PCI DSS (Payment Card Industry Data Security Standard) is a set of security policies, tools and measurements developed by major payment brands and the Payment Card Industry Security Standards Council (PCI SSC) to help ensure the safe handling of credit and debit card information.
The standard applies to all businesses that accept credit cards, both online or over the phone – from the world’s largest corporations to individual merchants. Although the size of business will determine which specific compliance requirements must be met.
If you handle, store, process or transmit cardholder information, your business must protect that data in line with the Payment Card Industry Data Security Standard (PCI DSS). It’s critical for your reputation and essential for your bottom line. But like many forms of regulation, PCI compliance can be complicated to manage and implement. Which is where can help.
You must ensure your customers’ payment card data is being kept safe with every telephone transaction they make with you.
This means adhering to the PCI DSS standard that covers security management, policies, procedures, network architecture, and software design. It also means continuously assessing your operations and addressing any vulnerabilities; contact centre PCI DSS compliance is an ongoing process, rather than a one-time fix.
This may sound complicated, but the business benefits of PCI compliance are enormous – fraud protection, improved efficiency and help towards compliance with other regulations such as the FCA and Dodd Frank.
In house PCI compliance
To do this you’ll need to follow and understand the PCI DSS standard, then apply it to your IT infrastructure, business processes and internal staff. You will also need to test and analyse systems, then fix and report vulnerabilities.
This option is possible, but it is expensive to manage, resource intensive and may leave you open to security breaches because you still store the data within your infrastructure. PCI Compliance isn’t a one off project, it’s a day to day obligation.
Outsource PCI compliance
By removing sensitive card data from your call centre entirely, you significantly reduce the burden of having to comply with contact centre PCI DSS, and you lessen the risk of security breaches. Outsourcing is also, typically, much more cost-effective.
That’s where we come in. We provide all the software tools you need to keep sensitive data away from your call centre and fully secure at all times. This includes, DTMF processing, IVR options, and legacy call recording storage and retrieval.