TRENDING:

Inside New PCI Guidance

PCI Council on Protecting Stored Digital Card Data Tracy Kitten (FraudBlogger) • March 21, 2011     10 Minutes   
King says new guidance tackles data collected via call centers and other telephone communications.The New guidance issued from the PCI Security Standards Council for securing stored cardholder data collected via call centers and over-the-phone payments could not come at a better time.

PCI's "Protecting Telephone-Based Payment Card Data Information Supplement" provides actionable recommendations to merchants and service providers for securely processing payment card data over the telephone. Jeremy King, European regional director for the PCI Security Standards Council, says the new guidance addresses the same concerns posed by face-to-face and e-commerce payments. "As with all transactions, we have a standard saying, 'If you don't need it, don't store it.' And really that applies into this sector as well," he says.

What makes phone-based payments somewhat unique, and more vulnerable, King says, is the capture of storage of sensitive authentication data, such as the CVV or CVC code. "The voice recordings we classify as card-not-present transactions," King says. "That means, usually, in addition to the card number, the CVV code is given, and this is sensitive authentication data that does not need to be and should not be stored."

During this interview, King discusses:

  • Key points from the guidance for complying with the PCI Data Security Standard;
  • Why the storage of card data collected by call centers and other telephone-based systems is a concern;
  • Steps the payments industry is taking to balance compliance with local laws that require recording payment-card calls and PCI-DSS.

King is the European regional director for the PCI Security Standards Council, leading the SSC's efforts to increase adoption and awareness of PCI security standards in Europe. King's responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SCC managed standards in European markets, and driving educational efforts and council membership through involvement in local and regional events. He also serves as a resource for approved scanning vendors and qualified security assessors. Before joining the council, King was the vice president of the Payment System Integrity Group at MasterCard Worldwide, where he played an integral role in developing payment terminal and chip-card security programs. He also spent more than 14 years working in the United Kingdom semiconductor industry and has a strong background in emerging technologies, including contactless cards, encryption and mobile payments.

Previous
Special Report: The RSA Breach and its Impact
Next
RSA Breach: Customer's Perspective



Around the Network

Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.