News
23rd May 2016 by GCI

Level 1 PCI DSS Service Provider for Voice

Leading UK Managed Services Provider GCI today announces its certification as a Level 1 PCI DSS Service Provider for Voice, the highest possible standard within PCI DSS. The certification, which follows substantial investment, sees GCI as fully PCI DSS compliant and enables the organisation to provide an enhanced fast-track service for Contact Centres taking card payments over the telephone by reducing the compliance controls by 98% from 354 to only five.

 

Commenting on the achievement Brad Semp, Director of PCI at GCI stated, “We believe there is a huge gap in the market for PCI as a Service. We anticipated this day and have worked tirelessly to build the capability, and achieve the certification, to enable GCI to catch the moment. It has been a long haul and our announcement today is the result of the combined effort of many across our organisation. Our solution solves a critical business obligation for any organisation looking to take card payments by telephone, namely – how do you achieve PCI DSS compliance quickly, cost effectively, robustly and without huge disruption to your organisation before new legislation comes into force… legislation which also heralds the very real risk of huge fines for non-compliance.”

Brad Semp continued, “For any organisation to achieve Level 1 accreditation for PCI DSS is no mean feat in itself. But, for a Managed Service Provider to achieve the certification is a rare event involving substantial investment and the tenacity to overcome many obstacles. The competitive landscape is mostly made up of IVR (Interactive Voice Response) providers – and some good ones at that. Some of these IVR providers also offer wholesale voice and data, but the key point is that few (if any) could reasonably describe themselves as a fully-fledged Managed Service Provider. So, GCI’s solution delivered ‘as a Service’ from within our own 24/7 monitored network and our own data centre infrastructure is a completely different proposition – providing versatility, dual platform resilience, a complete and fully monitored end-to-end delivery infrastructure, and the assurance borne of considerable learning over many years. Collectively, and in basic terms, this enables GCI to deploy versatile PCI DSS solutions to virtually any customer environment… and that’s a key differentiator.”

Adrian Thirkill, CEO at GCI added, “This achievement is a significant milestone. To add a sense of perspective, GCI’s solution removes the risk of fines that could literally run into millions of pounds. A recent report cited the average cost of a single payment card breach as £105. To put this into context, if you were a Contact Centre relying on humans and systems to securely process 500,000 card transactions, then the estimated cost to the business in the event of a breach could be in the region of £50 million. So, simply put, with new legislation just over the horizon all business leaders might just want to take a moment to ask themselves one basic question – could the organisation recover from such a fine?”

Adrian Thirkill continued, “But it’s not just about the fine, it’s also about the lasting reputational damage. Studies have shown that approximately 34% of customers never return to an organisation shrouded in bad press following ‘association’ with a security breach. So it’s not just about finding a PCI DSS solution, it’s about finding the right solution and the right partner with the right accreditation.”

Jim Seaman, Security Consultants Team Lead at Nettitude, a global leader in the delivery of cyber security testing, risk management, compliance and incident response services added, “Having recognised the importance and difficulty of achieving and maintaining PCI DSS compliance, GCI has clearly demonstrated that they have taken this challenge seriously. Having engaged Qualified Security Assessor (QSA) support from Nettitude, it was evident during their in-depth assessment that GCI has fully embraced the benchmark criteria (an uncompromising 7-stage methodology) and in doing so developed an exacting and methodical approach to their project planning. Consequently their Dual-Tone Multi-Frequency (DTMF) payment platform has been designed to achieve and exceed the requirements of PCI DSS 3.1.”

Andrew Bowring of the Gas Safe Register added, “We have been a customer of GCI for almost 4 years and have engaged a number of GCI’s hosted telephony applications. More recently we have utilised GCI’s support and guidance for PCI services, including the latest iteration of their platform. Through this, we have reduced agent talk times by up to 40%. So, in simple terms we have not only de-scoped our call centre from PCI DSS controls, but we have the additional benefit of improved operational efficiency too, which is great.”

John Wood, Director at C3 commented, “The flexibility and scalability of this system allows GCI to support their clients in responding to legislative and market changes. This includes the new PCI DSS regulations which come into force from October 2016. C3 is delighted to be involved in this project and help by providing the virtualised software solution alongside policy and support services to help maintain compliance. This has been a truly collaborative effort and the melding of C3 and GCI experience and expertise has without question delivered a solution that is second to none. One final point, and that’s about speed of deployment. With other so called PCI DSS solutions (from DIY upwards) taking months and in some cases years to deploy, GCI’s PCI as a Service proposition reduces the controls from 354 to only 5 and can significantly reduce the implementation timescale. This is disruptive, timely and a great solution ahead of new legislation. Furthermore, the fact that GCI run dual platforms from within their own network infrastructure provides ‘belt-and-braces’ business continuity assurance. It’s another nice differentiator… and a further reason that GCI will be one to watch in the months ahead.”

Related Videos