PCI DSS has a requirement to keep cardholder data storage to a minimum, mask the card number and not to store card details such as the card verification code or value (three-digit or four-digit number printed on the front or back of a payment card used to verify card-not-present transactions) after authorisation.
West’s Cloud Contact Centre UK provide a call recording and card payment collection solution which assists companies with meeting industry and PCI DSS requirements by taking cardholder data out of scope for their customers. The solution removes the need for customers to provide their card details to contact centre agents and masks card details within call recordings. Customers enter their payment details via their telephone keypad directly therefore bypassing the need for the contact centre agent to be told or see the card details. Once authorised, West securely pass back authorisation codes and transaction ID’s so that their customers can then process, repeat transaction or refund as appropriate.
The initial engagement involved our Quality Security Assessor (QSA), who worked collaboratively with the West team to perform a gap assessment and confirm the scope of their PCI-DSS compliance programme, through a series of interviews, discussions and workshops. Following the gap assessment and report provided, the QSA presented the findings to the West UK Management team and helped them understand what was required to remediate the gaps found. During this period the QSA provided insight, support and guidance before any formal assessment was conducted. Once West addressed the findings they then engaged with Gemserv further to conduct a formal review of their updated procedures and systems against the PCI DSS at the time, (version 3.1). This led onto the formal assessment of the controls in scope for the West UK operation. At all times the QSA kept the West team informed of progress and items that needed further remediation, using a dedicated remediation plan and regular update calls with the West project lead. The West team found this approach appealing as not only were they being assessed against the standard but also felt they had a trusted advisor to help them throughout their PCI DSS journey
The QSA had established a very comprehensive understanding of West’s Card Holder Environment and was subsequently engaged to fully assess West against the latest version of PCI DSS (version 3.2). Through sampling many onsite interviews and assessments, the QSA observed and reviewed evidence onsite with West stakeholders, demonstrating to the QSA that West were compliant with PCS DSS, which led to producing the initial Report on Compliance (RoC) in March 2017 and subsequent re-assessment and RoC in March 2018.
West and Gemserv have built a great working relationship and work as a partnership more than a client supplier engagement, this helps with the continuous improvement of the West’s security posture and processes, as West see Gemserv as a key supplier for delivering Information Security guidance and advice and not just purely an assessor.
Our Latest Insights.
Our work means different things to different clients and we wanted to share some details of the projects we have managed to give you an insight into our capabilities and the impact we have delivered as a business.
Did you like what you read? Did you want to find out more about the subject? Or did you simply want to get in touch with us? Either way if you would like to get in touch with us you can do so using the form on the right.
Get In Touch
Want to find out more?
Follow the links below find out more about the services we provide, our insight into the industries we serve or the opportunities available with us.