In our continuing efforts to meet the requirements laid out by PCI Compliance (now up to version 3.2) we have come across some software that may interest you all.
Card payments taken through a website using the tabs recommended API and I-Frame, in other words, E-Commerce, are accepted as being secure. But the taking of card payments over the phone, effectively entering card details on behalf of the customer into tabs, be it the existing version or the new tabs2,brings its own issues. Card data carried over the phone system, POTS or VOIP, is generally accepted as being out of scope, and of course the data once entered on the tabs payment screen is handled with our own encryption and security.
However that period of time that card data moves between phone system and the tabs system i.e. the tabs operator entering the data via a keyboard remains very much in scope and all of us have to satisfy our own compliance needs. With ever increasing attack sophistication some companies are using a variety of methods to secure themselves but we think that many of these are inappropriate because they interrupt our interaction with our customers or even hand them off to a third party, and we assume that many tabs colleagues would feel the same way.
DataDivider employs a masking technique whereby a virtual keypad (see attachment) can be displayed on the tabs payment entry screen once the cursor is placed the card number field. This keyboard resides with DataDivider’s own PCI DSS Level 1 environment thereby taking this part of the process out of scope for the agency. It’s obviously more complicated than that, but we think that this is of vital interest to all tabs clients and we are looking to work with DataDivider to deliver a seamless, cost effective solution for us all.
We do believe, with good reason, that the PCI Compliance Council, is going to be putting quite a bit of emphasis on the security of telephone transactions in the future, and this software should help us get a head start. We would be keen to know if you would be interested in utilising this software – please contact Stephen Colebrooke at firstname.lastname@example.org. He can also provide more information if you wish.