× Globe

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site

Important COVID-19 update Read More


The latest thinking from Eckoh

Nine things that bug you about PCI DSS compliance
Friday, 19 June 2020

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) helps companies to demonstrate they can process card payments securely and reduce card fraud.

9 things that bug you 900

But the road to compliance can be fraught with wrong turns, unexpected risks and confusing myths. Even if your contact centre is PCI DSS compliant, you are still at serious risk of a breach. So, what hazards lie ahead and how can they best be avoided?

#1 PCI DSS challenges prohibit you from benefiting from home-working agents

There are many advantages to having remote agents especially in the current circumstances, but a multi-solution approach to PCI DSS compliance creates security and training challenges that are difficult to overcome, leaving fewer choices and less flexibility in staffing your contact centre.

#2 Pause and resume and other sticking plaster type fixes are not the answer.

Manual interventions are simply not reliable enough. Agents can still see and hear card details. Interrupting the call by transferring to an IVR or clean room environment is a less that ideal customer experience and these solutions have less that stellar success rates, not to mentioned unreliable in an uncontrolled, remote working environment.

The average company uses 3 different solutions to maintain PCI DSS compliance, which is costly and time consuming.

#3: Compliance doesn’t equal security

There’s a false sense of security that if you’re PCI DSS compliant, your contact centre isn’t at risk. Using multiple solutions can still lead to fraud. For example, pause and resume still allows your agents to see and hear card information, and isn’t always reliable. Also, clean rooms require calls to be transferred, resulting in a poor customer experience. Both are technically compliant but are not completely secure.

#4: PCI DSS is a moving target

There’s no guarantee that today’s solutions will work in the future. Compliance regulations will just keep changing and security auditors will find new gaps and vulnerabilities, which means you’ll have to keep changing too. Also, even if you are compliant, you may still be at risk of a breach.

#5 You’re wasting time and money trying to keep up with PCI DSS regulations

You need to protect your company’s brand value, keep your customers’ personal data safe and secure card data in your contact centre. That’s a tall order. But with every regulation change, you have to constantly change processes, implement new technology, maintain those solutions and spend time training agents. The operational costs can get out of control.

#6 Contact centre crime is a growing issue.

As online and point-of-sale transactions get more secure, criminals are now targeting the contact centre. According to a 2018 study, Card-Not-Present fraud is now 81% more likely than point-of-sale fraud. [1] If credit card data is entering the contact centre environment at all, where agents can see of hear it, or if it’s being stored in your systems, it’s at risk of being stolen.

#7 Your PCI DSS solution is inhibiting your contact centre technology progress.

Once your contact centre environment IVR, switch, payment service provider, network are embedded into your compliance process, it becomes problematic to change them when new regulations are introduced. You have to redo the plumbing and wiring again at great expense in terms of time and money.

#8 The cost of cyber insurance is climbing

In order to get the lower premiums, you need to protect customer data to the greatest degree possible. Many solutions leave you more exposed to increased premiums. A 2017 Ponemon Institute survey found that 87% of companies view cyber liability as one of their top ten business risks. The average cost of a cyber breach was £267,000 for small companies and £4.59 million for larger organisations.

#9 Poor customer payment practices can lead to lower CSAT/NPS scores.

Customers expect their financial information will be kept safe and secure. Requiring customers to read data aloud over the phone is a risk and can lead to higher levels of dissatisfaction. Customers want to pay in their channel of choice. Shifting them to another channel such as a payment IVR or clean room environment can be very frustrating.

There is a better way, CallGuard from Eckoh which significantly reduces your risk of fraud and streamlines your compliance process with one simple solution.

If you’d like to find out more about our Secure Payment solutions then get in touch.

[1] 2018 Identity Fraud Study, Javelin Strategy & Research

About the Author

Claire Lynam

Claire Lynam

Marketing Manager

Claire is a professional marketer with 30 years experience in marketing, communications and PR, creating content and collateral that resonates with an organisation's audience. Having worked in multi-national companies and SMEs, Claire has expertise in creating messaging that works for both B2C and B2B markets. 

Connect with us on LinkedIn

Latest Blog Items

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Interactive quiz: Is your CX a winner or loser in the COVID-19 era? Four simple questions will help you find out, and show you what to do next. #contactcentre #CX #customerexperience #resiliency bit.ly/3bje2qM
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Eckoh wins a six-year Capita and TfL contract renewal worth £4m to provide services to the Congestion Charge as well as the new Ultra and Low Emissions Zone project. bit.ly/30UoGRo #securepayments #contactcentres
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Planning to retain some of your home working agents when your contact centre moves back to the office? bit.ly/30sDSEU #securepayments #ContactCenter

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube