Skip to content

PCI Pal® and Verizon White Paper Examines PCI Security Compliance in Contact Center Environments

PCI Pal®, a secure payments provider to contact centres, today released a white paper with Verizon to examine and address the challenges in achieving Payment Card Industry Security Standards Council (PCI SSC) compliance in contact centre environments.

The use of contact centres continues to grow for operations and sales support, generating over $300 billion in revenue each year according to JLL Research. Given the sustained usage of contact centres, and the large amounts of sensitive data circulating through them, security – including insider threats – is a major concern for organisations leveraging contact centres.

Traditionally, protecting data in the contact centre consisted of user training, awareness and monitoring and deploying compensating control technologies that manage access to data. Conclusions from the study found that 60 percent of organizations are still leveraging outdated pause-and-resume technologies to avoid storing sensitive data on call recordings. This requires users to be paused while collecting payment information, disrupting the flow of business and causing issues from an audit trail and complaint resolution perspective.

A key recommendation for businesses is to eliminate data breaches at the contact centre level by preventing payment data from entering the environment. This means businesses must replace pause-and-resume systems with modern Dual Tone Multi-Frequency (DTMF) masking technology. By doing so, organizations are able to de-scope contact centre payment processing from PCI DSS requirements, allowing payment card information to be entered into the application without computer and/or agent access to the data. This helps to reduce fraud loss by eliminating sensitive card data from the conversation – ensuring that, in the event of a breach, data will not be compromised.

“Contact centers must focus mainly on six of the twelve requirements of PCI DSS when in-scope. There is also the need to validate the PCI requirements of the supporting IT security and operational systems. Not only is this a lot of effort, when compared to other industries, contact centers are notorious for high employee turnover rates, resulting in more opportunities for sensitive data to be mismanaged by insiders,” said James Barham, CEO, PCI Pal. “With 72 percent of contact centres accepting card payments over the phone, organizations must strike a balance between providing positive customer experiences by streamlining processes and ensuring compliance standards are met.”

For background, in 2017, Verizon Professional Services Security Assurance practice and PCI Pal established a business relationship – a collaborative partnership on payment card industry (PCI) opportunities through the joint publication of white papers, public speaking engagements and other joint marketing and sales initiatives.