Skip Links
Join our LinkedIn groupEmail to a friendFollow us on TwitterFollow us on YouTubePrint this page

Customer card security

Payment solutions

 

Customer card securityIn a nutshell:

For any organisation taking card payments the security of data is
non-negotiable. All our payment solutions incorporate the latest security measures, so by choosing Capita as your payment collection partner you can be confident your customers’ information and card details are secure.










Consumers are increasingly turning to debit and credit cards as their preferred method of payment. Many people prefer to make card payments than set up direct debits, as it allows them to prioritise their debts and decide exactly what to pay and when.

Any organisation taking card payments must ensure cardholder details are processed in the most secure manner possible, thus protecting both your business and your customers’ personal data.

Failure to comply with the relevant data security standards renders you responsible for any losses through fraud and likely to face considerable fines and legal fees. But equally important is the fact your customers will suffer if their card details or information are compromised. This can lead to lost business or customers insisting on making future payment by means other than card. Wider consequences can include negative publicity that discredits your organisation’s reputation and brand, and, in extreme cases, could result in suspension of trading.

“We were well aware of security requirements around card payments and recognised that using a fully managed and certified card payment service was far preferable to an alternative on-site solution, which would carry a large overhead in terms of both staff resource and financial cost.”
Nigel Hammond, customer accounts manager, Sutton and East Surrey Water

Click on the arrows below to discover more about our customer card security...

For more information about our leading solutions, call 08701 627806 or contact us through our online enquiry form.

Contact us with your payment solutions enquiries

  • Reducing your compliance responsibilities

    details

    Capita’s Secure Bureau Service (SBS) is a fully managed, hosted and Payment Card Industry Data Security Standard (PCI DSS) accredited solution that allows you to accept and securely process credit and debit card payments.
     
    In 2011, Capita’s managed service processed more than 23 million card payments, valued at almost £2.1 billion.
     
    Major card schemes, such as Visa and MasterCard, are strong advocates of organisations employing such managed services as much of the responsibility for compliance passes to the supplier and so reduces the customer’s potential exposure.

  • Leading through security

    details

    Capita has consistently been first to market with appropriate fraud protection measures. These include:

     

    Managed Service products running on a certified PCI DSS Level 1 service. First accredited in 2007

     

    Hosted in Capita’s own dedicated data centres, among the first in Europe to receive PCI DSS ‘hosting provider’ certification

     

    Site-based products are compliant with the Payment Application Data Security Standard (PA-DSS), for which we were first accredited in 2009

     

    Card details are never stored on-site

     

    Payments are classed as ‘secure’. Therefore payments through Capita qualify for highly competitive card processing costs through having the following recommended fraud protection measures in place:
     
              • Chip & PIN for cardholder present payments 
              • Card Security Code (CSC) for cardholder 
                 not present (contact centre / internet
                 automated telephone) payments 
              • 3D Secure (Verified by Visa / 
                 MasterCard SecureCode) for internet payments.

     

    Compliance with PCI call recording requirements, which include the option to suppress call recording in line with requirement 3.2 of the PCI DSS. This requirement states systems should not store any sensitive authentication data, including card validation codes and values (such as the CSC), after authorisation

     

    Tokenisation ensures card details, once stored, are replaced by a token (an encrypted surrogate value) to be transferred between systems rather than the card details themselves. This is in line with requirement 3.4 of the PCI DSS

     

    Point-to-point encryption is the transmission of data within the card processing environment with no decryption of the data feasible at any point between the source and destination. Building upon our extensive experience in applying card encryption measures, Capita is working closely with device vendors and the PCI Security Standards Council (SSC) in order to ensure its solution is compliant with the forthcoming PCI SSC standard due later in 2012.

  • Ongoing excellence

    details

    Capita is highly committed to the security of card payments and as such is a participating organisation within the PCI Security Standards Council.
     
    All Capita staff involved in the delivery and support of card payment services undergo annual assessment and formal testing in areas such as ‘fraud awareness’ and ‘information security awareness’, to ensure continued development in security excellence across all our payment collection services.