Worried about the cost of PCI compliance?

In these challenging times many businesses will be looking to cut costs where possible, putting planned expenditure on the back burner and tightening future budgets until Covid disruption blows over.

We know that card payment security and PCI compliance aren’t always at the forefront of minds and therefore have the potential to be on the list of spend items that could be side-lined. But this strategy has its risks – at a time when cyber crime is at an all time high due to weaknesses appearing in IT networks in the move to remote working, as well as the significant increase in card-not-present transactions because of the temporary closure of stores, the need for robust card payment security has never been more vital.

What is it that costs money in achieving compliance? Firstly, the time resource needed to create adequate procedures that set out how card data will be securely handled and establishing them across the organisation. The forthcoming launch of PCI DSS v4.0 moves towards ongoing monitoring of security measures, rather than an annual tick box exercise, so a person’s time will be required on a continual basis to ensure that these procedures are relevant and being adhered to. For those that do not have this time or know-how in-house, buying in expertise from outside the organisation may be needed. Also, investing in new, or improving existing, IT infrastructure will ensure that systems are robust enough to store and process card data securely.

While these might seem like expensive outgoings, they are nothing compared to the financial gamble in side-lining compliance, with potential fines of up to £50,000 per infringement plus the cost of an invasive forensic investigation should a data breach take place.  And, added to this is the inestimable price of potentially irreversible damage to your brand.

The good news is that there are solutions out there that combine all of the costs, protect your business and your customers from cyber criminals AND enable you to increase efficiency and improve customer service all at the same time. Which is exactly what we do here at PCI Telecom, creating and installing card payment processing solutions that are:

  • Bespoke – Our solutions are built to suit the exact needs of our customers, unlike those of other service providers who offer an off-the-shelf, one-size-fits-all product. This represents great value for money as you only pay for what you need rather than paying a premium for functions that you won’t use.
  • Affordable – To suit the needs of all budgets. We offer affordable monthly license fees and make sure that there is no charge for declined or refunded payments.
  • Cloud-based – There is no need to invest in any expensive bits of IT equipment. This also means that staff working at home can access and process payments remotely.
  • Omni-channel – Our solutions can be used to process payments made over the phone to a live agent or via an automated IVR as well as online, and via webchat and email so you can offer a variety of payment options to your clients.
  • Flexible – Can be adapted for busier periods, new payment channels and products. Our solutions are also fully interactable with other business functions such as your CRM, accounting and stock control.
  • Secure – Accredited to the highest Level 1 PCI DSS compliance standard. And by using our solutions, your payment process is descoped from your business’s compliance obligations and placed onto us instead.

You can find out more by visiting our Solutions page or alternatively, give us a call or send us a message to talk through your specific requirements.

Don’t let your card payment process get in the way of business success in 2021

Are you setting your sights on business growth in 2021? Or is your aim to simply to ride out the coronavirus storm? Whatever your objectives, if you’re using an out-of-date card payment processing system, it could hold you back or worse, lead to loss of sales and reputation damage.

Future-proof your business

Your old system might still be working, but is it fit for the future? Card payments are evolving constantly – the progression accelerating because of the pandemic creating new consumer habits and pushing them to alternative remote, or ‘card-not-present’ (CNP), transactions. Recent research predicts that CNP transactions will overtake in-person payments by 2023 – can your existing system handle this adjustment?

And it’s not just CNP transactions that are growing – the choice of payment methods has also increased. In this era of multi-channel communication, the likelihood is that your customers will engage with you through a variety of platforms – and your payment channels need to replicate this. Limiting to one channel might seem like a simpler way to manage payments but it seriously restricts your reach by excluding potential customers who may not have the time or the facilities for your single channel.  You can read more on the benefits of omni-channel payments here.

Advances in payment technology have enabled omni-channel transactions to be processed through one system, making it easier for you to manage and monitor sales while ensuring that the customer experience is consistent across the board, in turn improving satisfaction and brand awareness . This could include payments to a live agent over the phone or via an auto IVR working side by side with online options via your ecommerce site, webchat and email.

Be flexible to adapt to changes in demand and working practices

The ups and downs of the last year highlighted more than ever the need where possible for flexible business practices and processes. With the mass move to remote working, brought on by lockdown restrictions, businesses with cloud-based systems in place fared better, being able to move swiftly to alternative working practices with little interruption to service delivery.

Choosing a flexible, cloud-based card payment system that enables remote access for your staff and that can be adjusted to meet an increase in demand, whether that be adding agents or processing more transactions, will ensure that your business can adapt to whatever sits on the horizon in the post-covid context.

Security is key

The speedy introduction of new working practices unfortunately opened up vulnerabilities and weaknesses in many IT systems and networks and cyber criminals were quick to jump on the chance to take advantage. There was a significant rise in the number of cyberattacks on businesses of every size, compromising the card data and personal details of millions of individuals.

Data protection legislation and guidance, such as PCI DSS, aim to encourage businesses to have effective policies and procedures in place for accepting and processing personal data and card payments securely, whether staff are based in the office or remotely. Failure to follow the guidelines which then results in a breach of data can lead to a substantial fine and, probably worse, irreparable damage to the brand. Opting for a card payment system that adheres to the standards ensures that connections between the transaction environment and the rest of the IT network are secure and robust. And with PCI DSS v4.0 anticipated to be released in mid-2021, introducing greater focus on security as a continuous process rather than a one-off or annual tick box exercise, it’s more important than ever to make sure that adequate processes are in place.

Installing a new system doesn’t need to be complicated or costly. At PCI Telecom, we offer affordable bespoke card payment solutions that fit the needs of your business whatever its shape or size and for a variety of channels. Our solutions are cloud-based, so there’s no need for investment in expensive bits of equipment, and fully integrate with other back end systems such as accountancy and stock monitoring. They’re also compliant to the highest level of PCI DSS, protecting your business and your customers from data breach. For more information, visit our Solutions page or get in touch with us to discuss your requirements.

Deal or no deal Brexit, PCI DSS compliance remains the same

With the UK’s departure from the EU just around the corner, many businesses are wondering with uncertainty what future trading of goods and services with European customers will entail. As talks between leaders continue (at the time of writing), businesses are being advised to put in place procedures and practices to ensure a smooth transition to a new trading and operating environment, whatever it may be.

But while much will change for those businesses that trade overseas, whatever the outcome, be it a deal or no deal scenario, there are some systems, requirements and responsibilities that will remain the same – PCI DSS compliance being one of them. Here’s a reminder of the key points you need to remember:

  1. PCI DSS compliance was established by the major global payment card brands and applies to every business that stores, processes or transmits cardholder data, regardless of its size or industry – so every retailer, online seller, service provider and contact centre should have policies and procedures in place to protect their clients – whether they are from the UK or beyond – from the risks associated with card fraud and data theft.
  2. The extent of your business’s PCI compliance obligations is based on the number of transactions it processes annually. There are four levels of compliance, with Level 4 applying to merchants that process fewer than 20,000 transactions annually, up to Level 1 applying to those that process over six million. For those businesses that fall within Levels 2 to 4, compliance is achieved through a process of self-assessment. For those that fall into the Level 1 category, more rigorous and in-depth assessments take place involving external audits and reporting.
  3. Being PCI compliant is an ongoing process, not an annual tick box exercise. It includes the frequent monitoring and testing of systems and networks, ongoing training for employees on security policies and protecting cardholder data and ensuring that anti-virus software or programs are updated regularly.
  4. Failure to comply with PCI DSS which then results in a data breach will undoubtedly result in a substantial fine and more seriously, cause irreversible damage to your brand. Today’s consumers have high expectations when it comes to the protection of their personal and payment data – a breakdown of trust between your business and your customers will ultimately lead them to your competitors.

Here at PCI Telecom, we create and maintain card payment processing solutions, for card-not-present transactions made over the phone or online, that are bespoke to your business whatever its shape and size. Our solutions are cost effective, flexible, robust and cloud-based so there is no need for bulky bits of equipment to be installed. They are also accredited to a PCI DSS Level 1 standard so you can descope your business of much of its PCI compliance requirements leaving you the time and resources to focus on managing the day-to-day running of your business and delivery to your customer. For more information, visit our Solutions page or alternatively get in touch here or by using our webchat function over on the right.

You can find out more about the Brexit transition and what your business needs to do to prepare by visiting www.gov.uk/transition

More information on PCI DSS compliance can be obtained by visiting the Payment Card Industry Security Standards Council (PCI SSC) website here.

The cost benefits of outsourcing your PCI DSS compliance

There is no doubt that British businesses are currently facing unprecedented uncertainty as the Covid-19 pandemic continues and Brexit appears on the near horizon. It’s a challenging time and with a steep climb to recovery ahead, many businesses are cutting costs and tightening their belts. Finding the balance between managing income and overheads with putting money towards expansion and future growth can be a challenge when you don’t know what lies in the future.

While an outsourced card payment processing system that addresses PCI DSS compliance may appear like unnecessary spend at this time, it could, in fact, save you money in the long run. Retaining processes in-house can seem like a safer option but there are many advantages to choosing an external solution.

Here are three ways that outsourcing to a PCI DSS compliance specialist and card payment processing provider could be an advantage rather than a cost burden.

Reduced need for specialist staff

The complexities of accepting, transferring and storing card payment data and the resulting compliance obligations such as GDPR and PCI DSS require experienced and specialised staff that can be hard to source and retain. Outsourcing to an external payment processing service removes this need, cuts payroll costs and ensures your transaction environment remains secure and protected against problems created by staff turnover or absence.

PCI DSS compliance requires ongoing management rather than an annual tick box exercise. By outsourcing the whole process to an external provider, you remove the business from the compliance scope so more time can be spent on day to day tasks and future growth.

Increase staff productivity

With a purpose-built external system in place, that securely integrates with other functions such as your CRM database, your employees will have the ability to process transactions more quickly and efficiently, meaning a smaller team can handle more calls and generate more sales while maintaining a high standard of service.

Protect from card fraud

There were over two million cases of card-not-present fraud in 2019, with a total value of over £470m*. You can reduce your vulnerability to card fraud by implementing a secure card payment system that not only protects your business but also your customers from data breach.

Over recent months, as lockdown restrictions were implemented, many businesses were quick to pivot to remote sales online and over the phone. The speed of implementing these new processes resulted in the exposure of weaknesses in IT systems and networks which cyber criminals have been quick to pounce on. The investment in an external, cloud-based card payment processing solution removes these weaknesses and strengthens processes by securing the transaction environment and enabling employees to access the system and process payments wherever they are working, be it remotely or in the office.

At PCI Telecom, we create bespoke, card payment processing solutions to suit the needs of your business. Our solutions are cloud-based, secure and reliable and can be used independently or as part of an omnichannel payment suite. And because our solutions are accredited to PCI DSS Level 1 standard, you not only benefit from a simplified transaction process, but also from descoping your business of its compliance obligations and passing that responsibility to us, saving you time, staff resource and money. Visit our Solutions page for more information or alternatively contact us to discuss your needs or drop us a note on webchat over on the right – we reply immediately!

* According to UK Finance

Is your business ready for the increase in card-not-present (CNP) transactions this Christmas?

Shopping on the high street remains anything but ‘normal’. Tighter lockdown restrictions, social distancing measures, face masks and queues mean many consumers are shifting their shopping habits to buy online or over the phone from the comfort and safety of their own home. And as we enter the busy pre-Christmas build up, retailers will be looking at how they can prepare for this increase in card-not-present (CNP) transactions to create the best possible customer experience without the face to face interaction.

With this in mind, does your business have the systems and processes in place to make the most of this expected change in consumer behaviour? Here, we look at questions that retailers should be asking themselves.

Can your business handle the fluctuations in sales?

For smaller retailers with limited budget and resources to hand, the continued Covid-related uncertainty makes planning for the future a challenge. Implementing CNP payment channels that require limited staff resource can assist with ensuring that customers can always access your goods and services even at the busiest times. The ecommerce option is the obvious choice for many but an IVR service, interacting and accepting payments over the phone, offers an additional channel for reaching customers.

Can your payment processing system be accessed remotely?

It’s reassuring to know that your business can stay open and maintain a high standard of service, even when your staff are working from home. Implementing a sales and payment processing solution that can be easily rolled out and accessed remotely is critical for this purpose, enabling communication with the customer while being able to SECURELY accept and process payments made over the phone as well as via alternative interactive CNP channels such as webchat.

Does your payment processing system integrate with back-end functions?

Busier periods can mean less time being available to monitor stock levels or update customer records, in some cases leading to disrupted service delivery. Having a payment processing solution that integrates with back-end functions such as your CRM database and accounting system, saves time and resources and supports the delivery of seamless, glitch-free customer service.

Are you and your customers protected from card fraud and data breaches?

Unfortunately, the rise in CNP transactions will inevitably bring with it an increase in card fraud and cyber-attacks. While you want to protect your business and your customers from this risk, you’ll also want to minimise the impact of fraud management and cyber security policies on the customer experience. Opting for a card payment processing solution that complies with the latest in PCI DSS guidelines will ensure that both parties are protected and by choosing one that delivers an efficient transaction process, you’ll also maintain customer confidence and satisfaction.

Here are PCI Telecom, we build and implement card payment solutions for businesses of every shape and size, taking into consideration their needs and their budgets so that they end up with the solution that does exactly what they want it to. We create solutions for individual sales channels or as part of a wider omni-channel provision and these integrate seamlessly with other areas of the business. Our Level 1 PCI DSS accreditation means that data and card payment security is at the heart of everything we deliver. For more information, visit our Solutions page or get in touch here.

European cyber security month

European Cyber Security Month – three steps to improve your cyber security

October is European Cyber Security Month – the EU’s annual campaign dedicated to promoting cyber security to individuals and organisations and providing up-to-date online security information through awareness-raising and sharing of good practices.
The arrival of Covid-19 brought with it significant challenges for businesses, with many moving from physical to digital, in some cases overnight. The speed at which these changes to working practices occurred impacted the nature and priorities of IT services, exposing weaknesses resulting in a significant rise in cyber security incidents, with hackers exploiting gaps in systems and seizing on the opportunity to capture valuable data.

So, with this in mind, this European Cyber Security Month, we look at three steps that businesses can take to improve their chances in the fight against cyber crime:

Penetration testing

Identifying and understanding the vulnerabilities in your IT network is the first step towards securing your systems and protecting your business from the threat of cyber attack. External penetration testing enables you to view and test security measures through the eyes of a cyber criminal, replicating the tactics and practices of hackers to identify weaknesses and flaws that could be taken advantage of. The process focuses on areas where the most common weaknesses occur, usually at the point that two systems integrate, alongside the efficiency of firewalls and, once within interior networks, how easy it is to access sensitive data such as customers’ personal information and card payment details.

Develop policies and educate staff

With staff working from home and accessing networks remotely, clearer guidelines and tighter restrictions are needed to protect systems from new risks and vulnerabilities. Policies and procedures require updates such as limiting the use of personal laptops and mobile devices for work purposes and enhanced guidelines on multi-factor authentication and passwords, alongside ensuring that sufficient firewalls are in place and that software updates are made.

Developing the policies and procedures is the easy bit. They are only effective if they are widely communicated throughout the organisation, engaging staff to highlight the risks and the role they play in protecting the business from cyber attack. Educating and informing employees of where the threats lie will reinforce how their actions make all the difference.

Work through PCI DSS compliance

While PCI DSS might seem like a task too far for some, going through the process of achieving compliance will undoubtedly result in the creation and maintenance of robust systems and networks. PCI DSS compliance is designed to help you stay one step ahead of the hackers, protecting your business from cyber criminals by creating barriers to make their target much harder to reach.


At PCI Telecom we create bespoke, secure, cloud-based card payment processing solutions that interface seamlessly with other IT functions and, because they’re accredited to a PCI Level 1 standard, provide the highest level of compliance regardless of the size of your business. Contact us today to find out more about how we can support your business with accepting and processing card payments securely, be it over the phone or online.

What our PCI DSS Level 1 accredited solutions mean for your business

Being an integrated solutions partner of an accredited PCI DSS Level 1 provider is something that we regularly mention to highlight the reliability and robustness of the card payment solutions that we provide.  But what does it mean for the businesses that we work with and their customers?

What are the PCI DSS levels?

PCI DSS are a set of technical and operational requirements, established by the major payment card brands, that help organisations to maintain payment security, prevent card fraud and protect against data breaches. They apply to any organisation that stores, processes or transmits cardholder data regardless of the size or type of organisation – from small retailers through to large contact centres. The standards are made up of 12 components ranging from building a secure network to developing organisational data policy; the requirements for which varies depending on the number of transactions processed by the organisation each year. There are four levels of compliance, with Level 4 applying to merchants that process fewer than 20,000 transactions annually, up to Level 1 applying to those that process over six million.

For those businesses that fall within Levels 2 and 4, compliance is achieved through a process of self-assessment. For those that fall into the Level 1 category, more rigorous and in-depth assessments take place involving external audits and reporting.

As a service provider, it is this PCI DSS Level 1 assessment that is undertaken every 12 months along with added requirements including penetration testing and internal scans, to ensure that the solutions we provide via our integrated partner remain robust and inaccessible to data hackers scouring for weaknesses in IT networks.

What this means for your business

Our solutions have been through the highest degree of card security testing and scrutiny to achieve the Level 1 standard of compliance. Our clients are therefore reassured that their transaction environment is secure and provides them with confidence that they are protected against credit card fraud and breaches of cardholder data; a comfort that they can pass on to their customers.

In addition to this, many organisations view the process of becoming compliant with PCI DSS, even at the self-assessment levels, as complex and resource intensive. Moving to our external card payment processing solutions, takes away this headache by removing the transaction environment from your scope into ours, giving you the benefit of a higher level of compliance without the stress or expense.

Our suite of solutions – PCI Agent (for attended, over-the-phone transactions), Auto IVR, Online and PCI Webchat – are all adaptable to suit the needs of any business, whatever its type, shape and size. Being cloud-based they are simple to install, without the need for equipment on-site, and are easy to use both in the office and when accessed remotely.

Visit our Solutions page to find out more about our PCI DSS Level 1 accredited products or alternatively get in touch with us here to talk through your requirements.

What have we learned about cyber security in a pandemic?

The arrival of COVID-19 and the subsequent lockdown posed a significant challenge to businesses and, for many, a swift move away from their usual bricks and mortar operations to ecommerce and over the phone sales. But, in the rush to enable remote working for employees and the shift to card-less payments, vulnerabilities were exposed, sadly leading to a large increase in cyber-crime incidents, with hackers attempting to force their way into IT networks and gain access to personal data and payment information.

So, what have we learned from this experience and what can be done to better prepare ourselves should the situation arise again?

Cyber criminals are ready to seize opportunities and coronavirus was one of them

During this time of uncertainty and increased online activity, cyber criminals have been actively working to exploit the COVID-19 situation with attacks that prey on businesses and their employees. Seizing on flaws in IT networks and security awareness, hackers have managed to infiltrate systems through a variety of tactics including phishing scams and impersonation of IT professionals. According to BitDefender*, there was a 475% increase in malicious reports related to coronavirus in March – a stark reminder that hackers pose a continuous, significant threat and are using increasingly sophisticated methods to access confidential and card payment data.

Businesses need to have continuity plans, policies and procedures in place for this kind of eventuality

The rapid move to remote working highlighted the gaps in many organisations’ policies for regulating and managing the process of working from home, leading to weaknesses in networks and putting customer data and the transaction environment at risk. Formal policies are required that can be speedily applied when necessary, outlining rules such as prohibiting the copying, moving, sharing and storing of payment card data, parameters for passwords and multi-factor authentication along with guidance for setting up a secure working environment that ensures no sensitive data is visible to unauthorised persons. These policies need to be revisited on a regular basis so that they remain relevant and up to date.

There is a need to improve the quality and increase the frequency of cyber security training

Regular security awareness training helps to create and maintain a culture of security within an organisation, reminding employees of the vital role they play in protecting the business and the customer from the risks associated with cyber-attack and data breach. Stay one step ahead of cyber criminals by keeping staff informed of the latest threats, what to look out for and what to do if anything suspicious arises.

Being PCI DSS compliant can help with all of the above

Going through the process of achieving PCI DSS compliance creates foundations for effective policies and procedures for accepting and processing card payments securely, whether your staff are based in the office or at home. The security standards provide a framework of guidelines that include multi-factor authentication and strong password policy, regular vulnerability scans to identify weaknesses in external-facing systems and prohibiting the use of personal devices to access the network and process transactions. Businesses are obliged to ensure that equipment and networks have in place anti-malware protection and firewall functionality to protect from internet-based threats. And, should anything suspicious appear, the standards require that incident response plans are in place and that staff undergo regular training to know what to look for and how to act. Having all of these measures in place greatly reduces disruption to business operations and the risk of becoming a target for cyber-crime should a move to remote working occur again.


At PCI Telecom, we deliver card processing solutions for payments made over the phone and online that are affordable, simple to install and easy to use, integrating seamlessly with your existing systems and networks.  Being cloud-based, our solutions are ideal for remote-working and provide a fully encrypted and secure environment for card transactions to take place with the added benefit of having PCI DSS Level 1 accreditation. Take a look at our Solutions page for more information or give us a call to find out more.

*Source: PCI Security Standards Council, ‘8 Tips to Help Small Merchants Protect Payment Card Data During COVID-19’

How do you maintain a consistent service when your team is split across multiple locations?

As the upheaval of lockdown begins to diminish, many businesses are turning their attention towards the re-occupancy of offices and what the post-Covid-19 ‘normal’ looks like for their business operations. With social distancing measures still in place for the time being, it appears unlikely that there will be a return to full office capacity any time soon and as a result, many businesses are exploring ways to manage the split between workers based in the office while others continue to work from home.

As facilities and building managers grapple with the issue of social distancing, managers of customer-facing functions are wondering how they can best deliver a consistent customer service when their teams are spread across multiple locations. Here are some suggestions of things that can help during these topsy-turvy times.

Ensure customer-facing staff are equipped and informed

Frontline staff, the faces and voices of your organisation, are core to your brand’s identity and its reputation. Managing calls competently and efficiently offers valuable reassurance to the customer that your service is reliable and that transactions are being processed responsibly. To do this, your teams need to be equipped with the tools and information to do their job in the best way possible, whether that be telecoms equipment or remote access to cloud-based software.

In addition, creating and implementing clear, company-wide policies for dealing with customer calls and processing card-not-present payments are essential to the delivery of a consistent service across the board and to maintain a secure environment for transactions to take place, regardless of where your team members are based. This includes guidance on cyber security, particularly for those working remotely, as well as rules on firewalls and multifactor authentication. This will help staff to recognise the importance of their role in the delivery of high-quality service and understand the impact this has on reassuring customers and the long-term success of the business.

Facilitate omni-channel payment methods

Catering for a broader spectrum of payment preferences, across multiple platforms, brings obvious benefits in terms of reaching more customers. It also means that you aren’t completely reliant on just one channel or team for payments to be processed – extremely useful during periods of disruption. Concerns about the availability of staff to handle incoming sales calls can be easily managed with the installation of an IVR solution, providing an automated option that directs callers to exactly the service they need. Similarly, offering online payments via the website or a webchat function, adds another access point to your services for customers who may not have the time to call.

There are many advantages to choosing a single provider for your omni-channel payment processing including the simplification of back end systems such as accounting and reconciliation as well as improved all-in-one sales reporting, giving you a better understanding of customer behaviours and improving your ability to plan effective sales and marketing strategies.

How we can help

PCI Telecom offers a range of cardholder-not-present payment solutions that help equip your staff with the tools they need to offer a consistently seamless service, whichever channel is being used to pay. Our solutions are reliable, easy to use and secure – accredited to a PCI DSS Level 1 standard – so you can focus on the delivery of products and services while leaving the payment processing to us. Here’s how they can work for you during this time:

Our PCI Agent over-the-phone payment solution enables callers to stay on the line to a member of staff – whether that person be located in the office or at their kitchen table – and input their card details via their phone keypad. The member of staff, logged into our cloud-based card processing system, is at no point able to see the card details and the transaction is swift and seamless.

Our flexible Auto IVR solution easily integrates with your existing phone network and enables customers to select automated options to reach the service they need AND make payments securely by inputting the details via their phone keypad.

During a live chat, web chat, SMS or social media engagement, our PCI WebChat solution can be used to generate a unique and secure payment URL link that is sent to the customer, into which they enter their card details. The PCI Webchat function remains open to the agent and customer so they can continue to ‘chat’ during the process but card details are at no point made visible to anyone other than the customer.

Similarly, our PCI Paylink generates a unique and secure URL that is emailed to the customer for completion with their card details. With full encryption, the payment is then processed, at no time revealing the card details to a member of staff.

Our solutions are created on a bespoke basis, either individually or as part of an omni-channel suite of payment options, that work to meet the needs of your business, helping you to maintain a consistently high standard of service and a safe and secure transaction environment. For more information visit our Solutions page or get in touch to talk through your requirements.

Not returning to the office for a while? How to take payments SECURELY while your staff are working from home

The enforced lockdown in March, as a result of the Covid-19 pandemic, led to lots of businesses hurrying to implement new technology and procedures for their staff to work remotely. For many this meant adapting service provision, while for some, a speedy introduction into card-not-present (CNP) transactions, over the phone and/or online. In the rush to establish these new practices, card payment security and compliance obligations were sometimes pushed to the side-lines, putting business networks and data at risk and opening up weaknesses within systems to be exploited by hackers and cyber criminals.

As businesses and their employees continue to wrestle with these new ways of working, meanwhile consumers’ expectations of businesses taking responsible measures to protect their payment and personal data remain high.  The reputational damage that can occur as a result of a data breach can be disastrous for any organisation, not to mention the impact of the substantial fine that could be incurred if data protection policy and PCI DSS compliance is proven to have been insufficient. Guidance published by the PCI Security Standards Council (PCI SSC) for businesses combining remote working with accepting card payments, suggested a number of strategies including enforcing strong password policies and multi-factor authentication as well as imposing encrypted communications and enhanced anti-malware and firewall applications. These actions undoubtedly improve security, however, the guidance puts employees at the front line of defence, relying on their familiarity with policies and procedures and their ability to update their systems remotely without the hands-on IT support usually available in the office.

Which is why investing in an external, cloud-based card payment solution is worth every penny. Here at PCI Telecom, our range of card payment solutions, all accredited to Level 1 PCI DSS standard, can be adapted for use anywhere, protecting your business from cyber attack and a breach of compliance obligations. Here’s how they can work for you during this time:

Our PCI Agent solution can be used with calls to your business diverted to employees’ mobile or home landlines, enabling customers to get through to a live agent and to make payments using their phone keypad to input their card details. The caller remains on the line to the agent at all times – at no point is their card number required to be read aloud and the agent sees only encrypted code appearing on their screen.

Auto IVR can manage calls and payments out of hours or when there are no staff available, providing callers with tailored options so that they can reach exactly the service or product they need and make payments smoothly and securely.

PCI Webchat During a live chat, web chat, SMS or social media engagement with a customer, the agent launches the online PCI WebChat solution to populate the transaction details. Our system then generates a unique and secure payment URL link that is sent to the customer, into which they enter their card details. The PCI Webchat function remains open to the agent and customer so they can continue to ‘chat’ during the process but card details are at no point made visible to anyone other than the customer.

PCI Paylink The most recent addition to our suite of solutions, the agent simply completes the transaction information via the PCI Paylink webpage. The system then generates a unique and secure URL that is emailed to the customer for them to fill in with their card details. With full encryption, the payment is then processed, at no time revealing the card details to a member of staff.

Our solutions work for organisations of any shape and size and are created on a bespoke basis so we can tailor each element to the specific needs of your business. They are available individually or as part of an effective omnichannel payment suite, helping you to reach more customers while maintaining a consistently high standard of service.

Accepting and processing CNP transactions securely while your staff work remotely needn’t be a struggle or a worry during this time. For more information on our Solutions or to talk through your requirements, get in touch here.

What are the benefits of omnichannel payment solutions?

As a business, it can often feel like you’re on a treadmill when keeping up with the latest in consumer trends and technological developments. The last decade has seen more changes in consumer behaviour than ever before; how they access your products and services and also how they pay for them. So how do you make sure you meet these needs while maintaining a good standard of customer service? One way is to opt for an omnichannel payments solutions provider. Here, we look at the key advantages that these can bring.

Offer a consistent, seamless customer experience

Obviously catering for a broader spectrum of payment preferences, across multiple platforms, brings benefits in terms of reaching more customers. But there are other reasons why it is more advantageous to choose an omnichannel solution to do this, namely improving the customer experience and earning a good reputation amongst your target audience. It is easier to implement a good quality, consistent customer journey using one solution rather than trying to manage many.  Today’s consumers have high expectations when it comes to seamless service provision and this consistency is key to building brand recognition and ultimately brand loyalty moving forward.

Streamline the payment process and improve integration with back-end systems

It isn’t just the customer’s experience that improves with an omnichannel payment solution. For the business, using one system to handle and process sales transactions, streamlines the whole payment function, generating a wealth of benefits. This includes all-in-one reporting to simplify accounting and reconciliation as well as easy monitoring of sales and stock levels. In addition to this, an omnichannel solution enables you to gather and map your customers’ buying behaviours across all platforms, generating invaluable data that gives you a greater understanding of how they interact with your business and opening up opportunities to develop more effective sales strategies and targeted marketing activities.

Save money and boost productivity

Investing in one solution that works across all platforms, rather than multiple systems to manage each payment channel, saves money in the long run – requiring fewer updates and lower maintenance costs. Plus, with fewer hours spent managing multiple payment strands and suppliers, you and your teams can invest more time focussing on developing the business and delivering your service.

Simplify your PCI DSS compliance

Crucially, having one omnichannel payment solution removes the complexities of PCI DSS and other compliance obligations. With only one system being in-scope rather than many, you save time and resources to redeploy elsewhere in the business.


At PCI Telecom, we create bespoke card payment processing solutions for multiple channels including over the phone to a live agent, IVR, online and via webchat. Our cloud-based solutions are affordable, simple to install, easy to use and integrate seamlessly with your phone system as well as other areas of the business. They are accredited with PCI DSS Level 1 standard so you don’t have to worry about compliance – we take that on so that you can focus on your day job. For more information, visit the Solutions page or get in touch to talk through your requirements.

Covid-19: our solutions to keep your business going when your premises is on lockdown

Thousands of businesses have been thrown into a state of uncertainty with the forced closure of premises as part of the fight against the worldwide spread of the Covid-19 virus. With the duration of lockdown yet to be determined, many businesses are wondering how they can maintain trade and relationships with customers to survive this coronavirus crisis. We want to help if we can. Here are a couple of solutions we can provide that could enable your business to weather the storm and get through these difficult times:

Introduce or improve online payments

If your business doesn’t trade online then now could be a good time to start. Your website is your virtual shop window, keeping customers up to date on your current trading arrangements and providing a channel for them to access your products and services. With the added benefit of being able to interface behind the scenes with stock and CRM databases, our ONLINE card payment solutions offer a smooth and seamless service to the customer and are simple and affordable to install. In addition to this, our 3D-Secure technology means that cardholders are authenticated at the time of the transaction, reducing the possibility of fraudulent card use.

Want to maintain live interaction with your customer? Why not install a webchat function to your site to answer queries and take payments?

Install an IVR facility to your phone line

IVR (or Interactive Voice Response) is a technology that enables your customers to make enquiries, purchases and payments over the telephone by interacting with an automated system, without the need for a person to answer the call. Because they’re completely automated, IVRs can manage calls to your business 24/7, informing customers of the current status of your business and enabling them to make fast and effective payments for services and products from their home.

Our AUTO IVR solution manages calls by offering a series of prompts and options to direct your customers to exactly the service that they need and enables them to make payments by inputting card details via their phone keypad. Transactions are processed through our secure system, protecting both your business and the customer from the risk of data breach and card fraud. Our AUTO IVR system is simple to install and, being cloud-based, requires no equipment or infrastructure onsite. The bespoke nature of the solution means it can interface seamlessly with other payment channels, such as online, as well as with your database and/or CRM and can be easily amended to suit your business as and when required.


For more information about the above services, visit our Solutions page or get in touch with us on 0330 022 0660 to talk through your requirements. Our solutions all feature the added benefit of being compliant with PCI DSS regulations to a Level 1 standard, protecting your customer and your business with the highest standard of card security. We are here to help businesses continue to provide a service to their customers while lockdown is in place with solutions that are low-cost and flexible to suit the needs of your business, whatever its shape and size.

Biometric payments: what they mean for your business

The payments landscape has evolved at an exceptional rate over the last few years, with the rise of contactless and the use of smart devices as well-recognised examples of new technology that has changed the way that customers pay. This evolution is set to continue as banking services and businesses look to introduce easier and more secure ways to manage payments, most notably with the use of biometric data in the authentication process. So what does this mean for your business and your customers?

What are biometric payments?

Biometric payments use biological and behavioural data, such as fingerprints, voice and facial recognition, as part of the authentication process when making a payment, be it online or in person. The introduction of biometric data being used in payments has created a new level of security, moving away from ‘something you know’ authentication such as a password or PIN, towards ‘something you are’ – a characteristic unique to the individual.

With the estimation that around 90% of passwords are easily hackable and the number of card fraud cases continuing to rise, it’s no wonder that the search for ways to tighten security for card payments has become a priority. 2018 saw the launch of the EU Payments Services Directive (PSD2), part of which included the introduction of Strong Customer Authentication (SCA), requiring card issuers to implement multi-factor authentication for all online purchases over €30 and increasing the scope to include not only a PIN or password but also integrating biometric data.

What are the benefits of biometric payments?

Biometric data can’t be lost or forgotten and is near impossible to steal or duplicate so for businesses, biometric authentication creates a new line of defence against card fraud as well as reduces the number of abandoned payments because of lost passwords and PINs.

Added to these security benefits are the enhancements that biometric payments can make to the customer experience. Gen Z, the digital-first generation who make up a growing proportion of today’s consumers, have greater confidence in sharing biometric data with banks and businesses than in previous generations. According to GlobalData’s 2018 Consumer Payments Insight Survey, two thirds of consumers are comfortable using a fingerprint or other biometric measure to secure their payment details, with only 11% opposed to the idea. With more emphasis on convenience and being able to manage their lives while on the go, today’s consumers have high expectations when it comes to customer service with biometric payments supporting these needs by facilitating easier, quicker, reliable and more convenient transactions, known in the industry as ‘frictionless’. Many businesses see the opportunity to use biometrics to streamline their payment processing and enhance the customer experience to gain that ever-important competitive differentiator.

While balancing customer experience with data security will continue to be an ongoing challenge, we should expect to see even greater focus on biometrics over coming years, steadily becoming commonplace as technology is further developed and deployed.


The expansion in use of biometric data in the payments process increases the need for revised regulation and compliance obligations. The new PCI DSS v4, the launch of which is expected in late 2020, will encompass new payment technologies to ensure that businesses maintain robust payment processing security to protect you and your customers from cyber-attack, data security breaches and card fraud.

Here at PCI Telecom, we create bespoke card payment processing solutions that meet the needs of businesses whatever their shape and size. Our solutions are not only accredited to a Level 1 standard for PCI DSS compliance but are also compatible to meet the requirements of SCA for online transactions. You can find out more about our online payment processing solutions as well as our over the phone card payment systems by visiting our Solutions page or get in touch to discuss your requirements in more detail.

What to expect from the new PCI DSS v4.0 being launched in 2020

Last year the PCI Security Standards Council announced that a new version – version 4.0 – of the Payment Card Industry Data Security Standards (PCI DSS) would be launched in late 2020. With this now on the horizon, we look at what is likely to change and how this will affect your business.

What is PCI DSS?

PCI DSS is a set of guidelines established by the major card providers – Visa, MasterCard, American Express, Discover and JCB – relating to the security and storage environment used when processing, storing or transmitting debit or credit card information. The guidelines apply to all businesses that take card payments, regardless of their size or industry and failure to adhere can lead to large fines being administered should a data breach occur.

Why is PCI DSS changing?

Since PCI DSS was launched in 2006, the card payment landscape has changed dramatically – contactless payments were yet to be developed and global internet speeds and cloud-based technologies were limited. Since the last major update in 2016, the world of card payment processing has shifted again with advancing technologies introducing new ways for consumers to pay, such as contactless payments via smartphone and the launch of Open Banking opening the door to third party applications becoming increasingly involved in business processes.

Sadly, alongside these advancements comes newly created threats to security, with cyber criminals improving their capabilities, exploiting weaknesses in interfacing systems to access personal and payment data.

What changes are likely to be included in PCI DSS v4.0?

While the 12 core principles of PCI DSS are expected to remain the same, according to the PCI Security Standards Council, PCI DSS version 4.0 will aim to reach the following high-level goals:

  • To ensure the standard continues to meet the security needs of the payments industry and the businesses that use it.
  • To add flexibility and support that will enable the standard to be applied across the variety of payment methods now available.
  • To promote and encourage businesses to see security and PCI DSS compliance as an ongoing process rather than a one-off tick box exercise.
  • To enhance validation methods and procedures – enforcing encryption and authentication processes to card payments.

A draft of version 4.0 is currently under review by PCI SSC stakeholders and a request for comments process is underway, from which amendments may be made in advance of its launch later in 2020.

What does this mean for my business?

The PCI SSC have stated that they intend for the security baselines to be realistically achievable and easily understood by all businesses globally. However, many businesses see the process of achieving compliance as a daunting challenge and one which requires time and resources. Despite what you might think, the ultimate purpose of PCI DSS isn’t to cause you a headache – the standard is in place to protect not only the customer but also the business from fraudulent card use and cybercrime.

How can we help?

At PCI Telecom, we create and maintain card payment processing solutions that fit the needs of your business, providing a secure environment for your customers to input their card details and make payments over the phone and online. We take on full responsibility for your PCI DSS compliance (also known as ‘descoping’) so that you don’t need to worry about it – therefore, any changes that are made to the standard are dealt with by us. And because all of our solutions are cloud-based, these amendments can be updated remotely without the need for us to make infrastructure changes onsite.

We know that card security means a lot to your customers, as does the ability to make payments swiftly and effectively, so having a variety of secure ways to pay is critical to your business’s success. This year sees the launch of our new PCI Webchat solution, adding to our suite of card payment processing systems that can be applied to suit the requirements of all businesses whatever their shape or size. For more information, take a look at our Solutions page or alternatively, get in touch to talk through your requirements.

The end of another successful year at PCI Telecom. Here’s to the next decade.

As we move towards the end of 2019, we are celebrating another great year for PCI Telecom. In March, we attended our first ever exhibition – the Call & Contact Centre Expo at Excel London – at which we showcased our unique, budget-friendly PCI DSS compliant solutions to a range of businesses and contact centre consultants, opening the door to new clients and an even broader range of projects. Interestingly, but unsurprisingly to us, the chats we had over the two days confirmed that we are filling a gap in the market in delivering compliant card payment solutions targeted specifically towards the needs of SMEs. We know that for many small and medium sized businesses, often with fewer resources to hand than their larger corporate counterparts, an affordable solution that is efficient at processing payments while integrating with existing systems such as the phone network and accounting software is much-needed. Our aim is to continue to fill this gap by developing products that meet the ongoing requirements of businesses and protect their customers through the payment process.

Here are just a few examples of projects we’ve delivered on in 2019:

Imperial War Museum

Imperial War Museum manage a collection of five historic sites and visitor attractions across the country with permanent displays alongside a range of events and exhibitions. The team was exploring options for a ticket purchasing system that addressed concerns relating to their PCI DSS compliance, specifically with over-the-phone card payments being made to a live operator. Our PCI Agent TFR solution was installed and adapted to suit their needs, fully interacting with their existing ticket software, telephone systems and IT networks, allowing callers to purchase tickets by inputting their card details securely via their telephone keypad without the need to temporarily cut off the agent.

Arriva Rail North

The rail operator responsible for providing trains in the north of England was keen to introduce easier payment options for passengers that had received penalty notices. They needed a solution that could facilitate payments via a range of channels, was easy for staff to use and that could integrate with processes already in place. Our PCI DSS compliant suite of products could do just that – meeting with all of their needs through our hosted AUTO IVR solution for those wishing to pay over the phone as well as our PCI MOBILE Chip & Pin solution for those preferring to pay on the spot.

Charles Clinkard

The team at Charles Clinkard, sellers of high quality footwear with stores located across the UK, was looking to introduce a facility for their customers to make payments over the phone in a secure environment to address their PCI compliance obligations while at the same time integrating seamlessly with other retail software. Our PCI Agent TFR solution was launched, integrating fully with their existing systems from ordering stock through to despatch.


Could we do the same for your business?

If you’re looking to introduce or update to a PCI DSS compliant card payment processing system that works to meet the specific needs of your business then please do get in touch with us to find out how we can help. Until then, we wish all of you a Merry Christmas and a Happy New Year.

Who suffers most when customer data is breached?

There’s no doubt about it, data protection and cyber security is a thorn in many a side. As cyber criminals become progressively more innovative, the number of cyber attacks increase in frequency and severity with businesses of all sizes being affected. But when it comes to falling victim to a cyber attack that results in a breach of data, who suffers the most? The customer or the business?

In the first instance, the greatest impact is on the customer for whom being caught up in a data breach will be disconcerting and inconvenient. As a business, the responsibility falls to you to establish what data has been lost or stolen, assessing the risks and then informing those affected without delay. It’s then over to those customers to change all passwords for websites and online accounts, keeping a close eye on bank accounts and being wary of scams utilising the information that has been accessed. Time consuming and aggravating to say the least.

For a business however, the fallout from experiencing a breach of customer data can be longer lasting with much greater repercussions. For today’s consumers, integrity and security go hand in hand. Many will be wary of purchasing from a business known to have had customer data lost or stolen and unlikely to recommend services to friends and colleagues resulting in irreparable damage to the brand’s reputation and having a severe impact on future trading.

In addition to this, if investigations that follow a serious data breach uncover failures to protect customer data, your business will very likely be in receipt of a hefty fine and possible legal action from those involved, impacting profits and further investment into the company.

There are simple systems and procedures that can be put in place to help avoid this scenario. Regulations such as PCI DSS as well as other data protection legislation like GDPR aim to protect your business from falling victim to cyber attack leading to a breach of data. At PCI Telecom, we specialise in PCI DSS compliant card payment processing solutions that work for all businesses regardless of size and budget. We create a secure environment for your customers to pay swiftly and conveniently while at the same time managing your PCI DSS compliance obligations so you have more time to focus on delivering high quality service. Take a look at our range of Solutions or get in touch to chat through your requirements.

Exploring Open Banking solutions to streamline your business? Why not look at PCI DSS compliant card payment options at the same time?

Since the launch of Open Banking in January 2018 a wave of new products and applications has arrived on the market both for businesses and consumers, opening up the financial services industry by introducing competition to the provision of banking systems, previously controlled by a handful of bank corporations. Open Banking has given consumers and businesses greater control over their money and their budgeting processes with simplified and improved functions such as accounting and budget management software along with up to date financial data and analysis.

Understandably, the movement of financial data between third party services and banking providers requires significant data protection and encryption. Behind the scenes, Open Banking applications, regulated by the FCA, use integration software also known as APIs (or application programming interfaces) to seamlessly manage this passage of data between the app and the bank in a secure environment to avoid the risk of a breach – crucial for the protection of your business’s sensitive financial information.

This interface between business systems and the bank is comparable to that which takes place during the processing of card payments with security and data protection also of the highest importance. Similar to the regulation of Open Banking, card payment processing should adhere to the latest PCI DSS guidelines to ensure that the transaction environment is secure at every stage of the payment process, from the customer entering their card details right through to communicating with the card issuer for processing. For businesses, there are high risks associated with using systems that are out of date or that don’t interface effectively, namely the leakage of customer data into the hands of cyber criminals and the subsequent hefty fines and damage to reputation.

Security aside, Open Banking has introduced effective tools to streamline your financial systems and monitoring, saving you time and in turn giving a boost to your business productivity. Could updating your card payment process with similar modernisation and simplification lead to the same outcome?

At PCI Telecom, we believe it will. We have developed a range of solutions for payments made over the phone and online to suit the needs of every business regardless of its shape and size. Our solutions are easy to install, simple to use, fit seamlessly and securely with your other business functions and have PCI DSS Level 1 accreditation so you don’t have to worry about data security and can continue to deliver a high standard of service to your customer. For more information, visit our Solutions page or alternatively, get in touch with us to talk through your requirements.

For more information about Open Banking visit www.openbanking.org.uk

Revisit your PCI DSS compliance this European Cyber Security Month

Despite what we see in the shops, October isn’t just about the ghosts and ghouls of Halloween. Perhaps not as exciting for the kids but, for some, a scary topic nonetheless, October also plays host to the annual European Cyber Security Month generating awareness and promoting the importance of information security.

PCI DSS compliance plays a crucial role in cyber security, designed to ensure that card payments taken face-to-face, over-the-phone and online are done so in the most secure environment possible. It applies to any organisation that accepts card payments regardless of size or industry, with varying requirements depending on the number and frequency of transactions and includes implementing and maintaining secure networks, regular monitoring and testing of systems to identify possible weaknesses and developing an effective information security policy.

So, this European Cyber Security Month we thought we’d remind you of our top three reasons your business should be addressing and keeping on top of its PCI DSS compliance.

Earn and maintain customer trust

Today’s consumers have high expectations when it comes to businesses protecting their data; more so as high-profile cases of data breaches hit the headlines. Investing in processes and practices that are up to date and adhere to the latest PCI DSS guidelines demonstrates that you’re on top of data protection and take your card payment security seriously. Gaining trust from your customers will ensure they return to you in future, rewarding you that much sought-after edge over your competitors.

Protect your business from card fraud and hefty fines

PCI DSS isn’t just about protecting the consumer during the transaction process. It also seeks to shield the business from card fraudsters and reduce the risk of your networks falling victim to cyber criminals too.

As well as this, it’s worth noting that should your business suffer a data breach, not having sufficient data protection and IT security in place will undoubtedly result in a substantial fine and, in many ways worse, significant reputational damage to your business.

Be part of the global force against cyber crime

No IT system or network is ever going to be considered 100% secure from cyber criminals as their techniques become progressively sophisticated. Data protection and PCI DSS compliance is designed to stay one step ahead of the hackers, creating barriers to make their target much harder to reach. Every business has a responsibility to take their data security seriously and to invest in adequate processes and by doing so, they play their vital role in combatting cyber crime.


At PCI Telecom, we deliver bespoke card payment solutions that have PCI DSS Level 1 accreditation for payments made over the phone and online. Outsourcing your card payment processing offsite to us de-scopes your business from its PCI compliance obligations so it’s us that do the planning, maintenance, updates and regular checks and not you. Contact us for more information.

How your card payment process can help you handle fluctuations in business

We’ve worked with a broad range of clients including visitor attractions, transport providers and retailers so we know that the summer can present a big challenge for businesses, balancing significantly higher than usual call frequency with employees on summer leave. This can be particularly problematic for smaller businesses with fewer resources, experiencing the peaks and troughs of variances in sales and demand more intensely than their larger counterparts.

Investing in the right card payment processing solution can help to manage these fluctuations in business. Here’s how:

Introduce automated over-the-phone card payments

IVR (Interactive Voice Response) technology enables calls and payments to be dealt with and processed without the involvement of an agent or call handler. The automated call handling system allows customers to select options and move through the payment process independently, entering their card details into a secure transaction environment. For your business, this means that during busy times or when there are fewer staff available, general payments can be directed to the automated process while your attention can move to handling the more detailed enquiries. Most importantly, you keep your customers happy by not putting them on hold for long periods and being able to accept payments at convenient times outside of office hours.

Speed up the payment process

Swift and efficient transactions lead to more satisfied customers but they also improve your business’ productivity by saving time, freeing up staff to focus on other areas of the business. An improved card payment solution which integrates with your other back end systems such as the CRM database and stock monitoring also cuts the number of steps required in the transaction process, in turn improving efficiency and reducing the need for staff involvement.

Adapt to demand by introducing flexible solutions

Opt for card payment solutions that offer flexibility and scalability so that you can handle higher demand during busy periods by adding and removing users as required. This assists with the planning in advance of busy periods to ensure you have the right amount of staff available to manage calls effectively and maintain a positive customer experience.


At PCI Telecom we offer a range of Level 1 accredited PCI DSS compliant card payment solutions that are created to suit the specific needs and requirements of your business. Whether you’re an SME or a larger enterprise, we can provide a solution that works for you and your budget, that fits seamlessly with your existing systems without the need for major infrastructure changes. For more information and to discuss your requirements, get in touch with us here.

More about our PCI DSS compliant card payment solutions:

PCI Agent ™, PCI Agent™ Outbound, PCI Agent™ TFR, PCI Agent™ Advance – whether you’re a one-man-band business, an SME with up to 100 employees or a larger organisation, we have a variety of solutions for card payments made over the phone.

 Auto IVR solutions enable fast, effective payments to be made automatically by callers any time of day without the need to speak to a person or wait in a queue.

Our ONLINE card payment solutions come with EV SSL and 3D-Secure processes as standard so you and your customers can rest easy that personal and payment data is protected throughout the transaction.

 PCI MOBILE™ chip & pin solution means you can take payments from customers in person while out and about and on the move. Fully secure with end-2-end Level 1 accreditation.

External penetration testing: what it means for your business and your PCI compliance.

What better way could there be to test the capability of your business’s security measures than looking at them through the eyes of a cyber criminal? That’s essentially the purpose of external penetration testing, or PEN testing as it’s commonly known.

PEN testing involves an organised, third party attempt at accessing your business’s IT systems and networks, replicating the tactics and practices of hackers to identify weaknesses and flaws that could be taken advantage of. The testing looks at the efficiency of firewalls and assesses the possibility of an intruder entering interior networks and accessing sensitive data such as customers’ personal information and card payment details. The process focuses on areas where the most common weaknesses occur, usually at the point that two systems integrate.

Protect your reputation

With the ever-increasing threat of cyber-attack, data security is at the forefront of many minds. Today’s consumers have high expectations when it comes to the storing and processing of their personal details. They want to know that your business is doing its utmost to provide a secure transaction environment.

Failure to protect customer data can lead to a serious breach in consumer trust and deal a devastating blow to your brand reputation. Staying one step ahead of the hackers by carrying out penetration testing and addressing vulnerabilities in your networks and processes, reduces the risk of falling victim to cyber criminals while maintaining and reassuring customers that their data is being dealt with in the securest of environments.

Penetration testing and PCI DSS

For businesses that process card payment transactions over the phone and online, PEN testing is an essential part of PCI DSS compliance. The regulations require that penetration testing takes place at least on an annual basis or as and when upgrades and modifications are made to IT systems and networks. To comply with PCI DSS, the PEN testing must include the perimeter of the Cardholder Data Environment (CDE), as well as any systems which, if compromised, could impact the security of it.


At PCI Telecom, we undertake regular penetration testing of our card payment solutions and how they integrate with other systems, rectifying any potential areas that could become vulnerable to cyber-attack. Our cloud-based solutions are accredited to a Level 1 PCI DSS standard and are created and developed to meet the exact needs and requirements of each business that we work with.

By outsourcing your card payment processing to us, you descope your transaction environment from PCI compliance obligations altogether so that you can spend more time focusing on what really matters – delivering your core business to your customers. To find out more about what we can do visit our Solutions page. Alternatively, give us a call to talk through your specific requirements.