PCI DSS Compliance & Contact Centers
Why is PCI DSS so important?
PCI DSS directly impacts contact centers where agents are asked to process cardholder data over the telephone, mobile, chat or app. All locations, systems and processes are then in scope, from the contact center environment itself with Requirement 9 on physical access control and Requirement 10 on monitoring and logging; through the agent recruitment process to the data systems, voice systems and call recording.
PCI DSS compliance is not just limited to securing call recordings. The full journey of cardholder data within the contact center must be mapped and secured. This includes voice systems, data systems and human touch-points. The scope of the audit is extensive and can require either an external auditor or dedicated internal resource to spend a number of months analyzing and evaluating the environment and internal processes, to determine compliance without a guarantee of ongoing security.
The aim of PCI DSS is to protect consumers' payment card data from being shared/accessed and used illegally once a transaction has been made or processed. With the majority of contact centers handling personal customer data, including payment card information, there was a growing concern that merchants were not taking necessary steps to prevent this data from getting into the wrong hands.
Who is the Payment Card Industry Security Standards Council?
The PCI SSC offers robust and comprehensive standards to enhance payment card data security that merchants must now comply with. Compliance monitoring comes in the form of an annual audit that concentrates on three main areas:
- Data collection and storage processes
- Reporting data protection processes
- Monitoring and alerting use of data
The finance and resource needed to implement the system processes required to become PCI DSS compliant obviously increase with the business size. This may account for why organizations that house contact centers of 500+ agents are struggling to achieve, and maintain, PCI DSS compliance.
Card-not-Present (CNP) crime in contact centers continues to rise so it remains a top priority to significantly reduce the risk of fraud and the impact of a data breach. Download the eGuide to CNP crime in Contact Centers for advice on how to combat the threat.
PCI DSS Compliance
For a jargon-free guide to PCI DSS compliance for contact centers download the eGuide for the answers in one place.
De-Scoping your Contact Center
If you’re not a payment security expert, achieving, let alone maintaining, PCI DSS compliance can be difficult. Why not consider easing your burden by de-scoping as much of your contact center as you can? Download our guide to ‘Building a business case for de-scoping your contact center’ to set you on your way.