Echopass runs a state of the art cloud-based contact center product that stands apart from any of their competition. The company has announced that they have attained the rigorous PCI DSS Level 1 certification for their product in a major leap for the industry. The Payment Card Industry Data Security Standard (PCI-DSS) is an information security standard that is defined by the Payment Card Industry Security Standards Council. The idea is that through its certification process and standards, security and controls around credit card transactions can minimize fraud and information leaks. Level 1 PCI compliance is the highest level of compliance possible and it applies to merchants that are processing over 6 million Visa transactions annually.
Having lived through the kind of audit that happens in PCI compliance, I can attest that this is no small feat especially on that scale. If you look at a level 2 PCI certification, this is more of a self -evaluation certification and many companies go through this level to provide their secure systems. When you do more transactions, the risk goes up and so do the requirements. Level 1 goes beyond that, through a validation process performed through an extensive and qualified security audit. This process validates everything from the architecture, the business processes, the business procedures, logical security, and everything physical in regards to security. The result is a specific tangible output from that certification that is available and can assure partners, clients and associates of the outcome of the audit.
Customer data and partnerships – that’s exactly the greater purpose I received in a discussion with Dennis Empey, the company’s chief information security officer – a duty to protect data. Empey pointed out how critical that component of business is, as trust is the foundation of continued success and that an exceptional commitment to the best in security is a powerful tool in enabling companies to do business in the cloud. The demands from the industry are there, with a growing base of cloud-based contact centers that is projected to be the standard for nearly half of all businesses within five short years. That’s a lot of critical data that has to be handled securely, and that’s a space that Echopass has sunk their teeth into as the first to attain this level of compliance. The challenges are many as millions of agents handle confidential data each day, including the things we hear about all the time such as cybercriminal organizations, info leaks, credit card data theft, class-action lawsuits for corporate breaches becoming more common, and advanced persistent threats. Things like mobile and social affect this realm of security as well. PCI compliance is a great foundation for security and an achievement that Echopass has attained with an emphasis on the latest in technology.
“Our customers have a high level of concern, care and commitment to their own customers, so protecting their customer data is as important to them because of the impact to them as the impact on themselves. It’s not enough to think that they are secure, that they are covered. There’s a significant potential impact on their business and customer’s business. That’s where this Level 1 PCI compliance is so tremendous in its statement.”
From top to bottom, attaining this state of security is a product of vigilance as the threats are great from outside and within. If there is one weak link in the chain, one hole in the roof, the situation is compromised so an organization maintaining a compliant operation has to maintain a dedicated and fierce focus on all potential and identified threats. Sometimes it’s just careless such as an employee that is not behaving well from a best practices perspective, and some inadvertent action compromises the security. It’s these kind of situations that require constant reinforcement to assure a discipline and practice that vets and classifies every element of the environment whether it’s the ever constant changing base of people, process or technology. It’s a challenge that is part technical, part training, but all solvable ultimately, but it requires that type of commitment that Empey has discussed.
Echopass worked with FishNet Security, regarded as one of the world’s leading QSAs, to assist with the auditing and assessment process — all the while continuing to support its on-demand client base and need to sustain the highest levels of reliability.
With credit card systems on the rise the enterprise market space is a big part of that growth. When you are dealing with Fortune 500 type of customers, the applications they are likely to want to deploy are going to have some kind of payment or credit card transaction at some point. Initiatives to attain PCI compliance are therefore also on the rise, as the consequences of not achieving this level of certification means credit card companies won’t do the same business with you. The Echopass achievement is one that is certain to win over continued customers as security is but one of the biggest and most important technology concerns out there.