Updated PCI Security Standards Council (PCI SSC) guidance, published Nov. 28, 2018, addresses the increasingly complex landscape of accepting payments by phone. Spearheaded by a PCI SSC Special Interest Group of call center and technology experts, Protecting Telephone-based Payment Card Data
outlines best practices for mitigating fraud by removing sensitive data from scope.
Ben Rafferty, global solutions director at Semafone and Special Interest Group member, said the council last issued call center guidance in 2011, and the landscape has evolved significantly in recent years. The new guidance pertains to a new set of risks posed by Voice over Internet Protocol (VoIP), softphones and chatbots, he said, noting that these emerging technologies are potential targets for card-not-present fraud.