A Thing
The Green SheetGreen Sheet

The Green Sheet Online Edition

June 24, 2019 • Issue 19:06:02

New Products

Reduce risk with PCI DSS-certified call center solution

Product: Cardprotect 4.0
Company: Semafone

Semafone, a global provider of secure voice transactions with U.S. offices in Boston, released Cardprotect 4.0, a PA-DSS-compliant solution designed to protect call centers from potential data breaches. Certified by the PCI Security Standards Council (PCI SSC), the solution prevents unauthorized parties from "listening in" when payment card data is transmitted by phone, keeping payment card data out of scope, company representatives stated.

"Semafone has been PA-DSS certified since 2012, which demonstrates our consistent commitment to achieving the highest possible standards in data security," said Gary E. Barnett, CEO of Semafone. "Obtaining this new PA-DSS certification [for Cardprotect] enables us to provide an unmatched level of security and peace of mind for our direct customers and partners."

Cardprotect's advanced technology can simplify PCI DSS compliance for card-not-present environments, Barnett noted. Its data capture method uses dual tone multi frequency to disguise key tones and shield card data from call center agents during calls and live chat sessions. It also uses historic call recording redaction to remove data from recordings.

Rigorous security standards

Barnett pointed out that Semafone has achieved four security and payment accreditations. The company is a PCI DSS Level 1 Service Provider and Visa Level 1 Merchant

Agent and is ISO 27001:2013 compliant. Its Cardprotect processing application is PA-DSS certified.

Cardprotect was built to PA-DSS specifications, Barnett explained, which require specific development and auditing procedures, a formal assessment by a Qualified Security Assessor (PA-QSA) and validation by the PCI SSC assessor quality management team.

"PA-DSS certification is a requirement for any maker, developer and integrator of payment applications that use credit card information for payment authorization and settlement and that are sold, distributed or licensed to third parties," Barnett said. "We save payment application partners valuable time and costs that would otherwise have gone towards achieving the certification themselves." 

Flexible, scalable architecture

Cardprotect 4.0 uses open architecture that is designed to be flexible, scalable and easy to deploy. The application seamlessly integrates with leading payment processors, gateways, customer relationship management solutions and call center technologies, Barnett stated. By removing payment card data from PCI DSS scope, call centers can increase efficiencies, reduce costs and improve profits. Additionally, enhancing security facilitates better working conditions. Customer service representatives are no longer restricted to stringent cell phone policies or Internet access, which creates a happier workplace environment, Barnett added.

Noting that a majority of U.K. businesses are cloud-based, Barnett said he has seen more technical diversity in the U.S. market and offers companies the following three options:

  1. Pure Cloud: Semafone manages the company's telephony and security, removing data from scope.
  2. Hybrid Cloud: Semafone manages security in the cloud while telephony remains on site at the company.
  3. On-premise services: Partner manages telephony and security services on site, embedding Semafone security solutions into existing infrastructure.

"From a user perspective, Cardprotect 4.0 balances robust security with an excellent customer experience," Barnett said. "As we move forward with new channels, we will continue to work closely with payment providers to protect SMS, voice, chat and other emerging technologies in the omnichannel marketplace." end of article

Website: www.semafone.com Contact: nasales@semafone.com

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next
A Thing