Business process outsourcer (BPO) Parseq has successfully achieved continued PCI compliance, one of the first remote PCI DSS assessments conducted by global cyber security and risk mitigation experts, NCC Group, during the global pandemic.
Parseq provides critical payments and payroll services to the UK’s biggest banks and financial institutions and, if it grinds to a halt, people and businesses don’t get paid. It was therefore essential that Parseq’s operations remained and the highest levels of security adhered to when the UK entered lockdown.
The annual PCI assessment took place week commencing 6th April 2020, with Parseq receiving confirmation last month that all requirements for the PCI standard had been successfully met at their Headquarters in Hellaby, South Yorkshire.
The Payment Card Industry Data Security Standard (PCI DSS) was set up to help businesses process card payments securely and reduce card fraud across the globe. Parseq has been a PCI DSS Level 1 Service Provider for over 11 years and the standard applies to any payment processor or service provider that processes greater than 300,000 card transactions annually.
The assessment was carried out remotely as a preventative measure to negate the impact of COVID-19, protecting both the auditor and Parseq’s key workers on site. The process involved a new way of working including several video calls, conference calls and a video-hosted site walk through for the Qualified Security Assessor. This also formed part of PCI audit controls which have taken place at Parseq throughout the year.
Parseq Managing Director, Craig Naylor-Smith, said: “To achieve continued PCI compliance, and to be one of the first to attain this remotely with NCC Group during a period of major disruption for businesses across the UK, is an exceptional accomplishment.
“It’s testament to our business continuity plans, levels of resilience and the commitment of our people that has made this possible. It also provides our clients with secure payment reassurance and upholds the compliance standards we pride ourselves on.”
NCC Group’s Qualified Security Assessor for Parseq, Bryan Scaife, said: “Parseq is one of NCC Group’s longest standing clients, we have been a trusted advisor through the provision of information assurance and security testing services. We are engaged with Parseq to deliver assistance with the PCI compliance programme as well as security testing which provides their clients with the comfort that payments are secure and high compliance standards are upheld.
“In the midst of the COVID-19 lockdown restrictions and the disruption caused to many organisations, NCC Group adapted quickly by evolving our testing capabilities and technology to enable PCI DSS assessments which would normally need to be held on-site, to be done remotely. By modifying our approach to closely follow the guidance for remote assessments published by the PCI Security Standards Council, this enabled Parseq to continue with their scheduled annual assessment, and subsequently demonstrate they were compliant.”
Parseq works with companies like banks, water companies and government organisations to achieve compliance, cost savings, and customer satisfaction through innovative and reliable automation of their communications and payments. With offices in the UK, Bulgaria and India and over 300 people globally, the company digitises 70 million documents and processes £36 billion payments annually.