Titanic differences in de-scoping vendors
It’s relatively easy to spot an iceberg floating in the ocean. But it’s impossible to know just how massive it is without diving deep into the water.
Similar hidden dangers exist in the PCI DSS compliance market. There may be providers or compliance solutions that offer to secure your payments and give you broad promises about de-scoping, but their solutions only tackle surface-level threats and often rely on compensating controls. And that’s just the tip of the iceberg. The real dangers to your contact centre lurk deep beneath the surface, in the areas that most vendors are incapable of protecting.
In other words, you may have paid for de-scoping but get stuck with de-risking.
The dangers of de-risking
By using a de-risking strategy to achieve PCI DSS compliance, which often includes a number of compensating controls which may soon be deemed unacceptable, you allow sensitive data to continue to flow through crucial parts of your contact centre.
Only by completely removing the data from your environment (full de-scoping) can you be sure that your contact centre is as safe as possible.
The difference between de-risking and de-scoping can have significant implications for merchants, and these implications aren’t always clear when you choose an approach.
On average, UK contact centres use three different PCI DSS solutions to maintain compliance.
A multi-solution approach offers some form of de-risking, but not full de-scoping. You might be investing time, money and effort in an unreliable system that still leaves you exposed. Ineffective solutions can include:
- Pause & resume – it’s prone to errors and doesn’t actually protect data so it could capsize your system
- Mid-Call – it’s also prone to errors and is a collision of timing and human error
- Appliances at the desktop and call recorder – doesn’t actually remove data from the contact centre environment
- Appliance within your data centre – you may be de-risking part of your business but there is still data in your environment.
Don’t let de-risking sink your contact centre
There’s only one solution that truly removes the contact centre environment from the scope of PCI DSS compliance. You need a hosted solution like CallGuard from Eckoh which will fully protect your contact centre by preventing customer card data from entering in the first place. If there’s nothing there, there’s nothing to steal.
Latest Blog Items
Wednesday, 19 February 2020 What if your contact centre was a car?Imagine, you buy a car and you buy a three-year care plan so all your servicing and repairs are covered. After three years you opt for an extended care plan for another two years - it's a bit more expensive, but the car is doing just what you need and you don't want to change.
Tuesday, 18 February 2020 Contact Centre of the Future Part 4 - PaymentsHow will customers make purchases via the Contact Centre of the Future? In the fourth part of our series, Ashley Burton, Head of Product at Eckoh, examines what's ahead for payments.
Tuesday, 11 February 2020 Challenge #5: Help when purchasers wobble at the checkoutAre your online customers getting cold feet on the final payment screen — and giving up? If so, there's an effective tool you can use to get them over line.