PCI DSS Compliance & Contact Centres
Why is PCI DSS so important?
PCI DSS directly impacts contact centres where agents are asked to process cardholder data over the telephone, mobile, chat or app. All locations, systems and processes are then in scope, from the contact centre environment itself with Requirement 9 on physical access control and Requirement 10 on monitoring and logging; through the agent recruitment process to the data systems, voice systems and call recording.
PCI DSS compliance is not just limited to securing call recordings. The full journey of cardholder data within the contact centre must be mapped and secured. This includes voice systems, data systems and human touch-points. The scope of the audit is extensive and can require either an external auditor or dedicated internal resource to spend a number of months analysing and evaluating the environment and internal processes, to determine compliance without a guarantee of ongoing security.
The aim of PCI DSS is to protect consumers' payment card data from being shared/accessed and used illegally once a transaction has been made or processed. With the majority of contact centres handling personal customer data, including payment card information, there was a growing concern that merchants were not taking necessary steps to prevent this data from getting into the wrong hands.
Who is the Payment Card Industry Data Security Council?
The PCI SSC offers robust and comprehensive standards to enhance payment card data security that merchants must now comply with. Compliance monitoring comes in the form of an annual audit that concentrates on three main areas:
- Data collection and storage processes
- Reporting data protection processes
- Monitoring and alerting use of data
The finance and resource needed to implement the system processes needed to become PCI DSS compliant obviously increase with the business size. This may account for why organisations that house contact centres of 500+ agents are struggling to achieve, and maintain, PCI DSS compliance.
Card-not-Present (CNP) crime in contact centres continues to rise so it remains a top priority to significantly reduce the risk of fraud and the impact of a data breach. Download the eGuide to CNP crime in Contact Centres for advice on how to combat the threat.
PCI DSS Compliance eGuide
For a jargon-free guide to PCI DSS compliance for contact centres download the eGuide for the answers in one place.
De-scoping your contact centre
If you’re not a payment security expert, achieving, let alone maintaining, PCI DSS compliance can be difficult. Why not consider easing your burden by de-scoping as much of your contact centre as you can? Download our guide to ‘Building a business case for de-scoping your contact centre’ to set you on your way.