- Portsmouth, England, Hampshire
Training Needs Analyst Would you like to play a key role within the Type 26 programme analysing and identifying training solutions? We currently have a vacancy for a Training Needs Analyst at our site in Broad Oak. As a Training Needs Analyst, you will be
- Recruiter: BAE Systems
- London (Greater)
The Institute seeks to appoint an experienced individual to the post Professor and Director, Nathu Puri Institute for Engineering and Enterprise
- Recruiter: London South Bank University
- Chelmsford, Essex
Join the UK’s first dedicated MSc in Additive Manufacturing (3D Printing)
- Recruiter: Anglia Ruskin University
- Competitive Salary & Benefits
What?s the opportunity? Responsible for the management and co-ordination of logistic activities for manufacturing to achieve project programmes to time, cost and quality. What will...
- Recruiter: MBDA
- Zurich, Canton of Zürich (CH)
The successful candidate is expected to develop a strong and visible research programme in the area of control and diagnostics of building systems
- Recruiter: ETH Zurich
- Leatherhead, Surrey
- £33,242 - £36,565
This is important work that affects everyone in the UK, citizens and drivers alike and has a global impact.
- Recruiter: Department for Transport
- Flexible but may need to spend time in Glasgow, London or New York offices
We are always keen to work with relevant industry professionals on an associate basis.
- Recruiter: Smarter Grid Solutions
- North West England
- c. £65,000 + company car
As a Project Delivery Engineer, you will be an essential part of the team...
- Recruiter: National Grid
- Rotherham, South Yorkshire
- Negotiable depending upon experience
Industrial and Commercial Electrical Power System Studies including Single Line Diagrams, Fault and Protection Studies & Arc Flash Assessment
- Recruiter: Electrical Safety UK Ltd
- London (Greater)
Springer Nature, the publisher of Nature, is looking to recruit a Chief Editor for Nature Electronics...
- Recruiter: Nature Research
More than a billion ‘toxic legacy calls’ breach PCI rules
More than a billion call recordings of payment card details held by UK firms are in breach of regulations
More than a billion “toxic legacy call recordings” containing card details are putting UK firms at risk of massive fines.
Thousands of UK merchants are still holding phone calls containing customers’ card details in environments that fail to comply with Payment Card Industry Data Security Standards (PCI DSS) according to Matthew Bryars, CEO of IT outsourcing company Aeriandi, who will speak on the topic at the PCI London conference on Tuesday.
Falling foul of PCI DSS due to non-compliance or compromised payment card details includes fines of up to $500,000 per breach on top of the potential damage to an organisation’s brand reputation.
And with many firms keeping recordings in older, less secure data centres Bryars says cyber-criminals could easily use speech analytics software available on the internet to access, download and sell these card details on the black market.
“These applications could allow you to mine the data,” he says. “They are not hugely accurate but you only need an accuracy of 10 or 20 per cent to get a huge amount of credit card details out of a relatively small pot of data.”
The issue of toxic legacy data is the result of Financial Conduct Authority (FCA) requirements to retain call recordings in case they are needed during the resolution of complaints or disputes or for regulatory reasons, with some companies storing recordings for up to seven years.
But the FCA rules conflict with the PCI DSS regulations that only permit merchants to store payment card details for a legitimate reason and, if they have to, to protect that data to the PCI standard.
Though new methods like “pause resume” recording and the use of touch tones can now stop payment card data being recorded, many historical calls recordings fall foul of the PCI regulations.
“There are still businesses recording this data,” says Bryars. “Organisations are becoming compliant going forward so they are not recording card details on phone calls, which is great. But they are not looking back at the huge volume of calls they’ve got stored.”
Figures from the UK Payments Administration show 256 million card transactions were made over the telephone in the UK in 2012 and Bryars has estimated that up to one billion call recordings containing toxic legacy data now exist in the UK.
“What we are hoping to do is open people’s eyes to the awful lot of credit card data held in these recordings on site,” says Bryars, whose firm specialises in PCI-DSS compliance.
“Over the past 24 months I’ve met with many public and private sector organisations that take payment card data over the phone and, without exception, they all recognise that they have inherited a major toxic legacy call recording problem.
“However, few have yet to take any meaningful steps to migrate this toxic data into a secure and compliant data centre which means, for now at least, there is a very juicy new payment card target for opportunistic bad guys to exploit.
“These merchants have an obligation to wake up to the issue of legacy toxic call recordings, and take urgent steps to deal with it.”
"As the dust settles after the referendum result, we consider what happens next. We also look forward to an international summer of sport."
- Mars rover design unveiled by Chinese space agency
- Bumblebees tracked by radar reveals their ‘life story’
- Plastic membrane offers super-fast electric vehicle charging
- Autonomous octobot is first 3D-printed entirely soft robot
- Airlander 10 airship crashes during Bedfordshire test flight
- Bus-sized nuclear reactors could replace large-scale plants