Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


White Paper takes a look into card payments taken over the telephone, industry requirements and the merchant’s responsibilities

Encoded, a provider of secure automated payment solutions has published an easy to read white paper on the responsibilities of organisations and their contact centres when taking credit and debit card payments by telephone.  The paper covers the requirements of the Payment Card Industry Data Security Standard (PCI DSS), the real threats, payment products available to organisations, who is ultimately responsible for the loss of card data and the future of card payments.

Robert Crutchington, director of Encoded and main author of the white paper said, “Currently there is no equivalent to Chip & PIN or 3D secure for payments made over the telephone.  It is seen as the Achilles heel of the industry and fraudsters will use automated phone systems to test recently stolen cards with small transactions to identify active cards prior to making larger purchases.  Organisations or merchants, as they are known in the payments industry, have a duty of care to their customers to ensure that card details are not misused, lost or stolen.  This paper outlines the risks, PCI DSS requirements and myths facing merchants’ contact centres accepting card payments.”

Rob Crutchington
Rob Crutchington

Contributors to the white paper include Matthew Tyler, co-founder and chief executive of Blackfoot UK a leading information security, risk and compliance consultancy which provides Qualified Security Assessors (QSAs) to establish an organisation’s level of PCI DSS compliance.  Matthew said, “There is often confusion around what PCI compliance involves.  For example there is no such thing as a compliant solution, only companies and other legal entities can be described as PCI DSS compliant. Merchants can be mislead into thinking that buying an incorrectly named PCI compliant solution will protect them in the event of security breach – this most definitely isn’t the case.  This white paper explains in clear language what organisations accepting telephone payments need to know.”

The white paper includes a section entitled “Four things you probably don’t know about PCI DSS” covering where responsibility lies, who in the payment chain will get fined and by whom, there is no such thing as a PCI DSS compliant solution and the significance of the VISA Merchant Agent List.