×

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site

Blog

The latest thinking from Eckoh

Nine things that bug you about PCI DSS compliance
Tuesday, 16 April 2019

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) helps companies to demonstrate they can process card payments securely and reduce card fraud.

9 things that bug you 900

But the road to compliance can be fraught with wrong turns, unexpected risks and confusing myths. Even if your contact centre is PCI DSS compliant, you are still at serious risk of a breach. So, what hazards lie ahead and how can they best be avoided?

#1: Compliance doesn’t equal security

There’s a false sense of security that if you’re PCI DSS compliant, your contact centre isn’t at risk. Using multiple solutions can still lead to fraud. For example, pause and resume still allows your agents to see and hear card information, and isn’t always reliable. Also, clean rooms require calls to be transferred, resulting in a poor customer experience. Both are technically compliant but are not completely secure.

#2: PCI DSS is a moving target

There’s no guarantee that today’s solutions will work in the future. Compliance regulations will just keep changing and security auditors will find new gaps and vulnerabilities, which means you’ll have to keep changing too. Also, even if you are compliant, you may still be at risk of a breach.

#3 You’re wasting time and money trying to keep up with PCI DSS regulations

You need to protect your company’s brand value, keep your customers’ personal data safe and secure card data in your contact centre. That’s a tall order. But with every regulation change, you have to constantly change processes, implement new technology, maintain those solutions and spend time training agents. The operational costs can get out of control.

#4 Contact centre crime is a growing issue.

As online and point-of-sale transactions get more secure, criminals are now targeting the contact centre. According to a 2018 study, Card-Not-Present fraud is now 81% more likely than point-of-sale fraud. [1] If credit card data is entering the contact centre environment at all, where agents can see of hear it, or if it’s being stored in your systems, it’s at risk of being stolen.

#5 Pause and resume and other sticking plaster type fixes are not the answer.

Manual interventions are simply not reliable enough. Agents can still see and hear card details. Interrupting the call by transferring to an IVR or clean room environment is a less that ideal customer experience and these solutions have less that stellar success rates.

The average company uses 3 different solutions to maintain PCI DSS compliance, which is costly and time consuming.

#6 Your PCI DSS solution is inhibiting your contact centre technology progress.

Once your contact centre environment IVR, switch, payment service provider, network are embedded into your compliance process, it becomes problematic to change them when new regulations are introduced. You have to redo the plumbing and wiring again at great expense in terms of time and money.

#7 The cost of cyber insurance is climbing

In order to get the lower premiums, you need to protect customer data to the greatest degree possible. Many solutions leave you more exposed to increased premiums. A 2017 Ponemon Institute survey found that 87% of companies view cyber liability as one of their top ten business risks. The average cost of a cyber breach was £267,000 for small companies and £4.59 million for larger organisations.

#8 PCI DSS challenges prohibit you from benefiting from Work-at-Home agents

There are many advantages to having remote agents, but a multi-solution approach to PCI DSS compliance creates security and training challenges that are difficult to overcome, leaving fewer choices and less flexibility in staffing your contact centre.

#9 Poor customer payment practices can lead to lower CSAT/NPS scores.

Customers expect their financial information will be kept safe and secure. Requiring customers to read data aloud over the phone is a risk and can lead to higher levels of dissatisfaction. Customers want to pay in their channel of choice. Shifting them to another channel such as a payment IVR or clean room environment can be very frustrating.

There is a better way, CallGuard from Eckoh which significantly reduces your risk of fraud and streamlines your compliance process with one simple solution.

If you’d like to find out more about our Secure Payment solutions give us a call on 08000 630 730 or drop us an email at This email address is being protected from spambots. You need JavaScript enabled to view it.

[1] 2018 Identity Fraud Study, Javelin Strategy & Research

About the Author

Tony Porter

Tony Porter

Head of Global Marketing

Tony has over 30 years’ experience in sales, marketing and business development and currently leads these activities for Eckoh in both the UK and US markets and across all sectors. Tony’s role focuses on helping contact centres to improve their customer engagement, making them convenient and secure for consumers to use. He understands the challenges organisations face around PCI DSS compliance and how to make the Omnichannel contact centre experience a satisfying reality. He is a regular speaker at events on topics such as PCI DSS, GDPR, contact centre technology, IVR solutions, self-service, secure payments, marketing and business development.

Connect with us on LinkedIn

Latest Blog Items

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Are you finding it difficult to find continued vendor support for your legacy #Aspect® systems? Eckoh is here to help and can save you 30-40% in support costs: bit.ly/2YqhzMp #contactcentre
Eckoh (@Eckoh)

Eckoh (@Eckoh)

With Eckoh's Experience Portal you can access all the engagement channels and payment solutions you need to truly transform customer engagement, protect customer data and achieve PCI DSS compliance: bit.ly/2JcdlSq #pcidsscompliance #contactcentre
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Call recording is increasingly required by many organisations to comply with regulations, for training purposes or for legal reasons. Eckoh’s solution offers a simple, PCI DSS compliant solution for #callrecording in #contactcentres. Find out more: bit.ly/2x9r7zE

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube