Stenocall PCI Compliance Certification
Stenocall Call Center is Level 1 PCI Compliant!
This Attestation of Compliance (PDF) is your assurance that Stenocall can securely handle your credit card orders without subjecting you to data breaches, non-compliance penalties, or your auditor's frowns.
But if you don't want to read all 10 pages of it, here's the really important part (top of p. 8) - Click below for a larger image:
PCI Compliance - Here's what you need to know:
- If you take phone orders with credit cards, you need a PCI compliant call center.
- The credit card industry is ramping up enforcement of these standards.
- If not compliant, you could lose your credit card processing and/or be assessed fines.
- Your auditors are going to be pestering you about this. If not already, then very soon.
- Some outfits fill out a questionnaire to be compliant (Levels 2 through 4). You never know if they really are.
- Stenocall is independently certified PCI compliant -- i.e., Level 1, the highest level. This gives you true peace of mind.
Why is Outside Certification Important?
There are four validation levels for PCI compliance. Stenocall qualifies at Validation Level 1 -- the highest level. Levels 2 through 4 fill out a self-assessment questionnaire, but Level 1 has a qualified outside auditor come in to actually look at the systems and operations.
Obviously, even better than a PCI compliant call center is a PCI certified compliant call center. Yes, we could have filled out a self-assessment to meet the PCI requirements. Many smaller firms do, but then you don't know if they fully understood the requirements, or "fudged" on them.
We've seen someone say, for instance, that they just installed a new firewall, and that made them compliant. Far from it! See Common PCI Myths (PDF). There are 12 major requirements, consisting of nearly 300 separate rules, many of which are ongoing procedures and network tests for "hacker resistance."
So we felt it was important to our clients to take the extra step (and cost) to have our network, software, and procedures audited by an independent Qualified Security Assessor (QSA). This leaves no question that the requirements are met.
So Stenocall is not merely PCI Compliant; we are certified PCI Compliant.
What PCI Compliance means to you
You hear it on the news almost every week it seems -- some company has been hacked and thousands of credit card numbers stolen. In response to this problem, the Payment Card Industry (PCI) has established Data Security Standards (DSS) which vendors and outsourcers must meet in order to process credit and debit cards, or face stiff penalties -- monetary fines, or even a cutoff of credit card processing.
So if you take orders with credit cards, you need a PCI compliant call center. Their rules say this applies even if the credit cards are only stored on your own computers. Because the card numbers go through the call center's network and computers, the call center needs to be PCI compliant also.
Responsibility on Both Ends
Be aware that if you store, process, or transmit credit card data in your own system, then you need to be PCI compliant also. For instance, for those clients where we capture the data on our systems, we transmit all credit card data to you encrypted. (Not only encrypted in transit, but the file is still encrypted after you receive it.) At the point where you decrypt this file, the computer(s) on which this is done and stored need to be compliant.
