Jump to content
Why are we here ..... ×
  • 0

PCI-DSS and Open GI CreditLine Plus - Callstream Add-On Explanation


Callstream_Vault

Question

Hello,

 

I wanted to take this opportunity to say Thank you, to the members of the user group, who since 2014, have previously mentioned, recommended and invested in Callstream Vault: to attain PCI-DSS Level 1 Compliance when taking card payments over the phone through Open GI CreditLine Plus (See: https://www.opengi.co.uk/broker-software/accounting/creditline-plus/).

 

What is Open GI CreditLine Plus?

 

 

 

 

What do the FCA and PCI Security Standards Council advise when it comes to Protecting Telephone Based Payment Card Data through Open GI CreditLine Plus?

 

Whilst Insurers and Brokers are regulated by the FCA. It is the PCI Security Standards Council who would mandate that all Insurers and Brokers be PCI compliant. PCI-DSS requirements are developed and maintained by the PCI Security Standards Council but they are not mandated by the FCA.

 

The PCI Security Standards Council published a supplement on Protecting Telephone Based Payment Card Data:  https://www.pcisecuritystandards.org/documents/protecting_telephone-based_payment_card_data.pdf as well as PCI Data Storage 'Do's and Dont'shttps://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf

 

(If your business sells Cyber Liability Insurance, you will be aware of the risks of Data Breaches, Data Theft, Governance and Risk). 

 

Pertinent to PCI-DSS, there are 3 High Level SYSC rules and guidance set out in the FCA Handbook:

 

SYSC 3.2.6 - https://www.handbook.fca.org.uk/handbook/SYSC/3/2.html

SYSC 5.1.2 - https://www.handbook.fca.org.uk/handbook/SYSC/5/1.html

SYSC 6.3.6 (4) - https://www.handbook.fca.org.uk/handbook/SYSC/6/3.html

 

Whilst the FCA set out these rules and guidance in the Handbook, ultimately it is the Insurers and Brokers decision what commercial systems and processes it implements.

 

It is important to remember that PCI standards are enforced by the five payment card brands; VISA, Mastercard, American Express, JCB International and Mastercard.

 

For reference, Barclays Bank PCI Breach penalties in (£GBP) passed on to their customers (imposed on Barclays by VISA and Mastercard):

 

Cost-of-PCI-breach.jpg.3a3b85f840960556f032e5cb09539e02.jpg

 

What is Callstream Vault for Open GI CreditLine Plus?

 

Callstream Vault is an PCI-DSS Level 1 hosted telecoms software as a service with an interface that has been developed with Open GI to connect to Open GI CreditLine Plus. It enables Insurers/Brokers to securely process card payments over the telephone. 

 

How does Callstream Vault work?

 

The service can be delivered through either porting your telephone number or diverting telephone numbers to Callstream' 'PCI-DSS Level 1 Cloud Server' which is an highly encrypted server with software that tells the Open GI CreditLine Plus terminal the customers card details. 

 

Simply put, your agent prompts your customer to provide their card number over the phone, clicking a button on their computer to which the customer is given a verbal prompt to enter their card details into their telephone keypad, followed by their card security number. Throughout the process, the agent does not handle the customers card data - hear or see the customers card details or the tones on the keypad being pressed. The card details are securely received by Open GI CreditLine Plus and the transaction is completed, PCI-DSS Level 1 compliant.

 

Food for thought, Callstream Vault explained in a  3 minute 16 seconds YouTube video: 

 

 

 

What are the alternatives to Callstream Vault?

 

It is widely perceived that 'Pause and Resuming' Call Recordings is PCI-DSS compliant, because customers card details are not being stored by the Insurer/Broker. However, this involves designing business and IT system processes to manually or be automated to pause the call recording and then resume it.

 

Then there is the effort, time and associated cost of ensuring that these processes are not prone to human or system error - so card details and data does not accidentally get stored on the call recording.

 

There is also the element of insider theft risk which is brought up in Cyber Liability Insurance: does the agent need to hear the card details? Whilst the call recording is paused - what is being said, advised, saved, stored, stolen...

 

 

Many Thanks and Best Regards,

 

 

Anoop Dhaliwal - Product Specialist - Callstream Vault.

anoop.dhaliwal@callstream.com

5979c49beb06e_callstreamlogo.jpg.54ef12ddf5a761a4a70ab33ce62f9b46.jpg

Callstream Vault won the Insurance Times - Technology Partnership of Year - Award in 2014, 2015.

 

 

 

Link to comment

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Posts

    • "Exciting news for Brokers!" ???     #nope Critical mass Target customer size and profile On line only #whataboutthemasses   What do you think??
    • Hi Claire,   We took on INVU back in 2008 and still use it today in its Virtual Cabinet guise. No issues with printing from VC whether that be to network printers or pdf and there are also options to send from VC to email which can be useful.    Overall, we remain very happy with VC so have seen no real advantage to move over to OpenAttach.   One little issue is we never managed to get the automatic indexing / filing of standard OGI/OpenWord letters and emails into VC. We just click a few buttons to file them manually.   Happy to chat through further if you wish - I will be at the Members day this coming Thursday    Darren
    • Hi @Clare Carter   I probably cant advise on day to day use / issues, but may be able to help although not sure of your question   Are you still on Virtual Cabinet (VC) and how are you trying to print on OGI - and what / where from   Also - I'm pretty sure there are minimal issues with transferring to OpenAttach - what are the concerns there?  
    • Just wondering if any of the current members have previously been using Virtual Cabinet, and which originally was Invu provided by Linden House.   It is only relatively recently that Open GI have come up with Open Attach but there is an issue in transferring data.   If anyone is still using Virtual Cabinet which evolved from Invu and Linden House, could they let me know whether they had any issues with Open GI and printing.    Thanks
×
×
  • Create New...