Semafone sets industry standard with highest level of payment card data security: Payment Application Data Security Standard (PA-DSS) certification

Semafone, the leading provider of data security and compliance solutions for call and contact centres, today announced that its flagship solution, Cardprotect (version 4), is now validated by the Payment Card Industry Security Standards Council (PCI SSC) against the latest version of the Payment Application Data Security Standard (PA-DSS).

This achievement makes Semafone one of the only call and contact centre payment security solutions in the industry to provide this level of certification.

Data security is one of the most important considerations for any company that has a call or contact centre that takes and handles payment card transactions. Payment card data breaches, fraud and theft have become pervasive issues, and for most organisations, it’s no longer a question of if they will be breached, but when. The Ponemon Institute’s 2018 Cost of a Data Breach Study found that the average global probability of a material breach occurring in the next 24 months is 27.9 percent, an increase over previous years. At the same time, the average total cost of a data breach is $3.86 million. Working with a service provider that can ensure the highest level of payment card data security is the only option for businesses wanting to protect their customers and reduce the risk of a potentially reputation-damaging data breach.

Semafone has gone above and beyond the PCI DSS sampling approach, and has built Cardprotect under the additional, rigorous standards of the PA-DSS, which focus on the payment application itself. With PA-DSS certification, Cardprotect is subject to extensive source code review, testing of the installation and deployment of the payment application and comprehensive penetration testing. This stringent assessment process includes secure development requirements, secure authentication, secure remote access and encrypting sensitive internet traffic, a formal assessment by a Qualified Security Assessor (PA-QSA) and their penetration testing team, and validation by the PCI SSC assessor quality management (AQM) team.

“We are pleased to be able to provide our expert guidance to support Semafone in their bid to help protect customers when making payments,” says Bryan Scaife, Managing Consultant, NCC Group. “Semafone’s PA-DSS certification provides assurance of investment in the continuous maintenance against cyber threats, which helps to reduce the risk for end users.”

In addition to PA-DSS certification and being a Level 1 PCI DSS Service Provider, Semafone is also certified for ISO27001 and is a Level 1 Visa Listed Merchant Agent, making the company the only software vendor to hold all four certifications, offering both on-premise and cloud solutions for securing telephone payments.

Key benefits of these critical certifications include:

• Level 1 PCI DSS Service Provider: Semafone is a PCI DSS Level 1 service provider, which is achieved following a successful audit with a QSA, and can be used by all merchants processing credit card transactions, including those handling over 6 million transactions per year.
• PA-DSS: PA-DSS is a rigorous framework and assessment of Semafone’s payment application software. The certification process includes stringent penetration testing and procedures, controls, and more – ensuring Semafone provides the highest level of customer data protection.
• Level 1 Visa Merchant Agent: Semafone has been a Level 1 Visa Merchant Agent in Europe for many years, which requires submitting a report on compliance (RoC) to Visa, who then conduct a vigilant audit to ensure continuous service provider compliance.
• ISO27001: The international standard for information security certification that customers look to for assurance that a vendor can be trusted with customer data. Having held ISO27001 certification for almost five years, Semafone has consistently maintained the industry’s seal of approval.

“Semafone has been PA-DSS certified since 2012, which demonstrates our consistent commitment to achieving the highest possible standards in payment data security. By consistently obtaining a PA-DSS certification, we’re providing an unmatched level of security and peace of mind, not only for our direct customers but also for our partners,” said Gary E. Barnett, CEO of Semafone. “PA-DSS certification is a requirement for any maker, developer and integrator of payment applications that use credit card information for payment authorisation and settlement, and that are sold, distributed or licensed to third parties. We are literally saving our payment application partners valuable time and costs that would otherwise have gone towards achieving the certification themselves. For our customers, they can rest assured that by selecting Semafone they will be taking every measure possible to protect their consumers’ sensitive information and reduce the risk of a data breach.”

Learn more information about Semafone’s Cardprotect PA-DSS certification.

About Semafone

Semafone provides contact centres with solutions for data security and compliance and works with enterprises around the world to remove sensitive data from IT and business networks, protecting reputations and helping organisations to comply with industry regulations such as PCI DSS and EU GDPR. The company’s patented and award-winning Cardprotect™ solution allows people to pay securely over the phone.

Semafone was founded in 2009 and now supports customers in over 25 countries on five continents. Semafone’s extensive customer base includes companies such as AO, AXA, The British Heart Foundation, Rogers Communications, RNIB, Santander, Sky, TalkTalk and parts of the Virgin Group.

Major investors of Semafone include Octopus Ventures and BGF (Business Growth Fund).
Semafone has achieved the four-leading security and payment accreditations: ISO 27001:2013, PA-DSS certification for Cardprotect its payment solution, is a PCI DSS Level 1 Service Provider and a registered Visa Level 1 Merchant Agent.

To learn more, visit