Titanic differences in de-scoping vendors
It’s relatively easy to spot an iceberg floating in the ocean. But it’s impossible to know just how massive it is without diving deep into the water.
Similar hidden dangers exist in the PCI DSS compliance market. There may be providers or compliance solutions that offer to secure your payments and give you broad promises about de-scoping, but their solutions only tackle surface-level threats and often rely on compensating controls. And that’s just the tip of the iceberg. The real dangers to your contact centre lurk deep beneath the surface, in the areas that most vendors are incapable of protecting.
In other words, you may have paid for de-scoping but get stuck with de-risking.
The dangers of de-risking
By using a de-risking strategy to achieve PCI DSS compliance, which often includes a number of compensating controls which may soon be deemed unacceptable, you allow sensitive data to continue to flow through crucial parts of your contact centre.
Only by completely removing the data from your environment (full de-scoping) can you be sure that your contact centre is as safe as possible.
The difference between de-risking and de-scoping can have significant implications for merchants, and these implications aren’t always clear when you choose an approach.
On average, UK contact centres use three different PCI DSS solutions to maintain compliance.
A multi-solution approach offers some form of de-risking, but not full de-scoping. You might be investing time, money and effort in an unreliable system that still leaves you exposed. Ineffective solutions can include:
- Pause & resume – it’s prone to errors and doesn’t actually protect data so it could capsize your system
- Mid-Call – it’s also prone to errors and is a collision of timing and human error
- Appliances at the desktop and call recorder – doesn’t actually remove data from the contact centre environment
- Appliance within your data centre – you may be de-risking part of your business but there is still data in your environment.
Don’t let de-risking sink your contact centre
There’s only one solution that truly removes the contact centre environment from the scope of PCI DSS compliance. You need a hosted solution like CallGuard from Eckoh which will fully protect your contact centre by preventing customer card data from entering in the first place. If there’s nothing there, there’s nothing to steal.
Latest Blog Items
Tuesday, 31 March 2020 Making friends with ChatbotsIt's suggested that we make friends with Chatbots because they never sleep. What else could they help you with?
Tuesday, 24 March 2020 Challenge #7: Saving customers from IVR maze miseryAre customers calling your contact centre, navigating your IVR and ending up in the wrong place? If so, there's a fast way to solve the problem painlessly.
Monday, 23 March 2020 Can compliance be a catalyst for transformation?In our latest webinar, Ashley Burton, Eckoh’s Head of Product, interprets the theme of ‘time to think bigger’ from a customer perspective and asks the question ‘can compliance be a catalyst for transformation?