× Globe

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site


The latest thinking from Eckoh

The PCI DSS compliance checklist for contact centres
Thursday, 21 January 2016

If your contact centre handles customer transactions and sensitive card data- the Payment Card Industry Data Security Standard (PCI DSS) is most likely something you’ve heard of.

PCI checklist 900

As a formal set of requirements and standards, PCI DSS applies to all organisations which store, process or transmit sensitive data. The standards aims to ensure retailers, credit card brands and consumers are all protected from fraud and breaches.

Card Not Present Fraud

For contact centres taking Card Not Present (“CNP”) payments (transactions made via phone, internet or mail order purchases), PCI DSS Compliance is crucial.

If your company is actively non-compliant, you’re at risk of suffering a data breach, monetary fines, as well as losing consumer trust. Ignoring the standard requirements could have a detrimental impact on your business, especially when CNP fraud is on the rise internationally. According to the Aite Group, CNP fraud in the U.S currently represents 45% of total U.S. card fraud, and in the UK the Financial Fraud Action UK reported an increase in fraud losses by 10%, totalling an estimated £331.5m in 2014.

So how does PCI DSS help?

The standards help to shape baseline requirements, that help companies like yours to create a series of information security networks. Being compliant will help you to identify where your cardholder data is coming from, who has access to it and how it will be stored. Understanding how this sensitive data is transferred is fundamental in order to protect it.

The Checklist

Among the many risks, two of the key risk areas for data breaches, include staff access and phone/network hacking. The PCI standards are robust and comprehensive to enhance payment card data security – and consequently reduce the risks associated.

Here is a brief PCI DSS compliance checklist of the requirements your organisation must meet to become PCI DSS compliant:

Build and Maintain a Secure Network and Systems

This should be implemented by installing and maintaining a firewall configuration that protects CHD. It is advised to not use vendor-supplied defaults for system passwords or associated devices used in payment processing.

Protect Cardholder Data

It is best not to store cardholder data. If your business requires you to do so then ensure it is thoroughly protected. Any CHD that is transmitted across open, public networks should be encrypted.

Maintain a Vulnerability Management Program

This should consist of installing anti-virus software and keeping all protection programs up to date. Develop and maintain secure systems and applications such as using security patches.

Implement Strong Access Control Measures

Restrict access to sensitive CHD on a strictly need-to-know basis. Each user should be identified with a valid ID number when accessing system components. All personnel should be restricted physical access to CHD.

Regularly Monitor and Test Networks

Track and monitor all access to network resources, systems and CHD. Ensure that all security systems, functions and cardholder data environment are regularly tested.

Maintain an Information Security Policy

Maintain a policy that addresses information security and make sure all personnel are aware of it and are kept up-to-date.

Beyond the compliance of systems and processes, there are many secure payment services available, to eliminate the risk of internal staff having unnecessary contact with sensitive card information. To find out more about securing payment in contact centres read our eGuide to CNP Crime in Contact Centres

If you'd like to know more about secure payments then give us a call on 08000 630 730 or drop us an email at This email address is being protected from spambots. You need JavaScript enabled to view it.

About the Author

Tony Porter

Tony Porter

Head of Global Marketing

Tony has over 30 years’ experience in sales, marketing and business development and currently leads these activities for Eckoh in both the UK and US markets and across all sectors. Tony’s role focuses on helping contact centres to improve their customer engagement, making them convenient and secure for consumers to use. He understands the challenges organisations face around PCI DSS compliance and how to make the Omnichannel contact centre experience a satisfying reality. He is a regular speaker at events on topics such as PCI DSS, GDPR, contact centre technology, IVR solutions, self-service, secure payments, marketing and business development.

Connect with us on LinkedIn

Latest Blog Items

  • What if your contact centre was a car?

    Wednesday, 19 February 2020 What if your contact centre was a car?

    Imagine, you buy a car and you buy a three-year care plan so all your servicing and repairs are covered. After three years you opt for an extended care plan for another two years - it's a bit more expensive, but the car is doing just what you need and you don't want to change.
  • Contact Centre of the Future Part 4 - Payments

    Tuesday, 18 February 2020 Contact Centre of the Future Part 4 - Payments

    How will customers make purchases via the Contact Centre of the Future? In the fourth part of our series, Ashley Burton, Head of Product at Eckoh, examines what's ahead for payments.
  • Challenge #5: Help when purchasers wobble at the checkout

    Tuesday, 11 February 2020 Challenge #5: Help when purchasers wobble at the checkout

    Are your online customers getting cold feet on the final payment screen — and giving up? If so, there's an effective tool you can use to get them over line.

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Ineffective solutions could be wasting your time and money. What are these ineffective solutions and what can you do to fully de-scope your contact centre. Read the latest blog and find out how to prevent the risk of fraud and the impact of data breaches. eckoh.com/resources/blog…
Eckoh (@Eckoh)

Eckoh (@Eckoh)

In the fourth part of our 'Contact centre of the future' series, Ashley Burton, Head of Product at Eckoh, reveals how customers will make purchases via the Contact Centre in our latest blog. Click the link and find out more.. eckoh.com/resources/blog… #payments
Eckoh (@Eckoh)

Eckoh (@Eckoh)

In the third part of our 'Contact centre of the future' series, Ashley Burton, Head of Product at Eckoh, reveals what you need to know about the Contact Centre Managers of the future in our latest blog. Click the link and find out more.. eckoh.com/resources/blog… #contactcentre

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube