× Globe

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site

Important COVID-19 update Read More


The latest thinking from Eckoh

PCI DSS: What's the cost of DIY compliance vs de-scoping?
Tuesday, 05 June 2018

Tackling PCI DSS compliance can feel like you're battling with hydra from Greek mythology ... the moment you think you’re making progress, the monster grows another head. So, is it time to hand the job to someone with more firepower?

PCI DSS DIY cost of 900

Achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS) is a 'must' for smart-thinking merchants that receive payments over the phone, web, mobile app or chat channels. You need to protect cardholder data wherever it’s processed, stored and transmitted within your contact centre systems and environment.

Just recently, we've looked at the cost of doing nothing about PCI DSS compliance. Without proper protection, you risk receiving fines, card restrictions, lost business and a damaged brand reputation if sensitive card information is stolen by hackers or employees.

We also examined the thrills, perils and costs of taking a DIY approach to compliance. The sheer scale and cost of achieving PCI DSS compliance can be mind-boggling. And it's not just a once-a-year activity. Compliance must be kept up, non-stop, while criminals are becoming ever more subtle and devious in their attempts to 'crack the system'.

But what about asking a specialist partner to provide PCI DSS compliance for you? That way, you could de-scope your environment completely, a very attractive outsourcing option

Keeping out cardholder data

Today, it's possible to provide PCI DSS compliant payment capabilities on all your existing channels quickly and easily without massive cost, risk and complexity. All the cardholder data can be handled by a secure payment partner. They verify payments and ensure that anything sensitive bypasses your agents and systems completely.

This sounds like a dream solution to the hassles of DIY compliance. But what are the costs of outsourcing PCI DSS? Let's look at three.

Costs #1: Operating expenditure

Using a third party partner for PCI DSS compliance will cost, naturally. But there are two big advantages with outsourcing how your payments are secured and verified. Firstly, you can avoid the massive ongoing costs of added security for your systems, environment and people. Secondly, the fees you pay to a partner will be predictable you won't face unexpected financial pressure whenever new vulnerabilities suddenly appear and need fixing fast.

Cost #2: Risk of failure

Outsourcing doesn't mean you're off the hook. Even though you're trusting a third party partner for your PCI DSS compliance, your organisation is still just as liable for fines and other penalties if your partner makes any blunders and security is breached. That's why it's essential to ask about the robustness of your provider's service and their track record. What's the total value of transactions they handle per year? Which organisations rely on their platform already? What customer satisfaction levels do they have? It's vital to get the right answers.

Cost #3: Missed opportunities

In today's highly-competitive selling environment, it's essential for merchants to enhance the customer experience and offer payment services on every channel, including new ones such as payments over Live Chat and Apple Pay. But this begs the question: can your PCI DSS partner secure new channels and keep up with your business aspirations? Choosing the wrong partner could prove costly in the future.

Select the right partner with care

There's a compelling case for using an experienced partner to handle PCI DSS compliance so you can keep cardholder data out of your contact centre environment and completely remove the threat of a data breach.However, it's essential to choose the right partner if you want to avoid the risks and make you sure you don't miss new business opportunities.

Looking for the best path to PCI DSS compliance?

Download your free copy of our definitive guide to PCI DSS. You'll discover everything you wanted to know about secure payments but were too afraid to ask.

If you’re not convinced by PCI DSS compliance then read our jargon-free guide which explains the rise in CNP crime in contact centres, where you’re vulnerable and what you can do to combat the threat.

Alternatively, if you’d like to talk to us about this get in touch.

About the Author

Tony Porter

Tony Porter

Head of Global Marketing

Tony has over 30 years’ experience in sales, marketing and business development and currently leads these activities for Eckoh in both the UK and US markets and across all sectors. Tony’s role focuses on helping contact centres to improve their customer engagement, making them convenient and secure for consumers to use. He understands the challenges organisations face around PCI DSS compliance and how to make the Omnichannel contact centre experience a satisfying reality. He is a regular speaker at events on topics such as PCI DSS, GDPR, contact centre technology, IVR solutions, self-service, secure payments, marketing and business development.

Connect with us on LinkedIn

Latest Blog Items

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Find out the critical next steps to ensuring security for your remote workers involving your people, processes and technology. #contactcentres #securepayments #eckoh bit.ly/2D7QLLx
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Eckoh had an excellent performance in the year, with double digit revenue and profit growth as well as record order levels for a second year running. #contactcentres #paymentsecurity bit.ly/30NSO0U
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Find out about the 5 lessons learned from COVID-19 for contact centre resilience. bit.ly/3cPDxz3

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube