Skip to main content

PCI Compliance is critical to organisations that process card payments. PCI DSS (Payment Card Industry Data Security Standard) sets stringent guidelines for protecting card data. Find out how Columbus PCI Compliance solutions can help you mitigate risk, descope your operational environment by removing sensitive card data from your business workflows.

Reasons to choose PCI Compliance Solutions from Columbus UK

Accredited Level One PCI DSS Certification

Our hosted telephony and card processing platforms have accredited Level One certification for PCI DSS compliance with security at the core of everything we do.

Outstanding PCI Compliance Solutions

We offer a wide range of highly secure, reliable and easy to use solutions which helps organisations across all sectors descope their environment of sensitive data.

A Flexible Approach to Commercials

Low capital investment and affordable monthly licensing. Instant refund and re-processing functionality. No charge for declined or refunded payments.

Exceptional Customer Service & Account Management

We’ll work with you closely to identify the compliance challenges that you need to address and provide comprehensive guidance and recommendations.

Mitigate risk, minimise capital investment and save time and resource with cloud-based PCI Compliance Solutions

Columbus PCI Compliance solutions are designed to help you meet and maintain PCI DSS by descoping your organisation from the requirements of the regulations. All transactions (telephone and online) are handled off site with no sensitive data provided to anyone within your business throughout any part of your payment workflows. Find out more below.

What is PCI DSS

PCI DSS is the worldwide Payment Card Industry Data Security Standard that was set up to help businesses process card payments securely and reduce card fraud. This is achieved through the enforcement of tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. PCI DSS is intended to protect sensitive cardholder data.The payment standard has 12 high-level requirements which are divided into six categories. This includes:

  • Build and Maintain a Secure Network
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor and Test Networks
  • Maintain an Information Security Policy

Why is PCI DSS Compliance Important

Achieving compliance with PCI DSS means that your organisation is doing its utmost to keep valuable information safe and secure and out of reach of individuals and other entities that could use your data for illicit purposes. Whilst reaching and maintaining PCI DSS is critically important for any business that stores, transmits or processes card data, compliance is much easier to achieve for businesses that do not hold data and this significantly reduces the risk of your customers being affected by a data breach. So in essence if you don’t need the data, don’t store it.

If I'm not compliant, what may happen?

If you do store card data and you suffer a data breach (i.e. lose card data) and you are not PCI DSS compliant you may be prevented from accepting payments by card and you could incur card scheme fines for the loss of this data which could be up to £50,000 per infringement. You may also be liable for any fraud losses incurred against lost card data and the operational costs of replacing the accounts. If you are suspected to have suffered a data compromise, you will be required to engage with a PCI Forensic Investigator (PFI) to establish the source of the breach to ensure any compliance gaps are closed. The cost of a forensic investigation can run into thousands of pounds. You will be liable for these costs if evidence of a compromise is established.

Whilst the monetary fines and other costs are considerable, the reputational damage to your business could also be catastrophic as customers may lose confidence in your ability to secure their sensitive personal, business and card data.

What can lead to a data breach?

There are many vulnerabilities that can lead to data breach including:

Computer Viruses
A computer virus is a program that can replicate itself and spread from one computer to another. The term ‘virus’ is also commonly used to refer to types of malware, often referred to as adware and spyware programs that do not have a reproductive ability. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.

Computer Worms
A computer worm is a self-replicating malware program, which uses a computer network to send copies of itself to other computers and nodes on the network without any user intervention. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause harm to the network, even if only by consuming processing power or bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Trojan Horse
A Trojan Horse may allow a hacker (also known as a computer criminal), remote access to target a computer system. Once a Trojan has been installed onto a computer system, a hacker may have access to your computer remotely resulting in them being able to perform various operations, but these may be limited by user privileges. Operations that could be performed by a hacker on a computer system include:

  • Using the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
  • Data theft (e.g. retrieving passwords or payment card and personal information)
  • Installation of software, including third-party malware
  • Downloading or uploading of data on the user’s computer
  • Modification or deletion of files
  • Keystroke logging (where hackers can track and record your keystrokes – anything that you type into your computer)
  • Watching the user’s screen

Trojan Horses require interaction with a hacker to fulfil their purpose, though the hacker need not be the individual responsible for distributing the Trojan horse. It is possible for individual hackers to scan computers on a network using a port scanner in the hope of finding one with a malicious Trojan horse installed, which the hacker can then use to control the target computer.

Spyware
Spyware is a type of malware that can be installed on computers, which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect.

Key questions you should ask

Here are some key questions you should consider to evaluate your PCI DSS compliance:

  • Do your employees ask for card details over the telephone?
  • Can you ensure data is not written down or entered into a separate application?
  • Can you ensure that photographs or screenshots of transactional data are not taken?
  • Are DTMF tones played to employees?
  • Are you able to fully maintain the PCI DSS standard and keep card details completely secure?

If you are unable to fulfil any of the above questions then descoping your organisation from the requirements of PCI DSS, whilst benefitting from a fully accredited Level 1 card processing service is essential for your business.

What is PCI Descoping

Descoping provides a way of reducing the number of obligations that are relevant to your business in relation to PCI DSS processes. The simplest means to achieve this is to pass the responsibility to a third party provider. This usually reduces the overheads assigned to PCI DSS compliance related activities whilst also increasing the level of PCI compliance your business can attain for operational purposes (i.e., using a Level One compliant solution provider).

What are the benefits of a Hosted Solution?

Many PCI DSS solutions are premise-based and require investment in additional hardware and software which needs to be maintained. This can often involve hardware add-ons which are connected to your phone system alongside software updates for your phone system and servers, additional cabling, handsets and more besides. Updates or changes to the infrastructure are not straightforward and it is typical that the solution vendor as well as the phone system maintainer will need to be on site to carry out upgrades and changes which can be costly and disruptive.

Significant investment is usually required and there are CAPEX costs to consider as well as OPEX-based maintenance contracts for the PCI solution and on-premise phone system. Moreover the on-premise solution is disadvantaged on the basis that the Service Level Agreement (SLA) is usually inferior to a hosted or cloud-based PCI compliant solution. This is because if there is a hardware failure an engineer will need to visit the site to assess the issue and if the correct spare part is unavailable (a phone system trunk card for example) a subsequent visit will need to be arranged to replace the damaged part. During this timeframe, you will are unlikely to be able to operate very efficiently, if at all. As cloud based solutions are operated in secure, managed data centres they offer much better reliability and superior response and fix times.  Depreciation is also a major factor when installing hardware and service replacement / continuity needs be considered as the hardware nears end of life.

On the other hand implementing a hosted solution provides increased flexibility, it’s easier to leverage improvements in technology without the cost of on premise software upgrades, allows you to rollout the service anywhere with very little CAPEX, it does not require hardware and phone system changes on-site and provides very efficient SLAs due to the solution(s) being accessible in a cloud environment at any time.

Solutions designed to descope your business from the requirements of PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) organisation was created by major credit card companies in 2006 to establish processes for card data security and many organisations subsequently invested in expensive, on-premise compliance systems to ensure payment card data was secure and met PCI Compliance obligations. Despite the development of rigorous guidelines to protect sensitive card data, over time, fraud, theft and numerous, notable network breaches at major organisations have demonstrated that weaknesses still exist in some businesses. On-premise compliance systems need to be continuously monitored, maintained and secured otherwise a breach could be very costly.

We believe there is a better way to mitigate risk without the significant capital investment and resources required to meet and maintain the very latest PCI Compliance requirements. Columbus Cloud Compliance solutions achieve this by descoping businesses from the requirements of PCI DSS and keeping sensitive card data completely outside of standard operational workflows. Our cloud first approach to PCI Compliance ensures that no one within an organisation has access to any sensitive card data at any time, whether the solution is telephony or web-based or both.

Columbus PCI Compliance Services

Columbus PCI Agent

Our hosted Level 1 solution allows callers to enter their own card details whilst staying on the call with a live agent. Hassle free and 100% fully Level 1 PCI DSS compliant.

Columbus PCI AUTO IVR

Using our advanced cloud-based platform, our AUTO IVR solution enables you to capture, integrate and process card payment information without the need for an agent.

Columbus PCI Online

Our 3D-Secure technology is designed to reduce the possibility of fraudulent card use by authenticating the cardholder at the actual time of the online transaction.

Columbus PCI Mobile

Rapidly develop apps to assist in the processing of mobile payments, integration with back-end systems, mobilising the workforce and providing real-time information.

Want to find out more about Columbus PCI Compliance Solutions? Get in touch.

Columbus are very flexible in their approach to our demands, keeping control over our business connections, supporting our remote staff & providing us with a value for money service. The friendly efficient staff are always on hand to help when required.

Jerry GriffinFacilities Manager, PEI-Genesis UK Ltd

We originally approached Columbus to help us fill the gaps in our inbound solutions portfolio. Due to their fantastic support, customer service and willingness to work closely together, we have worked in partnership for over 10 years. This has resulted in significant advances for our mobile, SIP and Hosted PBX offerings. The key area any business appreciates most is the ease in which it can engage, plan and deliver projects for customers with its partners. With Columbus, we can always provide a great service for our customers… we simply do not get the same level of service from any other company.

Christian CoeManaging Director - Telecoms Advisor Ltd

Working with Columbus is easy; they are great partners and the team responds quickly to our requests for input. In fact, they are the most responsive and easy to work with partner we have, even when we have challenges to resolve.

Gabrielle AlamManaging Director, Eyes2market UK Ltd



    By submitting this form you have read and agree to our Data Privacy Statement.

    Latest from the Columbus Blog…

    IT Services

    Cameron Stevenson at Columbus UK wins QA Scotland Tech Apprentice of the Year 2023

    Investment in Apprenticeships at Columbus UK highlighted in national awards ceremony We are delighted to announce that Cameron Stevenson at Columbus UK has won the QA Scottish Tech Apprentice of the Year Award for 2023! The awards ceremony took place at the Grand Central Hotel in Glasgow on Tuesday 7th March with over 140 attendees from businesses across Scotland. Cameron's…
    KnowBe4 Logo
    Cyber Security

    KnowBe4 ranked as the top Security Awareness Training Platform

    KnowBe4 Ranked as the number one Security Awareness Training Platform for the 10th Consecutive Quarter The latest G2 Grid Report compares Security Awareness Training vendors based on user reviews, customer satisfaction, popularity and market presence. Based on over 695 G2 customer reviews, KnowBe4 is the top ranked security awareness training platform with 99% of users rating 4 or 5 stars,…
    Apple security flaw
    Cyber Security

    Apple security flaw – update your Apple devices

    Apple security vulnerabilities Apple security flaws have recently been identified and if you own apple devices you need to take action. You may have seen in the news over the weekend that Apple has identified two significant security vulnerabilities in its operating systems (this covers iPadOS, iOS and macOS). One of the software weaknesses affects the kernel, the deepest layer…
    KnowBe4 - Phish, analyse, train
    Cyber Security

    KnowBe4 Named a Leader in The Forrester Wave for Security Awareness and Training Solutions

    Knowbe4 named leader in the Forrester Wave KnowBe4 has been named a Leader in The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022. Using a 30-criteria evaluation, the Forrester Wave report ranks 11 vendors in the security awareness and training market based on their current offering, strategy, and market presence. KnowBe4 received the highest scores possible in 16 of…

    “Make operational life simpler by switching to a single, reliable and trusted solution provider and concentrate on what’s really important to your business.”

    What We Deliver…

    Outstanding customer service and account management

    A single supplier to help you consolidate services and reduce costs

    Hassle free switching from your incumbent provider

    Excellent network coverage and resilience

    Extensive, high quality portfolio of services covering voice, data, mobile and IT

    Reduced admin time with a single invoice for all services and a single point of contact

    Big savings on multiple service bundles, competitive tariffs and accurate and timely bills

    Commercial strength, stability and longevity

    Need Help? Talk to a Columbus PCI Compliance expert. Call us on 0333 240 7755. Let's go!