Medium and large business see major expense in managing PCI compliance for CNP transactions with SAQ audits while also managing levels of internal and external fraud associated with stolen cards. Current solutions for mitigating SAQ levels involve placing physical terminals on employees desks and finding processors that can provide P2PE compliant solutions. Even so, if the company records phone calls, those recordings still fall under PCI guidelines.
Likewise, with the growth of distributed call centers and retail stores as fulfillment centers, the use of credit cards over the phone create opportunities for employee theft and fraud. Card theft continues to be a problem in these cases with only Card Verification Data (CVD) and Address Verification (AVS) as common means of analysis.