Tag: compliance

Evolve IP Launch Powerful Card Payment Solution To Combat Radical Compliance Changes

Global collaboration provider, Evolve IP (EMEA), has launched a seamless end-to-end secure solution to address major payment card information (PCI) changes happening in March. 

Significant reforms are about to come into force that require businesses to have an evidence-based process for card payments, particularly over the phone. Ignoring the impending rule changes could expose businesses to sanctions, fines and irreversible reputational damage.

To help address this major market shake-up, Evolve IP has launched Anywhere Secure Call, the latest addition to its Anywhere Product Suite. This new innovation is powered by technology partner BroadSource who work to drive collaboration in the cloud by helping the globe’s most sophisticated service providers automate, integrate and differentiate their cloud collaboration solutions.

Evolve IP UK Solutions Director, Scott Rixon.

Simplifying business practices

Anywhere Secure Call has been designed to simplify PCI compliance and redefine the card payment landscape. It’s cost-effective, simple to set up, flexible and has been built from the ground up, ensuring proof of active adherence. The critical differentiation lies in ensuring customer payment card details are not stored within recorded voice communications.

Anywhere Secure Call, intelligently directs all transactional voice calls to a designated, PCI-compliant segment of its network automatically. In the event of a PCI audit, businesses need only prove the compliance of this specific component, simplifying the overall process. This innovative approach allows businesses to demonstrate that the relevant voice traffic is isolated from their intricate network infrastructure, effectively ‘de-scoping’ the compliance challenge.

Many organisations are still unaware and unprepared for the radical changes they need to introduce, according to Evolve IP’s UK Solutions Director, Scott Rixon.

He revealed: “From Spring, businesses will need to prove their innocence by providing real-life data and proof of their compliancy, rather than simply verbally defending any guilt that has been implied.”

Time is running out

Anywhere Secure Call is priced on a per-user basis rather than a per-transaction percentage, making it accessible to businesses of all sizes. Whether a small business with just one seat or an enterprise call centre with hundreds, the solution caters to diverse organisational needs.

Rixon emphasised: “At Evolve IP, we believe solutions should work for everyone but currently, that’s not always the case. Some PCI solutions require a minimum deployment of say 50 users which simply isn’t viable for a small business. Equally, other options need to have the ability to scale up to larger enterprises. Also, we even know of some models based on a low cost of entry but then charge higher transaction fees.

“Now any business that needs to take card payments can just enable Secure Call, from a small florist to a gardening company. It can be as simple or sophisticated as required and can even be plugged into a CRM database to automate the whole process. We are covering all angles. But time is running out. Don’t wait any longer.”

Continuing to partner with leading technologies

Haydn Faltyn, CEO and Co-founder at BroadSource, shares the same enthusiasm. He highlighted: “Anywhere Secure Call represents a revolutionary step forward in telecommunications, offering a secure, cost-effective, and customer-friendly solution for payment transactions over the phone. We are thrilled to be working closely with the team at Evolve IP to further solidify our commitment to providing cutting-edge solutions that address the needs of businesses and their customers. Anywhere Secure Call is poised to redefine the landscape of payment processing over the phone.”

Cybercrime is the number one threat when it comes to financial crime in Ireland

Hacking, phishing, online scams, and other variations of cybercrime are thought to be the most prevalent financial crimes in Ireland, as found in a new survey by the Compliance Institute, which polled 230 compliance professionals working primarily in Irish financial services organisations nationwide.

When asked what they consider to be the most prevalent financial crime in Ireland, respondents to the Compliance Institute Financial Crime answered as follows:

  • Cybercrime (hacking, phishing, online scams)                                                      34%
  • Tax evasion                                                                                                                    21%
  • Fraud                                                                                                                               21%
  • Money laundering                                                                                                         19%
  • Bribery and corruption                                                                                                  4%
  • Insider trading                                                                                                                 1%

Michael Kavanagh, CEO of the Compliance Institute commented on the findings:

While financial crimes from tax evasion to insider trading could be classed as the “traditional” criminal pursuits, cybercrime is more new-age and is developing and advancing at a pace so fast that organisations and legislators cannot keep up.

From the mid-term review of the 2019-2024 Cyber Security Strategy launched in the middle of 2023, we learned of the Government’s plans to create a national anti-ransomware organisation and offer cash subsidies to small businesses to help fight cybersecurity threats. The timelines for this are unclear, but there’s no doubt that the move would be laudable and welcomed with open arms by many businesses that continue to be plagued by ransomware attacks.

These attacks can have catastrophic consequences not just for those whom they are perpetrated against, but for the wider public. We only have to look at the devastation that was caused to patients following the 2021 hacking of the HSE to understand the severity of the crimes”.

Fraud

Mr. Kavanagh continued, “Banking & Payments Federation Ireland (BPFI) stats show fraudsters stole nearly €85 million (€84.6m) through frauds and scams in 2022, an increase of 8.8% on 2021. As a New Year commences, there’s a real concern that we will see an uptick in these figures”.

Mr. Kavanagh concluded,

“Ireland is now Europe’s largest data hosting cluster, putting the need for elevated cybercrime and data protection systems into sharp focus.

Regulators in Ireland, and around the world, are constantly updating and issuing new guidance to firms in response to emerging cyber security issues, such as fake documentation and the reliability of information sources.

Regulators need to ask themselves how they can regulate and supervise without stifling innovation. Businesses and organisations need to ask how can they best prepare and respond, and the general public also needs to know what measures they can take to protect themselves”

The Role of VPAT in Promoting Digital Accessibility

In today’s digital age, accessibility has become a fundamental principle that shapes the way we design and develop technology. Every individual, regardless of their abilities, should have equal access to the digital world. This is where the Voluntary Product Accessibility Template (VPAT) steps in as a crucial tool in promoting digital accessibility. A VPAT serves as a roadmap for businesses and organizations to ensure that their digital products and services are accessible to everyone, including individuals with disabilities. By understanding the role of VPAT in fostering inclusivity and compliance, we can unlock a more accessible and inclusive digital landscape. Let’s get started. 

VPAT as a Tool for Assessing Digital Accessibility

VPAT, or Voluntary Product Accessibility Template, serves as a powerful tool for evaluating and assessing the level of digital accessibility in products and services. The VPAT template provides a standardized framework that enables organizations to assess and communicate the accessibility features and limitations of their offerings. It examines various aspects of digital accessibility, including compliance with accessibility standards, compatibility with assistive technologies, and support for individuals with different disabilities. 

By utilizing VPAT, organizations can systematically evaluate the accessibility of their digital products, identify areas for improvement, and make informed decisions to enhance accessibility. It plays a crucial role in ensuring that digital technologies are inclusive and accessible to all users, regardless of their abilities.

Promotes Compliance and Inclusion

VPAT plays a significant role in promoting compliance with accessibility standards and fostering inclusion in digital environments. Accessibility standards, such as the Web Content Accessibility Guidelines (WCAG), provide guidelines and criteria for creating accessible digital content. VPAT serves as a bridge between product vendors and consumers, as it outlines the product’s conformance with these standards. 

By requiring VPAT submissions during procurement processes, organizations can ensure that the products they acquire meet the necessary accessibility requirements. VPAT encourages vendors to prioritize accessibility, resulting in the development of more inclusive products and services. It enables organizations to make informed decisions, select accessible solutions, and contribute to a more inclusive digital landscape.

Encourages Accountability

VPAT plays a vital role in encouraging accountability within procurement processes when it comes to digital accessibility. When organizations request VPAT submissions from product vendors during procurement, they establish a framework of accountability for accessibility. Vendors are motivated to evaluate and disclose their product’s accessibility features and limitations accurately. 

By incorporating VPAT assessments into procurement processes, organizations can ensure that accessibility considerations are an integral part of their decision-making. VPAT enables informed comparisons between products, allowing organizations to select vendors who prioritize and comply with accessibility standards. This accountability fosters a culture of inclusivity, ensuring that accessible solutions are procured, and ultimately, promoting equal access for all users.

Creates Awareness

VPAT serves as a powerful communication tool in raising awareness about digital accessibility. It provides a standardized format for conveying information about a product’s accessibility features and conformance with accessibility standards. By including VPAT in product documentation and marketing materials, organizations can proactively communicate their commitment to accessibility and their efforts to make their digital offerings inclusive. VPAT allows potential users and customers to make informed decisions based on the accessibility information provided. 

Moreover, VPAT encourages conversations and discussions about digital accessibility, helping to educate stakeholders about the importance of inclusivity in the digital realm. Through its use as a communication tool, VPAT contributes to a more accessible and inclusive digital landscape.

Drives Collaboration

VPAT plays a significant role in driving collaboration and fostering stakeholder engagement in the realm of digital accessibility. By requesting VPAT submissions, organizations can actively involve vendors, developers, and other stakeholders in the accessibility evaluation process. This engagement promotes a shared responsibility for accessibility and encourages collaboration between different parties. VPAT serves as a common language for discussing accessibility features, limitations, and improvements. 

It facilitates productive discussions between organizations and vendors, allowing for the identification of accessibility gaps and the development of actionable plans for improvement. Through VPAT, stakeholders can work together to enhance accessibility, share best practices, and collectively contribute to a more inclusive digital environment.

Continuous Improvement in Digital Accessibility

VPAT goes beyond mere compliance by offering a pathway for continuous improvement in digital accessibility. Organizations can utilize VPAT assessments as a benchmark to identify areas where their products or services fall short in meeting accessibility standards. By examining the gaps highlighted in the VPAT, organizations can implement targeted enhancements to improve the accessibility of their digital offerings. 

VPAT also encourages ongoing dialogue with vendors, fostering partnerships aimed at addressing accessibility challenges and driving innovation. Leveraging VPAT for continuous improvement not only ensures adherence to accessibility standards but also demonstrates a commitment to providing an inclusive user experience, enabling organizations to evolve and stay at the forefront of digital accessibility advancements.

VPAT plays a crucial role in promoting digital accessibility by serving as a tool for assessment, compliance, and communication. It encourages accountability within procurement processes and raises awareness about the importance of inclusivity. VPAT drives collaboration among stakeholders, fostering dialogue and continuous improvement in accessibility. By leveraging VPAT, organizations can ensure that their digital products and services are accessible to all users, creating a more inclusive and equitable digital landscape. VPAT’s impact extends beyond compliance, enabling organizations to strive for excellence in digital accessibility.

PCI Compliance Process

The search for new ways to reduce financial costs has led to the emergence of electronic payments, which have become an affordable tool for quick purchases. Using a credit or debit card is a faster, less error-prone, and easier payment method for many people. Institutions that store, process, or transmit card data must adhere to the Payment Card Industry Data Security Standard. The standard contains more than 200 requirements, which you can read thoroughly on the PCI Security Council Standards website. Compatibility with PCI payment services has a large number of clear advantages. There is an opportunity to protect card data and significantly reduce the risk of personal data leakage.  All merchants, payment systems, and organizations that store and process sensitive online card data must comply with the Payment Card Industry Data Security Standard (PCI DSS). Your system should have the highest level of PCI compliance, providing a secure environment for customers. The Data Security Standard was developed by the Security Standards Board, a joint effort of Visa, MasterCard, American Express, Discover, and JCB to reduce the risk of sensitive personal data being leaked, valuable information stolen, and other types of cyber fraud. Compliance with these standards is mandatory for companies of all sizes. PCI standards protect not only you as a merchant, but also reliably protect cardholders. There are four levels of PCI compliance based on annual transaction volume. Note that each level has different requirements that you must meet.

 

Important reasons why your business needs PCI compliance?

PCI compliance is not a luxury, it’s a must for companies that transact with payment cards. For more modern organizations going digital, compliance with the Payment Card Industry Data Security Standard (PCI DSS) should be a priority, not an afterthought. In the current situation, it is not surprising that almost every company is struggling with many of the many challenges that come before it. Despite all the excitement and uncertainty, PCI compliance doesn’t seem like the most urgent task on your to-do list. However, the domino effect of the coronavirus epidemic has led to a rapid acceleration of the digital transformation of companies, in particular, a sharp increase in the number of companies focusing on online payments. Compliance with PCI standards has never been more important than it is nowadays because cash has long since played a role in payments. The revolution happened with the gradual spread of contactless, online, and mobile payments. Consumers feel more and more comfortable with these technologies, and transactions have become fast and seamless. The pandemic has led to the rapid adoption of new technologies in the business world and encouraged many people to use online, efficient contactless payment methods. In today’s realities, all companies must remember that the pace of transformation should never come at the expense of high standards of data protection and information security. Failure to comply with the Data Security Standard (DSS) in the Payment Card Industry (PCI) puts at risk all the security processes that run throughout your company. Your business must be ready to adapt to difficult situations, you must be happy to use all the beneficial opportunities of digital transformation. It should not be forgotten that any business that receives, transmits, processes, or stores cardholder data must carry out all these important processes in the most responsible and completely secure manner.

The role played by PCI DSS in today’s realities of business activity

Adopting a PCI DSS compliance process does not mean mechanically completing a compliance declaration form; your key goal is to ensure ongoing security for your business customers and data security in the business environment itself. A large number of companies understand the true value of this process, some consider it expensive. When you look at it from another perspective, you can see the huge benefits of using PCI-DSS standards to strengthen corporate security, protect data and increase resistance to various cyber-attacks. In the event of a security incident, you have a clear management and response plan, which means you can get back up and running faster and minimize disruption. No doubt accepting card payments and making purchases with the click of a button or swipe of your card has many important benefits for you and your customers. You can significantly increase revenue for your business simply by offering more payment methods available to your customers. In this case, the advantages are obvious, but you should be as vigilant as possible and aware of your responsibilities, which are related to this, and understand all the potential risks.

Essentially, you need to take all necessary measures to reliably protect cardholder data from both accidental data loss and malicious data intrusion attempts, which may be in the form of fraudulent transactions or illegal hacking attempts to obtain personal data. Due to the Covid-19 pandemic, all of these cyber threats have become much more visible than ever. In many cases, telecommuters are now being paid online as they work from temporary home offices, often using their devices. All these conditions provide a real opportunity for hackers, who are engaged in the search for vulnerabilities of organizations, which, in turn, are forced to change their business model in a short period. Compliance with PCI DSS standards used to be important, but during the pandemic, it has become crucial.

PCI compliance goes a long way in helping organizations detect and prevent physical and network attacks. This standard enforces other important security standards that companies must carefully adhere to, as it can improve operational efficiency and reduce the cost of a data breach. Compliance with the PCI standard is not mandatory, but this does not mean that non-compliance with this standard does not matter. Brands can issue fines, terminate service, and even suspend accounts for organizations that are not PCI compliant. Agents may experience financial loss if cardholder data is compromised, and may be responsible for card re-issuance and future detection and prevention services required by cardholders. Compliance with the PCI standard allows you to avoid these negative effects, so it is important to thoroughly know all the glossary of PCI terms and fulfill the initial security requirements for compliance with the PCI standard.

To do this, all organizations and service providers must submit a vulnerability scan to an approved testing provider based on the number of transactions per card or according to the size of the institution. Compliance must be checked annually. Merchants or agents that process less than 6 million transactions per year (levels 2, 3, and 4) must complete the PCI questionnaire and demonstrate compliance with this standard. Once completed, you should receive your final results and all required documents. For example, Tier 1 organizations that processed more than 6 million transactions in the past year must undergo an annual on-site audit by a certified security auditor who has completed the PCI Internal Security Assessment training program. 

A key issue with PCI compliance is the myth that PCI compliance is purely an IT organization’s problem. This is related to technology, as much of the support is related to network security. Cyber attackers are more likely to discover that sensitive data has been compromised by non-technical people and methods. Employees who work with card payment systems should be trained on how your company maintains PCI compliance. Government agencies are stepping up PCI compliance because PCI compliance means they can stay compliant with leading companies and provide their customers with the right level of security. Start planning for compliance upgrades now and make sure it’s included in your company’s plans.

The cost of a security breach

The financial impact of an incident depends on several factors, including the size and scope of the incident, the payment channel it affects, and the number of transactions. Another important concern is the need to respond to security breaches by initiating a criminal investigation, which is required by the payment card industry. After notification to the appropriate regulatory authority and interested parties, an investigation will be conducted to determine the full extent of the incident and provide recommendations for necessary corrective actions. The cost can vary greatly depending on the nature of the incident, which immediately convinces you that efforts to prevent security breaches through a proactive approach to PCI compliance are always more cost-effective solutions. The reconciliation process doesn’t have to be expensive or complicated. Although the PCI DSS compliance process is rigorous, a trusted certified security assessor makes the process manageable and stress-free. By providing expert advice on how to accelerate your business, a certified evaluator can help you identify specific and concise needs, ensuring a quality process and avoiding unnecessary financial costs. Your PCI DSS compliance evaluator is helpful, accessible, and works closely with the business to achieve and maintain compliance, which translates directly into increased customer card data security. It is important to note that even if a company has conducted a compliance audit within the last 12 months, subsequent changes to systems and processes will require a new audit and reassessment. The key message for any business that accepts card payments is that the benefits of accepting cashless transactions far outweigh the challenges of PCI compliance if you are proactive and committed. It should not be forgotten that the damage caused is often irreversible. You and your business must be prepared to address the challenges of the Payment Card Data Security Standard (PCI DSS) to ensure corporate cybersecurity and meet all customer data security needs.