PCI DSS Compliance & Contact Centres

Why is PCI DSS so important?

PCI DSS directly impacts contact centres where agents are asked to process cardholder data over the telephone, mobile, chat or app. All locations, systems and processes are then in scope, from the contact centre environment itself with Requirement 9 on physical access control and Requirement 10 on monitoring and logging; through the agent recruitment process to the data systems, voice systems and call recording.

PCI DSS compliance is not just limited to securing call recordings. The full journey of cardholder data within the contact centre must be mapped and secured. This includes voice systems, data systems and human touch-points. The scope of the audit is extensive and can require either an external auditor or dedicated internal resource to spend a number of months analysing and evaluating the environment and internal processes, to determine compliance without a guarantee of ongoing security.

The aim of PCI DSS is to protect consumers' payment card data from being shared/accessed and used illegally once a transaction has been made or processed. With the majority of contact centres handling personal customer data, including payment card information, there was a growing concern that merchants were not taking necessary steps to prevent this data from getting into the wrong hands.

Who is the Payment Card Industry Data Security Council?

The PCI SSC offers robust and comprehensive standards to enhance payment card data security that merchants must now comply with. Compliance monitoring comes in the form of an annual audit that concentrates on three main areas:

  • Data collection and storage processes
  • Reporting data protection processes
  • Monitoring and alerting use of data

The finance and resource needed to implement the system processes needed to become PCI DSS compliant obviously increase with the business size. This may account for why organisations that house contact centres of 500+ agents are struggling to achieve, and maintain, PCI DSS compliance.

Payment fraud concept

Get in touch today

Finding this hard to understand? Then get in touch and let us help you meet your PCI DSS challenges.

Talk to us today