Jump to content
Why are we here ..... Read more... ×
  • 0
Sign in to follow this  
Callstream_Vault

PCI-DSS and Open GI CreditLine Plus - Callstream Add-On Explanation

Question

Hello,

 

I wanted to take this opportunity to say Thank you, to the members of the user group, who since 2014, have previously mentioned, recommended and invested in Callstream Vault: to attain PCI-DSS Level 1 Compliance when taking card payments over the phone through Open GI CreditLine Plus (See: https://www.opengi.co.uk/broker-software/accounting/creditline-plus/).

 

What is Open GI CreditLine Plus?

 

 

 

 

What do the FCA and PCI Security Standards Council advise when it comes to Protecting Telephone Based Payment Card Data through Open GI CreditLine Plus?

 

Whilst Insurers and Brokers are regulated by the FCA. It is the PCI Security Standards Council who would mandate that all Insurers and Brokers be PCI compliant. PCI-DSS requirements are developed and maintained by the PCI Security Standards Council but they are not mandated by the FCA.

 

The PCI Security Standards Council published a supplement on Protecting Telephone Based Payment Card Data:  https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf as well as PCI Data Storage 'Do's and Dont'shttps://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf

 

(If your business sells Cyber Liability Insurance, you will be aware of the risks of Data Breaches, Data Theft, Governance and Risk). 

 

Pertinent to PCI-DSS, there are 3 High Level SYSC rules and guidance set out in the FCA Handbook:

 

SYSC 3.2.6 - https://www.handbook.fca.org.uk/handbook/SYSC/3/2.html

SYSC 5.1.2 - https://www.handbook.fca.org.uk/handbook/SYSC/5/1.html

SYSC 6.3.6 (4) - https://www.handbook.fca.org.uk/handbook/SYSC/6/3.html

 

Whilst the FCA set out these rules and guidance in the Handbook, ultimately it is the Insurers and Brokers decision what commercial systems and processes it implements.

 

It is important to remember that PCI standards are enforced by the five payment card brands; VISA, Mastercard, American Express, JCB International and Mastercard.

 

For reference, Barclays Bank PCI Breach penalties in (£GBP) passed on to their customers (imposed on Barclays by VISA and Mastercard):

 

Cost-of-PCI-breach.jpg.3a3b85f840960556f032e5cb09539e02.jpg

 

What is Callstream Vault for Open GI CreditLine Plus?

 

Callstream Vault is an PCI-DSS Level 1 hosted telecoms software as a service with an interface that has been developed with Open GI to connect to Open GI CreditLine Plus. It enables Insurers/Brokers to securely process card payments over the telephone. 

 

How does Callstream Vault work?

 

The service can be delivered through either porting your telephone number or diverting telephone numbers to Callstream' 'PCI-DSS Level 1 Cloud Server' which is an highly encrypted server with software that tells the Open GI CreditLine Plus terminal the customers card details. 

 

Simply put, your agent prompts your customer to provide their card number over the phone, clicking a button on their computer to which the customer is given a verbal prompt to enter their card details into their telephone keypad, followed by their card security number. Throughout the process, the agent does not handle the customers card data - hear or see the customers card details or the tones on the keypad being pressed. The card details are securely received by Open GI CreditLine Plus and the transaction is completed, PCI-DSS Level 1 compliant.

 

Food for thought, Callstream Vault explained in a  3 minute 16 seconds YouTube video: 

 

 

 

What are the alternatives to Callstream Vault?

 

It is widely perceived that 'Pause and Resuming' Call Recordings is PCI-DSS compliant, because customers card details are not being stored by the Insurer/Broker. However, this involves designing business and IT system processes to manually or be automated to pause the call recording and then resume it.

 

Then there is the effort, time and associated cost of ensuring that these processes are not prone to human or system error - so card details and data does not accidentally get stored on the call recording.

 

There is also the element of insider theft risk which is brought up in Cyber Liability Insurance: does the agent need to hear the card details? Whilst the call recording is paused - what is being said, advised, saved, stored, stolen...

 

 

Many Thanks and Best Regards,

 

 

Anoop Dhaliwal - Product Specialist - Callstream Vault.

anoop.dhaliwal@callstream.com

5979c49beb06e_callstreamlogo.jpg.54ef12ddf5a761a4a70ab33ce62f9b46.jpg

Callstream Vault won the Insurance Times - Technology Partnership of Year - Award in 2014, 2015.

 

 

 

Share this post


Link to post
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Sign in to follow this  

  • Posts

    • Nice one Karl - Just how a good solution should be built!!   Shame GETREPLY and INPUT screens are not part of core calcs though 😩   Thanks for sharing
    • I tried to make my frame as 'user-friendly' as possible so made all the consent given/retracted dates auto populate based on when questions answered/changed.
    • Coffee-MP4.mp4
    • If this email does not appear to be displayed as intended, click here to view it online.   May 2018 Welcome to Issue No.37 In this issue the Chairman brings you up to date with what has been happening on the GDPR Issue, we draw your attention to the current deadline for the implementation of IPIDs and provide a summary of the Minutes of our Committee Meeting held in January.  In addition, we bring you news of Exclusive Membership Benefits and highlight the problems that can be encountered when relying on next day delivery of consumable items. It is worth taking the time to click through and read these articles; you never know what nuggets of information await! Important Open GI update to Integrated Products and Core. The latest update of IP5.81.0 and Core 15.81A will be bringing the ability to Purge linked Open Attach records as part of your Core Purge.  This is going to be a huge time saving update, so keep a look out for it in the near future in your system messages! As always we would love to hear from you with your experiences and suggested improvements for the Open GI system. Barbara Pena - Administrator If you haven't already done so, why not try logging onto our Forum. To gain access to the Forum you simply need to register on the site and a confirmation email will be sent out. To register, go to the following link:- http://opengiusergroupforum.invisionzone.com    GDPR Issue

      Click here to Find out more Committee Meeting Highlights
      The Open GI User Group Committee met on 29th January 2018 for one of their quarterly meetings to discuss topics raised by Open GI users.  The Committee then met with Open GI at their Worcester offices on 1st February 2018 to exchange feedback and raise user issues and queries.  A summary of the minutes has been produced for your information. 

      Click here to Find out more   IPIDs are Coming!


      Click here to Find out more   Membership Benefits for 2018
      Exclusive Discounts off selected Open GI Software have been negotiated for 2018.

      Find out more   Next Day Delivery - May not always work!!
      Do you rely on next day delivery for your consumable items?  Have you experienced problems?       

      Click here to Find out more   Open User Group Open User Group The views and opinions expressed in this email may not represent the views
      and opinions of the Open GI User Group and are made without prejudice and
      subject to contract. Although this message and any attachments are believed
      to be free of any virus or other defect that might affect any computer
      system into which it is received and opened, it is the responsibility of the
      recipient to ensure that it is virus free and no responsibility is accepted
      by the Open GI User Group for any loss or damage in any way arising from its
      use.

      The information contained in this message is correct at the time of going to
      press. Any action taken as a result of the information should be checked
      with the sender before taking action.   If you would like to be removed from this mailing list please click unsubscribe    
    • What a difference an "F" makes. The report is coming out now - thank you so much for your help. Well worth being a member of Open GI User Group!!! Carol
×