Content Guru has recently achieved Level 1 Compliance under the PCI DSS, the highest level of security recognised by the global forum of card brands, the PCI Security Standards Council.
The company previously had self-certified PCI compliance but sought Level 1 Compliance due to the increased volume of transactions passing through storm, its cloud-based service delivery platform that offers payment solutions, virtual contact centre infrastructure and other multichannel services.
Service providers who process less than 30,000 Visa transactions a year complete an annual self-assessment questionnaire to gain Level 2 Compliance. However, once they exceed this number they must attain Level 1 Compliance by undergoing an external, independent assessment of their entire data handling framework, from firewall configurations to company policy on mobile devices.
Content Guru's Level 1 Compliance certification pertains to LOCK and PADLOCK, storm services that allow customers to pay securely by typing in their card details over a phone keypad.
The Payment Card Industry’s Data Security Standard (PCI-DSS) is the first line of defence against the theft of stolen debit and credit card details which, according to the UK Fraud Prevention Service (CIFAS), increased 82% in the first four months of 2012 versus the same period of the year before.
The PCI-DSS applies to all card-based payment channels, including retail payments made in store, as well as via mail order, telephone order and over the internet through a computer or a dedicated smartphone app.
According to leading IT analysts Gartner, mobile payment (m-payment) is expected to see high growth through 2016, with transaction value and volume both averaging 42% annual growth from 2011 to 2016. However, a recent study of 2,000 consumers conducted by US research consultancy Market Strategies International found that more than 6 out of 10 are concerned that mobile payment solutions could jeopardise their financial and personal security.
While the majority of card fraud is carried out over the internet, CIFAS noted that in 2011 the proportion of card data misuse that was perpetrated over the telephone grew by almost a third on the previous year.
“Security standards like the PCI-DSS play a crucial role in reassuring consumers that payment channels are safe for them to use,” said Sean Taylor, Director of Content Guru. “Accreditation is therefore key for businesses that want to introduce multi-channel offerings in order to boost customer engagement and capitalise on the potential for impulse purchases.”
Taylor added, “While cloud services are gaining increased acceptance, some companies are still reluctant to outsource the responsibility for payments to a third party. The PCI-DSS is one of the only standards that truly gives companies the assurance that the cloud can be just as secure as an on-premise solution – indeed, more secure, thanks to the carrier-class data centres in which true cloud platforms are situated.”
PCI Level 1 Compliance adds to the other accreditations already received by Content Guru and its sister company Redwood Technologies, including ISO 27001, the global industry standard for security and data protection. TickIT and ISO 9001 accreditations also reflect the stringent quality control standards enforced by both companies in their development of hardware and software.
Commenting on the recognition of Level 1 Compliance, Matthew Chadd, Security Manager at Content Guru, said, “We are proud we completed our PCI accreditation within five months of application, when most organisations take a year or more. Especially as, in many ways, achieving PCI compliance was harder to achieve than ISO 27001. The conditions that have to be met are more exacting and in this respect it was encouraging that we already had a robust security framework in place, which allowed us to gain accreditation so quickly.”