Call Center Blog | OnBrand24

OnBrand24 Is Merchant Level 1 PCI Certified

Written by Mark Fichera | Oct 21, 2014 8:35:15 PM
October 21, 2014 - OnBrand24 has stepped up its credit card and consumer protection infrastructure on behalf of its inbound customer service call center clients and their customers. The company has earned a Merchant Level 1 PCI certified call center services provider. This ranking, rare among outsourced call center services providers, was certified by CompliancePoint, Duluth, GA, a qualified security assessor (QSA) company that offers consulting, audit and training services that help businesses mitigate risk and ensure compliance with the complex array of state, federal and international laws.

“Our clients place great trust and faith in us to properly and securely protect their customers’ credit card and purchasing data, and this is a responsibility we take very seriously,” said Mark Fichera, CEO, OnBrand24. “With the security breaches that have taken place at Target, Home Depot and, more recently, a potential breach at Staples,it’s important that we take every measure possible to ensure that customer data is handled in the most secure manner. This is a critically important aspect of customer service.”

The PCI Data Security Standard has been mandated by major credit card providers, and protects cardholder data. To achieve PCI compliance, all members, merchants and service providers, including call centers, must adhere to the Payment Card Industry (PCI) Data Security Standard (DSS), which offers a single approach to safeguarding sensitive data for all card brands.

CompliancePoint’s PCI certification engagement focuses on assessment, remediation, and certification of companies’ information and network security. CompliancePoint’s collaborative approach aligns the organization’s individual business units with their technology needs according to the PCI Security Audit and Reporting Procedures.

It’s critically important to ensure that call centers services providers meet all federal and state requirements. CompliancePoint's team of experts visited OnBrand24 facilities and performed an audit to ensure our practices meet all PCI DSS requirements.

CompliancePoint's auditors performed a comprehensive analysis that included interviews, document and record reviews, and data analysis. OnBrand24 was provided a detailed report outlining:

-              CompliancePoint's findings

-              Risk levels associated with any gaps identified during the audit

-              Recommendations to close any gaps identified

Below are key activities, deliverables, and milestones for ensuring PCI DSS compliance and certification:

Phase 1: Project Definition and Scope

-              Executive view of all 12 core PCI DSS standards necessary for meeting compliance

-              Executive view of CompliancePoint’s PCI DSS offering, approach and deliverables

-              Definition of key personnel and project timeline and milestones

 

Phase 2: Gap Analysis

-              Review and analysis of current policies, procedures, and initiatives throughout the organization

-              Analysis of debit/credit (i.e., payment) transaction environment

-              Identifying and analyzing all significant third party outsourcers and managed service providers used by the organization

-              Create Gap Analysis report

 

Phase 3: Remediation, Consultation & Implementation

-              Joint review of the PCI DSS Gap Analysis findings and recommendations

-              Create remediation and implementation project plan

-              Organizational remediation of identified deficiencies or issues regarding PCI DSS compliance

 

Phase 4: Assessment and Reporting

-              Assessment of organization’s PCI DSS compliance

-              Generation of Report on Compliance

-              Issue PCI DSS v2.0 Compliance Certificate

-              Submission of Report on Compliance to applicable card brands and acquirers

 

Additional Services:

-              Policy and procedure development

-              Internal vulnerability and penetration testing

-              Quarterly Network Vulnerability Scans by a certified PCI ASV (ContolScan)

-              Technical Remediation and Consulting, CISO On-Demand

 

Mark Fichera, CEO

OnBrand24

Beverly, Massachusetts (headquarters)

Portsmouth, NH

Savannah, GA