Semafone, the leading provider of compliance and data security solutions for contact centres, has achieved compliance with the latest Payment Card Industry Data Security Standard, PCI DSS V3.2. The certification was awarded on 16 August 2017, five months before the mandatory deadline in January 2018.

As data breaches and cyber threats continue to dominate headlines around the world, data security and risk reduction have become a top priority for all businesses so Semafone’s new PCI DSS certification has been well-received by its merchant customers and channel partners. The company has also retained its listing with Visa Europe as a Merchant Agent.

CEO Tim Critchley said “It’s about practising what you preach. Our customers are under a significant burden to prove they are compliant with PCI DSS, and part of this is being able to demonstrate that their service providers are also adhering to the requirements.

“Our own security team has gone above and beyond to achieve the certification earlier than the 2018 deadline, and in many cases have exceeded the assessment criteria. Customers can see that our actions are consistent with our words, and that we are dedicated to providing them with rigorous data security. We’re building trust through compliance.”

Bryan Scaife, managing consultant at NCC Group; the organisation responsible for granting the certification said “NCC Group is pleased to confirm that Semafone has successfully completed its PCI DSS assessment as a Level 1 Service Provider, for the 4th year running. This important assessment was undertaken to certify the company’s secure voice transaction solution for contact centres and merchants that accept cardholder not present payments via telephony using its Hosted, Customer Premises Equipment (CPE) & Platform based solution.”

Key changes to the data security standards within version 3.2 will see service providers required to deliver on nine new requirements, including:

• multi-factor authentication; the use of more controls than username and password combinations alone to protect sensitive data environments
• increased frequency of penetration testing; service providers must test IT systems every six months to detect potential data security vulnerabilities
• increased employee assessment; service providers must perform quarterly reviews to confirm that employees are following security policies and operational procedures

Gill Woodcock, senior director of certification programs for the PCI SSC, said in a recent blog that “all organisations should consider implementing these best practices into their environment as soon as possible, even if they are not required to validate to them. Don’t wait until your 2018 compliance assessment is on the horizon – if you haven’t starting planning for these controls then start now!”