Is your contact centre struggling with PCI-DSS compliance?
PCI compliance is not just about securing your systems and encrypting your data. In many ways, those are the easy parts. Where your systems and data come into contact with humans is the real weak point. In a complex operational environment, where hundreds of people might be coming and going every day, watertight security procedures are absolutely essential.
Confusion over the requirements and future direction of the Payment Card Industry Data Security Standard (PCI DSS) has caused some U.K. organisations to shelve their efforts while they seek clarification.
Since all call centres record their transactions, the recordings present a potential security vulnerability if they include the customer reading out full credit card details over the phone, including the security code.
What does this mean for your business?
The guidelines state that no credit card information should be stored in any format, encrypted or not, and you are advised to implement technologies that require “no manual intervention by staff”. This can pose a significant challenge when your advisors are entering payment card details into their PC, or you’re required to record your calls to comply with other regulatory bodies (such as the FCA), and your own business development needs.
PCI compliance can also involve many checks and controls including:
- Numerous security controls that need to be applied regularly to the desktop and the network it operates on.
- Ensuring sensitive authentication data is not stored on call recordings.
- Minimising the risk of a security breach by vetting new advisors with the Criminal Records Bureau.
- Making sure data cannot be removed by any means; usually by banning pens and paper and mobile phones from the contact centre.
These measures are time-consuming, expensive and can be detrimental to your company’s working environment. With the right solution it is possible to eliminate them altogether.
There are a variety of methods that companies could use to avoid problems. The most basic would be a ‘Pause and Resume’ solution that’s stops the recording while the customer reads out his or her three-digit security code, but this can be unreliable as most recording systems are out of the control of the individual agents.
A much more feasible approach would be to get the customer to enter their card details directly through their telephone keypad, with the tones disguised on the recording. In this example, the agent only hears a flat tone, and the customer can avoid reading out their card details in what might be a public place. The transaction can take place at any point during the call with any agent; enabling the agent to deliver an improved customer experience, whilst greatly reducing call abandonment rates and lost sales opportunities. Plus, because neither the agent, nor the call recorder ever receives any of the card details either verbally or via DTMF continuous call recordings are possible, delivering you a complete audit trail. This way, the merchant can remove this part of their business from the scope of PCI DSS.
Additionally, this allows you to promote complete payment security, subsequently instilling customer confidence and readiness to transact.
James Fairhurst CIO explains, “The key consideration for us was to go with one supplier who could deliver the entire solution end-to-end. We really wanted one integrated platform that encompassed the whole solution. We needed a solution that reduced PCI compliance directives for credit and debit card voice transactions. Silver Lining delivered and exceeded our needs and expectations in one wrapped solution.”
The only way to guarantee PCI DSS compliance in the contact centre whilst ensuring customer security, complying with PCI standards and avoiding the ongoing cost of securing your infrastructure is by removing your contact centre completely from the scope of PCI regulations. Our DTMF masking solutions make it an affordable reality.
Remove your business from PCI-DSS scope with Silver Lining’s PCI compliant solution
- Remove your contact centre from PCI-DSS scope
- Protect your brand, employees & customers from data fraud
- Stay compliant with latest standards
- Total resilience and assured DR protection
- Uninterrupted agent/customer interaction & call recording
- Rapid implementation
- No impact on operation performance
- Proactive support to suit you, including 24/7 helpdesk
For more information on how to ensure PCI Compliance in your contact centre contact Silver Lining today 0845 313 1111 /
Share this on social media:
We support Fusion People with their IT and telecommunications. Watch how they made an annual saving of 40%.
Contact us today for help or advice on your IT & telecoms and receive a FREE Costa!
The player supports TAB to change the controls. Update Required<br/>To play the media you will need to either update your browser to a recent version or update your <a href='http://get.adobe.com/flashplayer/' target='_blank'>Flash plugin</a>.