If you own an ecommerce website, you’re probably one of many that is familiar with the term PCI but wince at the sight of the word “compliance” that usually follows it. You might also have recited the June 2018 deadline in your head more times than you have your mother’s birthday. If not, then perhaps you’re in the other category - still scratching your head wondering exactly what PCI compliance is and what it means for your business? Or maybe you’re one of the few that is about to stop reading this blog because you don’t think it applies to your business? If the answer to any of these questions is yes - then this blog is for you.
The term ‘PCI Compliance’ is short for Payment Card Industry (PCI) Data -Security Standard (DSS). PCI compliance is an internationally recognised set of security standards used to help protect consumers’ credit card data whenever they make a purchase online. Any individual or business that stores, processes or transmits payment card information needs to be PCI compliant. This includes small businesses, companies that only take payments over the phone, and even companies that use a third-party payment processing system, like PayPal.
When it comes to card payments, security is your customers top priority. According to Gartner predictions, businesses are set to make 2018 a record year when it comes to security spending. In its latest report, the analyst firm forecasted that security spending will top $96.3 billion in 2018 - an 8% increase on 2017, as companies aim to safeguard themselves against the growing cybersecurity threat landscape.
These investments in security come at a time when the importance of building customers’ trust and protecting your business against damaging leaks of confidential customer information is at an all time high. According to Verizon, 69% of consumers would be less inclined to do business with a breached organisation.
With customer experience increasingly becoming the new battleground, a breach in confidential information could result in one very unhappy customer. Becoming PCI compliant then is not only in the interest of complying with the law, but also in the interest of your brand and reputation. Negligence will put you at risk of heavy fines and potentially, a loss of business and customers.
Although the PCI DSS exists to ensure businesses are protecting sensitive data falling into the wrong hands, many businesses are still failing to protect their customer payment information, according to Verizon's 2017 Payment Security Report.
So what’s the solution?...
To understand the perfect solution, let’s take it back to basics. We know that PCI compliance exists to ensure that merchants provide the maximum security when processing customer payments or handling customer data. But what if the customer could make a payment online, or over the phone, without having to share any confidential information or bank details with the business? What if there was a way of withdrawing the need for merchants to process payments or handle customer data? In essence, what if it was possible for merchants to eliminate the need for ensuring PCI compliance altogether, yet continue to do business? Well now there is…
The RevoPCI solution from RevolutionCloud does exactly what it says on the tin. It’s a revolutionary, fully managed, proven and award-winning PCI-DSS cloud compliance solution. RevolutionCloud work with clients and partners who share the challenge of ensuring card payment transactions are processed in a complaint way.
De-scope internal networks
The best way to understand how the RevoPCI solution works is by thinking of it as a filter - a device that removes unwanted material. To illustrate this point, consider how a bleep censor in television and radio filters verbal profanity that broadcasts before the Watershed. By eliminating the offensive word, minors are not exposed to inappropriate language and therefore, the issue is bypassed.
In much the same way, RevoPCI removes the agent and call centre from scope by ensuring no card information is ever seen or heard by the agent/call recipient. Without interrupting, distorting or in anyway manipulating the phone conversation or call recording, the customer’s data is captured in the PCI appliance in the vendors cloud. This technique blocks the business from the card details and de-scopes the merchant from many of the requirements laid out in the Self-Assessment Questionnaire (SAQ). If a business is not handling customer data, nor directly processing payments, then there is no need for them to ensure PCI compliance.
This vision may be the most innovative thinking since, well since the invention of sliced bread. Knives are needed to cut bread - Knives are dangerous because they can cut you - Therefore, serve bread that doesn’t need to be cut. Agents process payments and handle customer data online or over the phone - businesses that process payments and handle customer data online or over the phone must ensure PCI compliance to prevent fraud - Therefore, remove agents and the call centre from scope. Simple in theory, yet strikingly effective in practice.
Save costs, save headaches
Using the RevoPCI solution ensures substantial cost savings and admin headaches. Usually, you would have to complete a self assessment questionnaire (SAQ). If you’re aware of what that is, you may have just recoiled into your skin. For those who are not aware, it essentially means you would have to complete an SAQ-D form, which is about 386 questions long. And you would have to do this every year...
With the RevoPCI solution, you would only need to complete a SAQ-A, which means only having to answer approximately 14 questions. Reducing the number of PCI controls required and simplifying the auditing and management, which is needed on an ongoing basis, is the answer to increased business efficiency and one far less intense admin headache.
If not managed properly, migrating from ISDN to SIP can be as seemingly arduous as becoming PCI-DSS compliant. However, the RevoPCI seamlessly merges future-proof SIP trunking technology with compliant, and resilient, payment card data security, providing two major benefits for businesses.
The advantages of RevoPCI are numerous. On top of the simplicity and value provided by SIP trunks over traditional telephone lines and the true compliance of PCI Pro, RevoPCI eliminates the costly expenditure of having a physical box installed on-site, offering an Opex-focused pricing model and greatly reducing the hassle of system setup. RevoPCI is one of the best options on the market for simple, cost-effective and complete compliance.
In IT, the cloud has typically been thought of as a place to store your business’ most valuable data. Data that you need to access everyday to ensure your business can continue operating. Rarely has the cloud been thought of as a place for your business to store data that you want hidden from you. Data that brings with it additional costs, admin headaches and legality issues.
That revolutionary thinking is the vision of RevolutionCloud. The RevoPCI solution from RevolutionCloud provides you with a scalable, flexible solution, with no equipment on-site and no need to re-route calls. By capturing the customers data in the cloud, your business is able to continue doing business without ever being liable for directly handling customer data or processing payments. RevoPCI ensures your business is PCI compliant by descoping your business and contact centre from PCI compliance checks. Unique? Yes. Unorthodox? Sure. Brilliant? Absolutely!