Dolphin and Syntec have formed a strategic partnership that will help solve PCI DSS compliance issues for travel companies’ call centres and home workers
Payment Card data protection is ‘the next big regulatory thing’ to hit travel companies, warn Dolphin Dynamics and Syntec Telecom as they launch a new technology partnership to tackle the problem.
Dolphin and Syntec have formed a strategic partnership that will help solve PCI DSS compliance issues for travel companies’ call centres and home workers - in particular where calls and customer data are recorded for quality control or CRM purposes and credit/debit card payments are being made.
“For all organisations, both large and small, PCI DSS compliance is starting to be required as a condition of their merchant licence” warns Roberto Da Re, CEO of travel booking and information company Dolphin Dynamics. “Not only is your company exposed to fraud if you are not, but with Credit Card companies starting to introduce extra charges if you are not compliant, it is vital to start addressing this issue now”.
Simon Beeching, newly-appointed Director of the telecommunication innovation company Syntec Ltd, commented “We are delighted to be working with Dolphin on PCI solutions for the travel industry - in particular to help companies take their call centres out of the scope of PCI compliance audits by providing ready-compliant technology solutions for them”.
Background:
The Payment Card Industry (PCI) Data Security Standard (DSS) is designed to keep contact centres and mail order/telephone order payment by credit/debit/charge cards secure and to reduce fraud.
PCI DSS applies to every acquiring bank, merchant and third party that accepts or processes payment cards. Merchants and service providers are now required to certify to their acquiring banks that they are compliant.
The aim is to protect any information that could be used to make a counterfeit card or a fraudulent online transaction falling into the wrong hands. This includes the card number, the expiry date, PIN, CVV numbers, plus details used in online transactions such as password, email address and name.
Particular stipulations and recommendations include:
1. It is a violation to store sensitive card data after authentication without proper protection, including in call recordings - and in particular it is prohibited to store the CVV/CV2 number at all (the shorter number on the back or front of the card).
2. Where it is necessary to record calls (for quality control or regulatory purposes), appropriate technology must be introduced to prevent the recording of these elements.
3. Personal Account Numbers (PAN, or the long card number) must not be held in a manner accessible to others and should be masked in part when displayed (e.g. last 4 numbers only).
4. Encryption should be used when storing or transmitting sensitive data, including the need to avoid using unencrypted VoIP telephone systems
5. Home workers should be supervised in particular, to ensure that they too are not inadvertently receiving or storing sensitive client data in a manner which breaches the requirements - including writing client card details and authentication numbers down, or storing them on unencrypted or removable media such as USB sticks.
Integrated Dolphin/Syntec Solutions
As a cornerstone of their partnership, Dolphin and Syntec are integrating each others’ technologies, to provide clients with end-to-end solutions to meet PCI compliance requirements for their call centre agents and home workers, including:
1. An extension to Dolphin’s payment processing functionality allowing for seamless capture of the Card number and authorisation number (CVV/CV2) without the individual agent having access to this information.
2. Call Recording in a fully PCI- c
This translates into increased flexibility including the use of home workers, thus representing big annual cost savings by removing the call centre part of clients’ operations from audit scope.