- Security TWENTY Home
- Women in Security Awards
A provider of compliance and data security software for contact centres reports achieving compliance with the latest Payment Card Industry Data Security Standard, PCI DSS V3.2. The certification was awarded on August 16, months before the mandatory deadline of January 31, 2018.
Semafone has also retained its listing with Visa Europe as a Merchant Agent. Semafone CEO Tim Critchley said “It’s about practising what you preach. Our customers are under a significant burden to prove they are compliant with PCI DSS, and part of this is being able to demonstrate that their service providers are also adhering to the requirements. Our own security team has gone above and beyond to achieve the certification earlier than the 2018 deadline, and in many cases have exceeded the assessment criteria. Customers can see that our actions are consistent with our words, and that we are dedicated to providing them with rigorous data security. We’re building trust through compliance.”
NCC Group granted the certification. Bryan Scaife, managing consultant at NCC said “NCC Group is pleased to confirm that Semafone has successfully completed its PCI DSS assessment as a Level 1 Service Provider, for the 4th year running. This important assessment was undertaken to certify the company’s secure voice transaction solution for contact centres and merchants that accept cardholder not present payments via telephony using its Hosted, Customer Premises Equipment (CPE) and Platform based solution.”
Changes to the data security standards within version 3.2 will see service providers required to deliver on among other things: multi-factor authentication; the use of more controls than user name and password combinations alone to protect sensitive data; more frequent penetration testing; service providers must test IT systems every six months to detect potential data security vulnerabilities; more employee assessment; and quarterly reviews to confirm that employees are following security policies and operational procedures.