Semafone, a provider of compliance and data security solutions for contact centers, has achieved compliance with the latest Payment Card Industry Data Security Standard, PCI DSS V3.2.
The PCI assessment certifies that Semafone's secure voice transaction solution for contact centers and merchants that accept cardholder does not present payments via telephony using its Hosted, Customer Premises Equipment (CPE) & Platform based solution.
Key changes to the data security standards within version 3.2 will see service providers required to deliver on the following:
- multifactor authentication;
- increased frequency of penetration testing, with service providers required to test IT systems every six months to detect potential data security vulnerabilities; and
- increased employee assessment, with service providers required to perform quarterly reviews to confirm that employees are following security policies and operational procedures.
"It's about practicing what you preach. Our customers are under a significant burden to prove they are compliant with PCI DSS, and part of this is being able to demonstrate that their service providers are also adhering to the requirements," said Semafone CEO Tim Critchley in a statement. "Our own security team has gone above and beyond to achieve the certification earlier than the 2018 deadline, and in many cases, have exceeded the assessment criteria. Customers can see that our actions are consistent with our words and that we are dedicated to providing them with rigorous data security. We're building trust through compliance."