× Globe

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site

Blog

The latest thinking from Eckoh

PCI DSS compliance – can you see the hidden threats
Tuesday, 21 January 2020

Titanic differences in de-scoping vendors

De risking de scoping 900

It’s relatively easy to spot an iceberg floating in the ocean. But it’s impossible to know just how massive it is without diving deep into the water.

Similar hidden dangers exist in the PCI DSS compliance market. There may be providers or compliance solutions that offer to secure your payments and give you broad promises about de-scoping, but their solutions only tackle surface-level threats and often rely on compensating controls. And that’s just the tip of the iceberg. The real dangers to your contact centre lurk deep beneath the surface, in the areas that most vendors are incapable of protecting.

In other words, you may have paid for de-scoping but get stuck with de-risking.

The dangers of de-risking

By using a de-risking strategy to achieve PCI DSS compliance, which often includes a number of compensating controls which may soon be deemed unacceptable, you allow sensitive data to continue to flow through crucial parts of your contact centre.

Only by completely removing the data from your environment (full de-scoping) can you be sure that your contact centre is as safe as possible.

The difference between de-risking and de-scoping can have significant implications for merchants, and these implications aren’t always clear when you choose an approach.

On average, UK contact centres use three different PCI DSS solutions to maintain compliance.

A multi-solution approach offers some form of de-risking, but not full de-scoping. You might be investing time, money and effort in an unreliable system that still leaves you exposed. Ineffective solutions can include:

  • Pause & resume – it’s prone to errors and doesn’t actually protect data so it could capsize your system
  • Mid-Call – it’s also prone to errors and is a collision of timing and human error
  • Appliances at the desktop and call recorder – doesn’t actually remove data from the contact centre environment
  • Appliance within your data centre – you may be de-risking part of your business but there is still data in your environment.

Don’t let de-risking sink your contact centre

There’s only one solution that truly removes the contact centre environment from the scope of PCI DSS compliance. You need a hosted solution like CallGuard from Eckoh which will fully protect your contact centre by preventing customer card data from entering in the first place. If there’s nothing there, there’s nothing to steal.

Download our short guide to de-risking vs de-scoping to read more. Or, get in touch if you'd like to know more about contact centre technology

About the Author

Claire Lynam

Claire Lynam

Marketing Manager

Claire is a professional marketer with 30 years experience in marketing, communications and PR, creating content and collateral that resonates with an organisation's audience. Having worked in multi-national companies and SMEs, Claire has expertise in creating messaging that works for both B2C and B2B markets. 

Connect with us on LinkedIn

Latest Blog Items

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

insights.eckoh.com/acton/media/63… Join our free, 15-minute webinar to see real examples of how some contact centres have adapted under pressure to maintain customer service and business continuity. #CustomerExperience #contactcentre #homeworking #businesscontinuity

Eckoh (@Eckoh)

Don't forget to register for our next webinar ‘Can compliance be a catalyst for transformation?' starting Tomorrow, 31 March @ 11am. Can’t make it? Sign up anyway and we'll email you a recording. #webinar #digitaltransformation #pcidss #pcicompliance insights.eckoh.com/acton/media/63…
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Home-working agents can still take secure payments. Eckoh is providing free consultative advice that can help you get up and running fast. We’re ready to help so get in touch. #heretohelp #contactcentre #remoteworking #PCIDSS eckoh.com/homeworking-so…

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube