Compliance with the Payment Card Industry Data Security Standard (PCI DSS) helps companies to demonstrate they can process card payments securely and reduce card fraud.
But the road to compliance can be fraught with wrong turns, unexpected risks and confusing myths. Even if your contact centre is PCI DSS compliant, you are still at serious risk of a breach. So, what hazards lie ahead and how can they best be avoided?
#1: Compliance doesn’t equal security
There’s a false sense of security that if you’re PCI DSS compliant, your contact centre isn’t at risk. Using multiple solutions can still lead to fraud. For example, pause and resume still allows your agents to see and hear card information, and isn’t always reliable. Also, clean rooms require calls to be transferred, resulting in a poor customer experience. Both are technically compliant but are not completely secure.
#2: PCI DSS is a moving target
There’s no guarantee that today’s solutions will work in the future. Compliance regulations will just keep changing and security auditors will find new gaps and vulnerabilities, which means you’ll have to keep changing too. Also, even if you are compliant, you may still be at risk of a breach.
#3 You’re wasting time and money trying to keep up with PCI DSS regulations
You need to protect your company’s brand value, keep your customers’ personal data safe and secure card data in your contact centre. That’s a tall order. But with every regulation change, you have to constantly change processes, implement new technology, maintain those solutions and spend time training agents. The operational costs can get out of control.
#4 Contact centre crime is a growing issue.
As online and point-of-sale transactions get more secure, criminals are now targeting the contact centre. According to a 2018 study, Card-Not-Present fraud is now 81% more likely than point-of-sale fraud.  If credit card data is entering the contact centre environment at all, where agents can see of hear it, or if it’s being stored in your systems, it’s at risk of being stolen.
#5 Pause and resume and other sticking plaster type fixes are not the answer.
Manual interventions are simply not reliable enough. Agents can still see and hear card details. Interrupting the call by transferring to an IVR or clean room environment is a less that ideal customer experience and these solutions have less that stellar success rates.
The average company uses 3 different solutions to maintain PCI DSS compliance, which is costly and time consuming.
#6 Your PCI DSS solution is inhibiting your contact centre technology progress.
Once your contact centre environment IVR, switch, payment service provider, network are embedded into your compliance process, it becomes problematic to change them when new regulations are introduced. You have to redo the plumbing and wiring again at great expense in terms of time and money.
#7 The cost of cyber insurance is climbing
In order to get the lower premiums, you need to protect customer data to the greatest degree possible. Many solutions leave you more exposed to increased premiums. A 2017 Ponemon Institute survey found that 87% of companies view cyber liability as one of their top ten business risks. The average cost of a cyber breach was £267,000 for small companies and £4.59 million for larger organisations.
#8 PCI DSS challenges prohibit you from benefiting from Work-at-Home agents
There are many advantages to having remote agents, but a multi-solution approach to PCI DSS compliance creates security and training challenges that are difficult to overcome, leaving fewer choices and less flexibility in staffing your contact centre.
#9 Poor customer payment practices can lead to lower CSAT/NPS scores.
Customers expect their financial information will be kept safe and secure. Requiring customers to read data aloud over the phone is a risk and can lead to higher levels of dissatisfaction. Customers want to pay in their channel of choice. Shifting them to another channel such as a payment IVR or clean room environment can be very frustrating.
There is a better way, CallGuard from Eckoh which significantly reduces your risk of fraud and streamlines your compliance process with one simple solution.
 2018 Identity Fraud Study, Javelin Strategy & Research
Latest Blog Items
Tuesday, 13 August 2019 Is your PCI DSS strategy killing your agility?Contact centres must protect customer card data — but the wrong PCI DSS strategy can hold back your business. Sometimes, only a security rethink will give you the freedom to thrive.
Tuesday, 30 July 2019 PCI DSS - are you playing whack-a-mole and losing badly?Is your contact centre protecting customer card data with expensive sticking plasters? If so, then don't be surprised if fraudsters tear through. You'll need a radical rethink to stop criminals.
Thursday, 11 July 2019 Contact centre safe from fraud? Think againContact centre crime is on the rise — but the big scandal is the time and money being wasted on tackling it the wrong way. Put simply, organisations need a new strategy, fast.