Covid-19 Notice

Semafone is closely monitoring the global impact of the coronavirus and is taking all precautionary measures to protect our staff and to maintain operations. Read More

There is currently no impact on our business, and we have robust contingency plans in place to ensure the safety of our employees and continuity of our operations for all our customers should the virus spread at an increased rate. If you have any questions, please contact us at [email protected].

We have issued country specific guidance on travel to all employees and are monitoring threat levels and reissuing guidance accordingly. Our employees are fully equipped to work from home in all of our geographical locations and we will be keeping home working as the norm until risk levels have significantly declined.

Close

Menu

  • Solutions
    • Cardprotect by Semafone
      • Cardprotect Voice+ by Semafone
        • Cardprotect for Cloud
        • Semafone Speech Recognition
        • Semafone Scout+ System Monitoring
        • Implementing Cardprotect Voice+
      • Cardprotect Relay+
    • Intelligence+
    • Bankprotect
    • Personalprotect
    • Secured by Semafone
    • Our Technology
  • About Us
    • Management Team
    • Board of Directors
    • Awards & Recognition
    • Certifications
    • Media Center
      • Featured News
      • Events
      • Press Releases
    • Partners
      • Partner Finder
      • Technology Partnerships
      • Partner Program
      • Apply to Become a Semafone Partner
    • Careers
  • Customers
  • Compliance & Regulation
    • PCI DSS
    • EU GDPR
  • Blog
  • Resource Center
    • Infographics
    • Solution Briefs
    • Videos
    • Webinars
    • White Papers
  • Contact
    • Contact us now
    • Office Locations
      • Guildford – Head Office
      • Canberra – Australian Office
    • Contact Customer Support
Semafone
  • Schedule a Demo Now
  • Semafone Portal
  • Menu
  • Search
  • US
  • GB
  • Solutions
    • Cardprotect by Semafone
      • Cardprotect Voice+ by Semafone
        • Cardprotect for Cloud
        • Semafone Speech Recognition
        • Semafone Scout+ System Monitoring
        • Implementing Cardprotect Voice+
      • Cardprotect Relay+
    • Intelligence+
    • Bankprotect
    • Personalprotect
    • Secured by Semafone
    • Our Technology
  • About Us
    • Management Team
    • Board of Directors
    • Awards & Recognition
    • Certifications
    • Media Center
      • Featured News
      • Events
      • Press Releases
    • Partners
      • Partner Finder
      • Technology Partnerships
      • Partner Program
      • Apply to Become a Semafone Partner
    • Careers
  • Customers
  • Compliance & Regulation
    • PCI DSS
    • EU GDPR
  • Blog
  • Resource Center
    • Infographics
    • Solution Briefs
    • Videos
    • Webinars
    • White Papers
  • Contact
    • Contact us now
    • Office Locations
      • Guildford – Head Office
      • Canberra – Australian Office
    • Contact Customer Support

How can we help?

diamond-grad

Semafone Blog

PCI DSS Compliance for Retailers: What You Need to Know

By Aaron Lumnah, Senior Manager Marketing Demand Generation

The rise of omnichannel retail in recent years means that retailers and merchants of all sizes must now be prepared to meet their customers wherever they are – whether it’s in their store, on the phone, or in any number of digital channels such as their website, mobile app, social media account, web chat or text message. Operating in any and all channels can potentially add a new layer of complication for retailers when it comes to maintaining strong data security and regulatory compliance, while still delivering a unified and positive customer experience. However, becoming an omnichannel retailer is no reason to sacrifice security, compliance or usability. With the right technologies and strategy, retailers can succeed at all three.

> Download Now: PCI DSS Compliance Checklist for Call & Contact Centers

What is PCI DSS?

 The Payment Card Industry Data Security Standard (PCI DSS) is a set of guidelines for payments processors, retailers, merchants and any business that accepts, processes, stores or transmits payment card data. The guidelines are designed to help keep consumers’ sensitive data safe and secure from theft, breaches and abuse. It is a global security standard and governs every aspect of a business that directly or indirectly touches payment card data including back-office processes, point-of-sale (POS) hardware and software solutions, as well as all phone-based and digital channels that a business operates in.

Under the latest PCI DSS standards, retailers and other businesses that interact with payment card data must:

  • Build and maintain a secure network and systems, including firewalls to protect cardholder data
  • Protect cardholder data when stored and in transit, such as by using encryption techniques
  • Maintain a vulnerability management program, including keeping all systems applications protected against malware
  • Implement strong access control measures, including restricting physical and digital access through authentication and “need to know” measures
  • Regularly monitor and test networks, security systems and processes
  • Maintain an information security policy that addresses data security requirements for all personnel.

Although the PCI DSS is generally accepted around the globe as the benchmark for protecting payment card data, it is technically an industry standard and not a regulatory requirement. As such, the PCI Security Standards Council does not have the authority to assign fines for non-compliance. However, the five major global payment card networks (Visa, MasterCard, American Express, JCB International and Discover) can hand down fines ranging from $5,000 to $100,000 per month to the acquiring banks that are responsible for processing a retailer’s payments. The acquiring bank, in turn, typically passes those penalties along to the non-compliant retailer in the form of higher transaction fees and service charges. If the retailer continues to fall short of compliance, their ability to accept credit cards at all may be revoked.

PCI DSS Compliance is Falling… Even Though Security Risks Are Increasing

 Achieving compliance with PCI DSS can be complicated and costly, which is perhaps why the number of businesses that are able to achieve full compliance keeps dropping. According to Verizon’s most recent Payment Security Report, only slightly more than a quarter of businesses were fully PCI DSS compliant in 2020, and compliance has been steadily decreasing every year since 2016.

This is concerning news during a time when cybersecurity attacks, phishing attempts and digital credit card skimming attacks targeting retailers have all increased. The COVID-19 pandemic caused consumers’ use of digital and phone channels to grow exponentially, but if retailers are not keeping customer data secure as they make purchases through these channels, they risk suffering a data breach that could be potentially devastating for their brand reputation. In a survey of 6,000 consumers, a full 69 percent said they would avoid doing business with a company that had suffered a data breach, even if it offered a better deal than competitors.

Download Now: PCI DSS Compliance Checklist

Making PCI DSS Compliance Easier

 Fortunately, it doesn’t need to be difficult or costly for omnichannel retailers to achieve PCI DSS compliance across all their channels and purchasing processes. One of the most effective ways to simplify PCI DSS compliance is through de-scoping technologies that keep cardholder data out of the retailer’s network systems, applications and business infrastructure in the first place. Semafone’s Cardprotect Voice+ and Cardprotect Relay+ provide a simple and cost-effective way to reduce the burden of compliance while creating a frictionless customer experience across all channels.

Using dual-tone multi-frequency (DTMF) masking technology, Cardprotect Voice+ enables retailers to take payments over the phone, without ever touching, processing or storing the payment card data itself. Cardprotect Voice+ segregates and encrypts the sensitive payment data and routes it directly to the payment processor – keeping it out of the retailer’s network infrastructure, CRM systems and other applications. Similarly, Cardprotect Relay+ enables retailers to conveniently accept payments through any digital channel and securely route it directly to the payment processors, so that the data never touches the retailer’s network systems or applications.

By keeping sensitive payment card data out of the business infrastructure in the first place, Cardprotect Voice+ and Cardprotect Relay+ reduce the scope of compliance for retailers – significantly decreasing both the cost and complexity of meeting and maintaining compliance with PCI DSS. At the same time, both solutions provide a simple, seamless and satisfying customer experience across all touchpoints. Best of all, they minimize the retailer’s risk of suffering a data breach or being the target of a cyberattack because the retailer is no longer holding or transmitting highly sought-after payment card data.

To learn more about how Cardprotect Voice+ and Cardprotect Relay+ help descope retail environments and streamline PCI DSS compliance, view this video.

April 1, 2021
Aaron Lumnah
PCI DSS Compliance for Retailers: What You Need to Know
Semafone
feedback

Did you find this article useful? Leave Feedback →


    1. Very Unsatisfied2. Unsatisfied3. Neutral4. Satisfied5. Very Satisfied




    About Semafone

    Securing Data, Protecting Reputations

    Semafone provides simple, fast, cost-effective PCI DSS compliance and data security for your call or contact center
    all
    Next
    SemafoneBlogPCI DSS Compliance for Retailers: What You Need to Know

    US Office

    Semafone Inc.
    444 E 3rd St.
    PO Box #462
    Boston, MA
    02127
    USA

    Contact

    • T: +1 888-736-2366
    • E: [email protected]
    • Map / Directions

    Information

    • Terms of Use
    • Privacy
    • Cookies
    • US
    • GB

    Connect

    • Facebook
    • Twitter
    • LinkedIn

    Recent Awards

    PCI London Awards for Excellence 2020

    © 2021 Semafone. All Rights Reserved
    Designed & Built by Courts Design

    Back to Top
    Semafone
    Semafone