Card fraud continues to be an issue across all sectors in 2016, especially with the number of genuine card transactions hitting 15.8 billion in 2014, a 51 per cent rise from 2008. According to Financial Fraud Action UK (FFA UK) fraud losses on UK issued cards totalled £479.0 million in 2014, a six per cent increase from £450.4 million in 2013 – and the third consecutive year of increase.
The most recent Information Security Breaches Survey carried out by PwC for the UK Government Department for Business, Innovation and Skills asked organisations throughout the UK to share their worst breaches, and to give insights on technology use in Information Security.
The survey revealed that there was a year-on-year increase in the amount of data breaches, suffered by both small businesses and large organisations. It also reported that the average amount of annual data breaches experienced by large organisations was a substantial 14 – and that a data breach to a large organisation could cost up to £3.14m.
However – since as early as the late 1990s – the major card companies have been working together to combat card fraud through the introduction and evolution of the ‘Payment Card Industry Data Security Standard’ (PCI DSS); which protects data held by companies that handle card payments. PCI DSS has been devised to exercise tight control over the storage, transmission and processing of cardholder data – and is required to be met by any organisation that processes, stores or transmits credit card information (regardless of sector or size).
Meeting the 12 high level requirements of PCI DSS means a business isn’t just avoiding the incurrence of a fine due to non-compliance – $5,000 to $100,000 per month – it’s also at a significantly reduced risk of payment card fraud, and will be operating under enhanced card data security.
Overall, the report highlights that PCI compliance is more important than ever before. In light of the upward trend in both frequency and cost of security breaches to organisations, businesses need to make sure they have suitable measures in place – not only to meet compliance with the Standard, but for peace of mind with an eye to the future.
We’ve summarised the main points in the below infographic, take a look for further insights:
One way to ensure PCI compliance is to take the responsibility of storing, transmitting and processing cardholder data out of the hands of the organisation. This can be done by implementing a secure voice transaction service, during Cardholder Not Present (CNP) payments. Our Semafone solution does exactly this; by removing sensitive authentication data from the call platform, customer data is protected and threats to the organisation are reduced at a minimal cost.
You can read more about our Semafone solution here or find out how we implemented this for AXA’s nationwide contact centres. And to hear more on how Adam Phones can help your organisation’s security measures go above and beyond PCI DSS compliance, get in touch.