Windstil-Log

Blog Article

Introducing UCPayd, your PCI-DSS compliance solution!

Book a Free Consultation
1300 019 988

The challenge

Many businesses need to be able to take payments over the phone. Verbal conversations with customers often lead to better sales conversions and collections rates.

However, as cyber threats become increasingly complex and frequent, it’s no longer viable (or PCI compliant) to verbally receive customer card details over the phone. Consumers are increasingly distrustful of organisations that ask them to share card information, as they’re being told by banks not to.

Enter UCPayd: a user-friendly and PCI compliant cloud voice service enabling businesses to take payments over the phone, securely.

The cybercrime risk for Australian businesses:

  • SMEs account for 43% of cybercrime targets in Australia.
  • Almost half of SMEs spend less than $500 annually on cybersecurity measures.
  • The average cost of a data breach in Australia is $4.26m.
  • Australian businesses have a 30% chance of suffering a data breach.

What is PCI-DSS compliance?

Payment Card Industry Data Security Standard (PCI-DSS) is the global standard for keeping payment data safe, set out by the Payment Card Industry Security Standards Council (PCI-SSC). The council was formed in 2004 by American Express, MasterCard, Visa, Discover, and JCB International. Today, it is a global forum that sets security standards relating to the management of payment data. It is commonly enforced by major card providers and banks. Audits and compliance checks are carried out by licensed PCI auditors on behalf of the PCI council.

All organisations that accept, process, or store customer payment details must have data security measures in place that meet PCI standards. This applies to all Australian organisations regardless of size. It is especially applicable to organisations providing support services to merchants that impact their security posture, such as payment processors, cloud-based infrastructure providers, and outsourced call centres.

The PCI-SSC have released a new version of PCI-DSS (version 4, referred to as PCI-DSS 4.0) which contains updates to the standards expected of businesses. This means organisations taking payments over the phone need to implement an information security solution by

31 March 2025 to remain compliant. If this is not achieved, fines (ranging from $5,000 – $100,000) and other penalties may apply.

What is UCPayd?

UCPayd is a PCI-DSS compliant cloud service allowing your staff to take payments over the phone – without your customers having to verbally disclose their card information.

Your staff member and customer will be on the phone throughout the transaction. When it’s time to make the payment your staff member will be prompted to activate UCPayd, and your customer will enter their card information via their phone’s keypad. The tones will be masked, and UCPayd processes the payment on your organisation’s behalf.

By using UCPayd, you gain:

  • PCI-DSS compliance. Helps you ensure you are meeting regulatory requirements.
  • Enhanced security posture. Protects customer card data from breaches, and your business from the repercussions accompanying potential breaches.
  • Cost reduction. Lowers MOTO fees, compliance costs, and insurance costs.
  • Consumer trust. Improves consumer confidence in phone transactions and preserves brand reputation.
  • Suitable for both call centre and non-call centre environments.
  • No sacrifice of sales. Customers and users stay on the line throughout the entire interaction, reducing the risk of losing the sale.

Business Outcomes

Meets PCI requirements. Using UCPayd enables you to meet your PCI-DSS compliance obligations, while still being able to sell to customers over the phone.

Improves security posture. You’re likely aware of the significant risk cyberattacks pose to your business. A solution like UCPayd helps improve your security posture.

Outcomes:

  • PCI-DSS compliance obligations are met
  • strengthened security posture; less risk of a breach
  • improved customer trust and brand reputation
  • high ROI (low cost of UCPayd ÷ high cost of potential incidents)
  • lower MOTO fees and insurance costs
  • no impact to business operations

FAQ’s

Is PCI-DSS compliance a legal requirement in Australia?
No, – however, it is enforced by major card schemes (such as Visa and Mastercard) and is considered the industry standard globally. Not being PCI compliant has significant repercussions, and many card schemes will revoke merchant’s privileges to accept payments using their cards if they are not compliant.

What do I need to have in place before onboarding UCPayd?
Before onboarding UCPayd, you need an existing payment gateway with e-commerce enabled. If you can accept online payments, you will have e-commerce enabled.

Are there any reporting features available within UCPayd?
There are no reporting features available, as the architecture of UCPayd is designed to ensure no customer details are stored on the platform. Your payment gateway provider will have reporting available for transactions made via the gateway.

I want to integrate UCPayd with my CRM. How can I do this?
You can integrate UCPayd into your CRM. However, you will need to perform the API integration work yourself. All UCPayd licensing is managed within SASBOSS®, but the UCPayd user resides within your existing CRM. If this is required, please contact your account manager and we will provide the necessary documentation and API details for integration.

How does UCPayd ensure sensitive card details are not leaked into business systems?
UCPayd is designed similarly to a traditional three-way call. The user invites UCPayd into the call when the customer is ready to make a payment. The UCPayd leg of the call is introduced as a second leg, with an airgap implemented to prevent any information entered via the customer’s telephone keypad from passing over the two legs of the call. When credit card details are entered, the keypad tones are masked as 1s and 0s to ensure they are not captured on any call recording or reporting the organisation may have in place.

Do I need to use pause/resume on call recordings with UCPayd?
No – UCPayd will mask the DTMF tones of the telephone keypad to capture the credit card details. Therefore, it is not necessary to use pause and resume functionality for call recording.

My organisation uses call recording for compliance and training purposes. Can we use UCPayd and remain compliant?
Yes – UCPayd will mask the DTMF tones of the telephone keypad as 1s and 0s, to ensure any call recording in place cannot capture credit card numbers.

Which payment gateways does UCPayd support?
UCPayd supports a wide range of payment gateways and is integrating with new gateways on a weekly basis. To verify if your payment gateway is supported, please contact your account manager.

What if UCPayd does not support my payment gateway?
If you are using a payment gateway that is not listed as supported, we can perform a feasibility check to confirm if we can support this payment gateway. If this is required, please contact your account manager.

My organisation has implemented UCPayd and Call Recording. Are we now 100% PCI-DSS compliant?
No – although the platform integrated into your environment is PCI-DSS compliant, it is crucial that staff members using this technology receive proper training and maintain diligence to ensure their practices remain compliant. For instance, if a user chooses not to use UCPayd and instead has the customer verbally provide their card details, this interaction is not compliant.

< Return to Blog

Get your time back by letting Windstil manage your IT systems.

As business owners, we know how critical IT is to your business. We empower our clients to get back to the work that matters most.

1300 019 988
Facebook Linkedin
IT Solutions
Menu
© 2024

Windstil Group Pty Ltd | Terms & Conditions | Privacy Policy