New PCI Council Telephone Payment Guidelines supports partial de-scope What can be done to quickly, efficiently and inexpensively remove desktops,data networks and backend systems from PCI scope for telephone payments?
Many merchants having successfully de-scoped their organisations from PCI DSS with P2PE (Point to Point Encryption) for bricks and mortar and tokenisation for e-commerce,have discovered that the Achilles heel of their PCI programme is their MOTO (Mail Order Telephone Order) payments. Suddenly from the simple act of agents and/or back office staff typing sensitive credit card data into their desktops they bring these, and their corporate networks, back into PCI scope. Until recently, options have been limited to address the challenges of telephone, snail mail, fax, email and
chat payments. In the shortly to be released new Telephone Payment Guidelines the Council is supporting a partial de-scope strategy for merchants