Rob Crutchington discussing telephone card payments and PCI DSS compliance - Global Banking & Finance Review — Rob Crutchington, director of Encoded, highlights key insights on telephone card payments and PCI DSS compliance in the new white paper. This image emphasizes the importance of security in finance.

Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Finance

NEW WHITE PAPER FROM ENCODED ON TELEPHONE CARD PAYMENTS AND PCI DSS

Published by Gbaf News

Posted on July 29, 2014

3 min read

· Last updated: March 6, 2019

Add as preferred source on Google

Finance fintech Digital banking compliance risk management

Overview of Telephone Card Payments

White Paper takes a look into card payments taken over the telephone, industry requirements and the merchant’s responsibilities

Encoded’s Latest White Paper Highlights

Encoded, a provider of secure automated payment solutions has published an easy to read white paper on the responsibilities of organisations and their contact centres when taking credit and debit card payments by telephone. The paper covers the requirements of the Payment Card Industry Data Security Standard (PCI DSS), the real threats, payment products available to organisations, who is ultimately responsible for the loss of card data and the future of card payments.

Current Challenges in Telephone Payments

Robert Crutchington, director of Encoded and main author of the white paper said, “Currently there is no equivalent to Chip & PIN or 3D secure for payments made over the telephone. It is seen as the Achilles heel of the industry and fraudsters will use automated phone systems to test recently stolen cards with small transactions to identify active cards prior to making larger purchases. Organisations or merchants, as they are known in the payments industry, have a duty of care to their customers to ensure that card details are not misused, lost or stolen. This paper outlines the risks, PCI DSS requirements and myths facing merchants’ contact centres accepting card payments.”

Rob Crutchington

Expert Contributions and Industry Insights

Contributors to the white paper include Matthew Tyler, co-founder and chief executive of Blackfoot UK a leading information security, risk and compliance consultancy which provides Qualified Security Assessors (QSAs) to establish an organisation’s level of PCI DSS compliance. Matthew said, “There is often confusion around what PCI compliance involves. For example there is no such thing as a compliant solution, only companies and other legal entities can be described as PCI DSS compliant. Merchants can be mislead into thinking that buying an incorrectly named PCI compliant solution will protect them in the event of security breach – this most definitely isn’t the case. This white paper explains in clear language what organisations accepting telephone payments need to know.”

Key PCI DSS Facts from the White Paper

The white paper includes a section entitled “Four things you probably don’t know about PCI DSS” covering where responsibility lies, who in the payment chain will get fined and by whom, there is no such thing as a PCI DSS compliant solution and the significance of the VISA Merchant Agent List.

Key Takeaways

Phone-based card payments remain a high-risk vector lacking equivalent security measures to Chip & PIN or 3D Secure, making them an ‘Achilles heel’ for fraud prevention.
Only legal entities—not software or solutions—can be PCI DSS compliant; merchants must ensure their contact centres also maintain compliance.
The white paper debunks misconceptions, including that compliant solutions exist and clarifies liability—particularly around the VISA Merchant Agent List.
Fraudsters exploit phone channels by testing stolen cards through automated systems; organisations have a duty of care to prevent such misuse.

References

Frequently Asked Questions

What is the biggest security gap in telephone-based card payments?

There’s currently no equivalent of Chip & PIN or 3D Secure for phone payments, making them vulnerable to fraudsters testing stolen cards via automated calls.

Can a payment product be described as PCI DSS compliant?

No — compliance applies only to companies or legal entities; solution providers cannot be PCI DSS compliant in themselves.

Who bears responsibility for card data loss in telephone payments?

Merchants and their contact centres hold ultimate responsibility, even when using third‑party providers; the paper clarifies liability in the payment chain.

More from Finance

Explore more articles in the Finance category

WHO reports six confirmed hantavirus cases tied to Spain-bound cruise

Russia holds scaled-back WW2 victory parade as worries over war in Ukraine deepen

Colombia urges Glencore to discuss Cerrejon coal mine closure with local authorities

India orders antitrust probe into liquor giant Pernod's dealing with retailers

Apple, Intel have reached preliminary chip-making deal, WSJ reports

Analysis-A divided kingdom: pro-independence parties surge across Britain

US says it will revert to higher tariffs on EU goods if Brussels misses July 4 deadline

UK watchdog says car finance legal challenge hearing unlikely before October

Denmark's coalition talks break down in setback for prime minister Frederiksen

Bank of England's Bailey sees 'wrestle' with US on stablecoin regulation

Recognition for Fastest Growing Wealth Management Software Solution Provider 2026

Fastest Growing Virtual Office Assistant Outsourcing Company 2026—Call for Entries

View All Finance Posts

NEW WHITE PAPER FROM ENCODED ON TELEPHONE CARD PAYMENTS AND PCI DSS

Overview of Telephone Card Payments

Encoded’s Latest White Paper Highlights

Current Challenges in Telephone Payments

Expert Contributions and Industry Insights

Key PCI DSS Facts from the White Paper

Key Takeaways

References

Frequently Asked Questions

Tags

Related Articles

UK deploys warship to Middle East with eye on potential Hormuz mission

Magyar sworn in as Hungary's prime minister on promises of change

Magyar sworn in as Hungary's prime minister

Putin tells Fico: Russia will meet Slovakia's energy demand

Germany, France, Belgium, Ireland, Netherlands to send planes for passengers on hantavirus-hit cruise ship

UK PM Starmer names former PM Gordon Brown as special envoy on global finance

More from Finance