Echopass has achieved PCI DSS Level 1 for its cloud-based contact center service. The company expects to gain an advantage over competitors for being first in the market to achieve the top PCI DSS certification level.
Echopass may have something to brag about when it comes to security for its cloud-based contact center offering, but the company believes its competitors shortly will be following on its heels. The cloud service provider just went through a rigorous audit that earned it a PCI DSS Level 1 designation from the PCI Council.
Why is that important? According to Dennis Empey, chief information security officer and senior vice president of Service Delivery at Echopass, the enterprise space in which the company plays is increasingly demanding higher levels of security. One of those security measures is, of course, PCI certification—a designation that received an update earlier in the year from the PCI Council. The update increased the security requirements for cloud service providers because of issues such as increased market threats and the dramatic uptake in cloud services, not to mention new channels including mobile and social, posing untested risk.
PCI DSS Level 1 compliance is the top level of PC compliance, and it requires a complete audit to ensure compliance. The Level 1 designation is required for any organization processing more than 6 million credit card transactions per year.
"It's no longer a nice to have. You absolutely must have it to be able to compete in the enteprise market space," Empey told Talkin' Cloud. That doesn't mean Level 1 is a requirement, but at least some measure of PCI certification is increasingly becoming a necessity for cloud service providers, he said.
Echopass is the first cloud-based contact center provider to achieve PCI DSS Level 1, but Empey said it likely won't be a differentiator for Echopass for long. Others in the space have Level 2 certification, and he said it's likely some of them will achieve Level 1 within a short timeframe.
If he's right, this could have significant implications for cloud service providers that enable their customers to do online credit card transactions. Or even if they don't, actually. Empey noted that PCI DSS certification can be affected should a company deal with a cloud provider who is not compliant, which could limit customers or even potential cloud partnerships (but it all depends on circumstances).
"You always want to protect yourself, clearly. We're all running businesses here. We all want to make sure those businesses continue to be profitable and continue to be viable," Empey said.