Important COVID-19 update Read More

PCI DSS Compliance & Contact Centers

Why is PCI DSS so important?

PCI DSS directly impacts contact centers where agents are asked to process cardholder data over the telephone, mobile, chat or app. All locations, systems and processes are then in scope, from the contact center environment itself with Requirement 9 on physical access control and Requirement 10 on monitoring and logging; through the agent recruitment process to the data systems, voice systems and call recording.

PCI DSS compliance is not just limited to securing call recordings. The full journey of cardholder data within the contact center must be mapped and secured. This includes voice systems, data systems and human touch-points. The scope of the audit is extensive and can require either an external auditor or dedicated internal resource to spend a number of months analyzing and evaluating the environment and internal processes, to determine compliance without a guarantee of ongoing security.

The aim of PCI DSS is to protect consumers' payment card data from being shared/accessed and used illegally once a transaction has been made or processed. With the majority of contact centers handling personal customer data, including payment card information, there was a growing concern that merchants were not taking necessary steps to prevent this data from getting into the wrong hands.

Who is the Payment Card Industry Security Standards Council?

The PCI SSC offers robust and comprehensive standards to enhance payment card data security that merchants must now comply with. Compliance monitoring comes in the form of an annual audit that concentrates on three main areas:

  • Data collection and storage processes
  • Reporting data protection processes
  • Monitoring and alerting use of data

The finance and resource needed to implement the system processes required to become PCI DSS compliant obviously increase with the business size. This may account for why organizations that house contact centers of 500+ agents are struggling to achieve, and maintain, PCI DSS compliance.

a lady uses her eckoh card to pay online

Get in touch today

Finding this hard to understand? Then get in touch and let us help you meet your PCI DSS challenges.

Talk to us today