The latest thinking from Eckoh

How to create a business case for de-scoping your contact center from PCI DSS audit
Friday, 02 November 2018

Removing your contact center from the scope of PCI DSS audit is a smart strategy – we call it ‘de-scoping’. But how are you going to convince your business and senior management that it’s the right move?

Business case for descsoping 900

Here’s where Eckoh can help. Our handy guide to creating a business case for de-scoping is based on our experience and expertise from over ten years of PCI DSS projects. We hope it helps you create a compelling argument that gets you the business buy-in you need.

You should start by asking yourself ‘What is important to my business?’ It may not be as obvious as simply achieving compliance, there could be other drivers such as risk reduction or revenue protection. Once you’ve established that, you can collect the facts to substantiate your reasoning, which will help you to lay out a plan of action and identify the benefits to be gained.

Fundamentally there are 6 steps to building your business case…

  1. Establish the basics – regulations and their impact and what your business has done about them and how it has worked.
  2. What are you trying to achieve – what is your vision of your business world once you’ve de-scoped your contact center
  3. What actions and solutions will bring the best return – compare the options and dig deep into what each will bring
  4. Who are the stakeholders – identifying them will help you target your message
  5. How much will it cost? – what everyone wants to know so make sure you’ve looked at all the angles
  6. What are the benefits – what is in it for your stakeholders?

At Eckoh, we believe it’s better to invest time and resource today... than pay dearly tomorrow.

As leaders in the development and delivery of secure payment solutions, time and again we hear from customers who have chosen another supplier’s solution but never actually managed to implement it. It’s proved to be too complicated, beyond their ability and just unworkable. Sound familiar? You’re not alone.

Many businesses have been down this route thinking they were buying an economical and practical solution. But the reality is that they were left vulnerable to data breaches because they just couldn’t get the solution to work. Wasting time, money and resources – not to mention risking the fundamentals of their business and customer trust.

Eckoh’s CallGuard solution ensures that your contact center remains secure and PCI DSS compliant by preventing sensitive card data from being heard or seen by agents - and from entering your systems. As such it can remove the whole business, or specific parts, from the scope of PCI DSS compliance. If the sensitive card data isn’t there, it can’t be stolen.

Which would you choose?

There is a choice… a simple, easy and long-term solution for continuous compliance, or a difficult, complicated and unmaintainable one.

For more detail take a look at our handy guide to ‘Creating business case for contact center de-scoping' or the ‘Definitive Guide to PCI DSS compliance' Alternatively, if you’d like to talk to us about this give us a call on 866 258 9297 or drop us an email at This email address is being protected from spambots. You need JavaScript enabled to view it..

About the Author

Tony Porter

Tony Porter

Head of Global Marketing Tony has over 30 years’ experience in sales, marketing and business development and currently leads these activities for Eckoh in both the US and UK markets and across all sectors. Tony’s role focuses on helping contact centers to improve their customer engagement, making them convenient and secure for consumers to use. He understands the challenges organizations face around PCI DSS compliance and how to make the Omnichannel contact center experience a satisfying reality. He is a regular speaker at events on topics such as PCI DSS, GDPR, contact center technology, IVR solutions, self-service, secure payments, marketing and business development.

Connect with us on LinkedIn

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Extend the life of your trusty legacy #Aspect® systems with expert third-party support from Eckoh.
Eckoh (@Eckoh)

Eckoh (@Eckoh)

The Eckoh team are set-up and ready to meet you at the PCI North America Community Meeting. Come and say hello to the team at Booth #6. We would love to share insights and knowledge with you around secure payment solutions for your contact center. #PCISSC
Eckoh (@Eckoh)

Eckoh (@Eckoh)

We are looking for a qualified Senior Software Engineer to lead a team of developers in Hemel Hempstead. You need to have expert knowledge of Linux server systems, web development, and famiarity with HTML, PHP, JavaScript, jQuery and more. Apply: #careers