August 9, 2018 by Siobhan Climer
Are you preparing for an audit of your contact center? The Payment Card Industry Data Security Standards (PCI DSS) protect cardholder security and ensure the consistent application of data security standards; however, to remain PCI DSS compliant, contact centers need to maintain and monitor several interweaving systems and processes. Use the contact center PCI DSS compliance checklist to ensure your contact center checks all the boxes.
Prepare for the reviews ahead by performing a contact center roadmap. Get our free eBook Customers Drive, You Navigate: Your Contact Center Roadmap to Customer Care Success to find out how to build a strategic path to a sustainable technological future.
Who Needs To Be PCI DSS Compliant?
According to the PCI Security Standards Council, all entities that process card payments and all entities that process, transmit, or store cardholder data are required to be PCI DSS compliant. That includes merchants, processors, acquirers, issuers, and service providers.
Contact centers that handle billing, payments, or even simply the transfer of cardholder data or sensitive authentication data, i.e. primary account numbers, names, expiration dates, service codes, magnetic strip/chip data, CAV2/CVC2/CVV2/CID, or PINs, must be PCI DSS compliant. Even if this data is only transferred through your contact center and not processed by actual agents, you must ensure compliance. Read through the requirements and use our free contact center PCI DSS compliance checklist to begin an assessment of your protocols.
PCI DSS Compliance Certification Body And Requirements
The PCI Security Standards Council is the administrative and monitoring body for the standards and is comprised of all major credit card brands, including Visa, Mastercard, American Express, Discover, and JCB. The first standards were released in December of 2004 (Wonder if that was a rough holiday shopping season?) and have gone through several iterations. The most recent PCI DSS compliance standards, Version 3.2.1, were released in May 2018.
There are 12 PCI DSS requirements organized into 6 security layer frameworks.
Contact Center PCI DSS Compliance Checklist
Use our contact center PCI DSS Compliance Checklist, based directly on the PCI Security Standards Council’s requirements, to prepare for a PCI DSS audit.
The Contact Center Conundrum
Contact centers are at the epicenter of PCI DSS compliance because they often handle the front-end collection and transmission of cardholder data through websites, call center agents, IVRs, and even interactive self-service tools. Skimming, regulatory compliance failures (HIPAA, GDPR, etc.) due to call recording software, and unencrypted phone services where credit card numbers, CVV codes, and social security numbers are spoken and recorded leave the call center especially vulnerable to credit card fraud.
Implementing appropriate technology solutions can mitigate the risk. IVRs and other call center platforms – such as Uptivity – can reduce the risk of recording PCI by removing the agent from the interaction. Cloud technologies – such as Genesys PureCloud – which can assist with omnichannel routing, speech-enabled IVR, and call recording – are also working to solve the contact center conundrum.
A managed services provider can help, too. By bringing in a team of experts, you can ensure the monitoring and maintenance of all PCI DSS compliance areas are checked in your contact center PCI DSS compliance checklist. Put the weight of all twelve primary requirements and the 220+ sub-requirements in the hands of contact center experts. Contact Mindsight today for more information.
Like what you read?
Mindsight, a Chicago IT consultancy and services provider, offers thoughtfully-crafted and thoroughly-vetted perspectives to our clients’ toughest technology challenges. Our recommendations come from our experienced and talented team of highly certified engineers, and are based on a solid understanding of our clients’ unique business and technology challenges.
About The Author
Siobhan Climer, Mindsight’s Science and Technology Writer, writes about technology trends in education, healthcare, and business. She previously taught STEM education programs in the classroom and at The New England Aquarium in Boston, MA. Siobhan writes extensively about disaster recovery, cloud services, backups, data storage, network infrastructure, and the contact center. Find her on twitter @techtalksio.