By Aaron Lumnah, Senior Manager Marketing Demand Generation
When you are handling sensitive and confidential customer information, you need to be confident that the security technology providers you work with are credible and have attained all the appropriate industry certifications.
That’s especially true when it comes to managing customer payments in a secure and PCI DSS compliant way. Quite literally, the reputation of your business is on the line because the potential for damage extends well beyond simple data loss alone; your company could face litigation, fines and considerable market loss as customers vote with their feet and go elsewhere.
Here at Semafone, we know our status as a trusted security provider of data security and multi-channel compliance solutions for call and contact centres is built on achieving globally recognised credentials that attest to the security and compliance of our architectures, operational approaches, and procedures.
As well as demonstrating the completeness of our capabilities, these hard-won certifications are an important third-party validation of our status as a service provider that is fully cognizant of, and compliant with, the highest possible security standards.
Let’s take a look at some of the most critical industry certifications we hold.
PCI DSS Level 1 Service Provider
One of the few contact centre security solution providers to offer this level of certification, we have achieved the Payment Card Industry Security Standards Council’s PCI DSS Level 1 Service Provider Status for seven years in a row. Proof positive of our credibility and commitment to the security of the clients we serve.
Some time ago, we took the decision to go above and beyond the standard PCI DSS compliance approach. For this reason, we built our flagship Cardprotect Voice+ to comply with the additional rigorous requirements of the PA-DSS (Payment Application Data Security Standard), which focuses on the payment application itself. This means that not only is Cardprotect Voice+ subject to extensive source code reviews, installation and deployment testing. It also undergoes a stringent assessment process that covers secure development requirements, secure authentication methods, secure remote access, and the encryption of sensitive internet traffic. As part of this process, our solution is put through a formal assessment by a Qualified Security Assessor (PA-QSA) and their penetration testing team, as well as by the PCI SSC assessor quality management (AQM) team.
This certification is particularly close to our hearts because it gives customers a clear assurance that we will continually maintain our solution against evolving cyber threats to ensure we reduce risk for users.
This gold-standard internationally recognised information security certification demonstrates to to the outside world that a vendor can be trusted with customer data. Having held the ISO 27001 standard for over six years now, our ISO 27001 provides confirmation that we have systemised risk controls and industry best practices in place that both increase the reliability of our systems, and limit the impact of any disruptions.
Mastercard SDP (Site Data Protection and PCI) Compliant Registered Service Provider
Providing testament to our commitment to data security, in order to qualify for inclusion on the Mastercard list of Compliant Registered Service Providers, Semafone had to fulfill a rigorous set of criteria and demonstrate PCI DSS compliance by working with Qualified Security Assessors (QSAs) and submitting a signed Attestation of Compliance (AOC).
The Visa Global Registry of Service Providers
The designated source for information on registered and compliant providers of payment-related services to Visa clients and merchants, our membership of Visa’s global registry proves we’re qualified to secure the promise of enabling a trusted payment system that protects cardholder data.
UK Cyber Essentials Framework
The UK Cyber Essentials certification scheme requires us to demonstrate that we have the appropriate technical and IT infrastructure controls in place to guard against the vast majority of common cyber-attacks. Overseen by the National Cyber Security Centre (NCSC), achieving the UK Cyber Essentials certification illustrates that we take cyber security seriously and are dedicated to keeping pace with today’s ever-changing cyber security landscape.
Continuing to Strive for Excellence
As a global organisation that is committed to securing the world’s personal data and protecting the reputations of brands, Semafone believes that these industry certifications don’t just validate our professional capabilities, outlook and code of conduct with regard to data security and PCI DSS compliance management—they also provide assurance that the security of our clients and their customers is a top priority that’s quite literally enshrined at the heart of everything we do.