PCI Compliance - Lifting your contact centre out of scope
If your contact centre is taking credit card payments over the phone you are required to comply with the Payment Card Industry Data Security Standards (PCI-DSS), an internationally recognised set of technical and operational requirements designed to protect cardholder data. Failure to comply with the PCI-DSS runs the serious risk of costly fines and damaged customer relationships.
What does this mean for the contact centre? The guidelines state that no credit card information should be stored in any format, encrypted or not, and you are advised to implement technologies that require “no manual intervention by staff”. This can pose a significant challenge when your advisors are entering payment card details into their PC, or you’re required to record your calls to comply with other regulatory bodies (such as the FCA), and your own business development needs.
PCI compliance can also involve many checks and controls including:
- Up to 286 security controls that need to be applied regularly to the desktop and the network it operates on.
- Ensuring sensitive authentication data is not stored on call recordings.
- Minimising the risk of a security breach by vetting new advisors with the Criminal Records Bureau.
- Making sure data cannot be removed by any means; usually by banning pens and paper and mobile phones from the contact centre.
These measures are time-consuming, expensive and can be detrimental to the contact centre working environment. With the right solution it is possible to eliminate them altogether.
Solution Available - DTMF Clamping The Complete Solution
DTMF (Dual Tone Multi-Frequency) clamping based solutions enable your customers to enter their card details directly through their telephone keypad. The transaction can take place at any point during the call with any advisor; enabling you to deliver an improved customer experience, whilst guaranteeing PCI-DSS compliance. Your advisors can remain on the call throughout the payment process as they are no longer exposed to cardholder data this can greatly reduce call abandonment rates and lost sales opportunities. Plus, because neither the advisor, nor the call recorder ever receives any of the card details either verbally or via DTMF continuous call recordings are possible, delivering you a complete audit trail.
Additionally, our solution completely prevents any possibility of fraud, whether your advisors are working in a contact centre, or remotely. This allows you to promote complete payment security, subsequently instilling customer confidence and readiness to transact.
We are proud to provide the highest level of security for cardholder data and regularly review our solutions and procedures to maintain compliance.
The only way to guarantee PCI DSS compliance in the contact centre whilst ensuring customer security, complying with PCI standards and avoiding the ongoing cost of securing your infrastructure is by removing your contact centre completely from the scope of PCI regulations. Our DTMF masking solutions make it an affordable reality.
Contact us today to start your journey to PCI compliance.
Share this on social media:
We support Fusion People with their IT and telecommunications. Watch how they made an annual saving of 40%.
Contact us today for help or advice on your IT & telecoms and receive a FREE Costa!
The player supports TAB to change the controls. Update Required<br/>To play the media you will need to either update your browser to a recent version or update your <a href='http://get.adobe.com/flashplayer/' target='_blank'>Flash plugin</a>.