.

PCI DSS back to basics

Is going back to basics the best way to tackle PCI DSS and GDPR?

With PCI DSS 3.2 now in place plus the forthcoming introduction of GDPR legislation next month, businesses are finding their focus is being forced to shift ever more towards the security of customer data.  For many businesses, the road to compliance can appear daunting and costly. So what is the best way to tackle these changes in data security expectations? Is adding to what you’ve already got enough or are you better off going back to basics and starting from scratch?

What are the PCI DSS requirements for my business?

Any business that accepts card payments, be it in person, over the phone or online, is required to meet PCI DSS guidelines at a level that is relevant to their business, based on the volume of card payments that are processed annually.  The relevant level and, for those for whom self -assessment applies, the correct Self- Assessment Questionnaire (SAQ), should be the starting point for you to address what is required for your PCI DSS compliance and help you to define the changes that need to be made to your card payment system and processes.

How robust is your existing system?

If you’re failing to meet the criteria for compliance then stripping your system and heading back to basics could be the most effective means of addressing the issue of protecting your customer data and card payments from a data breach. If you’re currently missing the mark when it comes to PCI compliance then chances are you’re probably not meeting required general data protection procedures either. Luckily going through the process of becoming PCI compliant will take you closer to achieving GDPR obligations too.

It’s a good idea to regularly undertake vulnerability scans and penetration testing of your computers, systems and networks to highlight weaknesses that hackers could potentially exploit. If your system has been kept up to date then introducing increased security measures such as multifactor authentication (a new requirement for PCI DSS v3.2) and end-to-end encryption shouldn’t be an issue.

See PCI DSS compliance and GDPR as an opportunity rather than a burden

The introduction of new regulations gives businesses the chance to re-evaluate existing systems and procedures not just to comply with revised guidelines but to look at the payment process as a whole. How do you currently accept payments and what data do you store, process and transmit? Is there a different approach that could be more efficient AND provide a better experience for your customers?

There is no doubt that data security guidelines are here to stay and will develop further in future so bringing your system in line with this new legislation now will make it easier for you to adapt. And as new requirements stipulate that you show evidence of continuous compliance then you need to find a permanent solution, rather than one that simply gets you through PCI DSS assessment. Whatever your approach, to sit back and do nothing is most definitely a no-no. Quite rightly, it is expected that your business takes the issue of protecting customer data seriously, making it a daily priority and not a checklist to achieve compliance.

At PCI Telecom, we create bespoke card processing systems for over-the-phone and online payments that are accredited to a PCI DSS Level 1 standard. Our systems can be installed from scratch or designed to interface with your existing database and accounting functions. Find out more about our Solutions here.

planning PCI DSS

Time to stop cramming, time to start planning: could better organisation help you tackle your PCI DSS compliance?

The new PCI DSS version 3.2 arrived in February, changing the way that compliance is assessed with one crucial new addition –  businesses are now required to provide evidence of continuous compliance all year round.

We know from experience that many businesses have in the past taken a denial and panic approach to PCI DSS, leaving compliance to the very last minute and implementing temporary fixes purely for the sake of annual assessment. But these days are over. With this change to PCI DSS assessment and the introduction of GDPR in May, businesses are being forced to prioritise the security of their customer data and put greater emphasis on the need for policies and procedures on an ongoing basis. So is better planning and organisation the key to tackling your PCI DSS compliance? We think so and here is how.

Get to know the specific PCI DSS requirements for your business

The required standards for PCI DSS vary depending on your business’s volume of transactions and how it handles data. Getting to know what is required for the compliance level that is appropriate to your business will enable you to develop and implement a system for how to capture the right information accordingly and stop you from wasting time implementing measures that aren’t relevant.

Do you qualify for self-assessment? If so, take a look at the relevant self-assessment questionnaire (SAQ) – there are nine varieties so you’ll need to research which one applies to you – and work out what you need to complete it so that you can introduce systems now, well in advance of the deadline. You can find out more about self-assessment on the PCI Security Standards Council website.

Allot sufficient time and budget for PCI DSS

PCI DSS compliance can be time consuming especially when you’re starting from scratch to get procedures off the ground. But that isn’t a reason to put it off. For businesses to achieve compliance, they need to get into the habit of allocating adequate time to spend on making sure that they are adhering to the guidelines consistently and not just for the purpose of assessment.

Create a schedule of regular PCI DSS check ups to ensure that procedures are being adhered to and stick to it. For example this could include frequent spot checks for clean desks, system firewall updates and checking that new employees are being informed of your data protection policies so they know what to do if they spot system failures or suspicious activity.

Don’t waste time worrying about the fall-out of not being PCI DSS compliant. Channel those efforts into more effective planning for achieving compliance and make sure you have finances available to invest in introducing new systems to help you with the process. In the long run, you’ll have more time to focus on your core business, delivering a great service to your customers.

There are ways that you can make it easier. At PCI Telecom, we deliver bespoke card payment solutions that have PCI DSS Level 1 accreditation for payments made over the phone and online. Outsourcing your card payment processing offsite to us de-scopes your business from its PCI compliance obligations so it’s us that do the planning and regular checks and not you. Contact us for more information.

PCI DSS responsibility

Who has responsibility for your business’s PCI DSS compliance?

The new EU General Data Protection Regulation (GDPR) sets out that every company should have a designated individual overseeing data protection – not in terms of deciding what data to store, but ensuring that procedures and policies are in place and knowing what to do should a breach occur. And the same goes for PCI DSS.

But that doesn’t mean that ensuring a company’s compliance is down to one person or department alone. In every organisation, there is always the temptation to ‘pass the buck’ on something that isn’t necessarily the specialisation of the team but actually, in order for the procedures to be effective, everyone in the business needs to contribute. Here are just a few examples of the roles that different teams will play.


So often, the obvious choice is to place all responsibility for PCI DSS onto the team that runs and manages the IT network. They play an important role in putting firewalls in place that are robust and up to date as well as ensuring that customer data is being processed in a secure environment and that no cracks appear in the integration between the various systems and databases. The hackers are consistently developing new clever ways to infiltrate systems so IT teams have to evolve with new technologies to keep a data breach at bay. But to do this they need the support of…

Business owners/ senior management

It’s often tempting for business owners and directors to bury their heads in the sand and have an ‘it’ll never happen to us’ attitude when it comes to data protection and cyber security. A dangerous approach to have when data breaches are consistently on the rise, affecting businesses of all shapes and sizes, and the repercussions of not being compliant can destroy the future of the organisation.

Sensible senior management teams, business owners and management boards are very much aware of the risks associated with not being PCI DSS compliant. Ready to invest adequate funds for up to date secure systems and software, they see cyber security as a necessity and an opportunity to improve their relationship with the customer.

A top-down approach is crucial – a survey by ClearSwift in 2015 showed that, worryingly, 22% of employees think they have no responsibilities relating to data security. Management has to oversee the establishment of corporate policies to ensure that knowledge of the risks and responsibilities stretches throughout the organisation. To do this, they need to enlist the commitment of…

Human resources

The HR team is responsible for organising induction and training programmes to maintain the skills of the workforce to a standard required for the business and this should include topics relating to data protection and cyber security. In addition to training, ensuring the staff handbooks are up to date with information relating to the company’s data protection commitments is essential, as is providing clear guidance on what to do if they notice suspicious activity within the database and payment systems.

Call handlers/agents

Technology will only ever be as good as the people that use it. While companies can throw themselves into preventing a security breach, they are reliant on the commitment and efficiency of their staff to prevent weaknesses in the payment process, to look out for the signs of a breach and to know what to do if and when it happens.


At PCI Telecom, we create secure card payment systems that work for your business, be it for payments over the phone or online. Our card payment solutions feature end-to-end encryption and have PCI DSS Level 1 accreditation. Find out more about passing on your PCI DSS compliance responsibilities to us AND getting a card payment system built bespoke for your business by giving us a call today.