× Globe

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site

Important COVID-19 update Read More

Blog

The latest thinking from Eckoh

Should we use pause and resume to meet PCI DSS compliance?
Wednesday, 04 May 2016

Are you seeking solutions to mitigate possible fraud, more specifically in your contact centres? If you process card payments on behalf of customers, you may have heard of the quick-fix pause and resume technology.

Pause resume 900

Pause and resume was actually recently listed as the most popular adopted method to assist with PCI compliance.

If you haven’t heard of it, pause and resume as a method usually involves an automatic system which stops the recording when sensitive data is being transferred from the caller, and then resumes the call recording once the agent is passed to the payment screen on their system.

Essentially pausing and resuming removes only the call recordings from PCI DSS audit scope. Your agents, networks, systems and telephony are still exposed to card data.

What’s wrong with pause-and-resume?

It doesn’t matter how many times we repeat it, this method may be easy but used in isolation, it will not make your telephone payments PCI DSS compliant and ultimately you are left vulnerable to contact centre fraud. Even though the sensitive data isn’t recorded, it is still exposed to the agent handling the call. And generally the interactions had when taking sensitive card data are the most important and require protection.

Possible side effects of this method may include:

  • Difficulty to actually achieve 100% automation of pause and resume
  • Headaches when you need to upgrade your telephony or IT systems.
  • Expensive and ineffective implementations, despite large investments of time to get them working.

Don’t forget your agent’s desktops and network will still be in scope for PCI compliance.

As a recent Verizon report reveals, even your employees and business partners can be potential threats. It is important to not lose sight of the role humans play in data breaches. 9% of confirmed data breaches over the previous three years were categorized in the insider and privilege misuse pattern. As pause-and-resume is not 100% reliable, the PCI SSC advises companies to implement methods that require no manual intervention.

How does that apply to your contact centre?

It only takes one breach to destroy your business. Anyone that can see, hear or handle your customers cardholder data are threats to the chances of a fully PCI DSS compliant, secure contact centre.

Our honest opinion

Pause and resume is often considered a temporary solution and will only ever address a small part of the overall PCI compliance issue of call centre card data storage. So as regulations have tightened, it is important that you continue to update your solutions and completely remove the risk of fraud from your call centre. This includes preventing card holder data from travelling through call recordings, screen recordings, agents, desktops, IT systems and telephony network.

Here at Eckoh we recognise every organisation has different requirements, and that’s why our PCI DSS Level 1 solutions have been designed to fit around your needs and infrastructure. Read our Definitive Guide to PCI DSS compliance for more answers.

If you'd like to know more about secure payments then get in touch.

About the Author

Alex Monaghan

Alex Monaghan

Presales Director

Alex has over 30 years’ experience in speech and communication technology. His contact centre, telecoms and secure payment knowledge will enable him to put together the best possible solution for our customers and provide honest, clear advice and support.

Connect with us on LinkedIn

Latest Blog Items

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Interactive quiz: Is your CX a winner or loser in the COVID-19 era? Four simple questions will help you find out, and show you what to do next. #contactcentre #CX #customerexperience #resiliency bit.ly/3bje2qM
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Eckoh wins a six-year Capita and TfL contract renewal worth £4m to provide services to the Congestion Charge as well as the new Ultra and Low Emissions Zone project. bit.ly/30UoGRo #securepayments #contactcentres
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Planning to retain some of your home working agents when your contact centre moves back to the office? bit.ly/30sDSEU #securepayments #ContactCenter

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube