The PCI Council Publishes Updated Guidance for Securing Telephone-Based Payments
Online and mobile payments get all the press, but plenty of card-not-present payments still originate from telephone orders. The security threats from such orders are changing, which prompted the PCI Security Standards Council to issue an update Wednesday to guidance it first produced seven years ago for protecting phone-based payments.
The guidance does not add to or supersede any current requirements in the Payment Card Industry data-security standard, the PCI Council’s main set of rules for merchants, processors, and other entities that handle general-purpose credit and debit card data. It was developed by one of the council’s so-called special interest groups, which consist of representatives of companies and other organizations concerned with a specific security issue. In this case, the guidance came from the Protecting Telephone-Based Payment Card Data Special Interest Group.