Do Contact Centres Need a Tech Solution to Be PCI Compliant?
Any contact centre that accepts card payments needs to be compliant with the Payment Card Industry Data Security Standard (PCI DSS). Clearly, when taking payments over the phone there is a risk of a data breach, so there are a number of strict security controls that must be met to keep customer data safe.
Many contact centres find that meeting the 12 PCI DSS requirements is expensive, time consuming and often very challenging, but this is not necessarily something they need to worry about themselves. There is a tech solution out there that will take care of all your PCI compliance concerns for you. While a tech solution is not essential for PCI compliance, it does remove a worry most contact centres could do without.
The 12 Requirements for PCI Compliance
To be compliant with PCI DSS, there are 12 different requirements contact centres must meet. These include:
- Installing and maintaining a firewall to protect cardholder data
- Changing vendor-supplied defaults for system passwords
- Protecting stored cardholder data
- Encrypting transmission of cardholder data across public networks
- Regularly updating antivirus software
- Developing and maintaining secure systems
- Restricting access to cardholder data
- Assigning a unique ID to every user with computer access
- Restricting physical access to cardholder data
- Tracking and monitoring access to network resources and cardholder data
- Regularly testing security systems and processes
- Maintaining a policy for information security
What Does PCI Compliance Look Like?
When it comes to meeting these requirements, one method some contact centres choose is to create a ‘clean room’, an environment where agents taking payments are monitored closely. They have no access to emails or media, no pad and pen, and are scanned before they enter the building for recording devices. The list of restrictions goes on.
Clearly this does not make for a particularly positive working environment, and subsequently staff turnover tends to be high. It is also an expensive and time consuming system to implement.
You might consider managing all or part of the PCI compliance process yourself, but a tech solution is a much easier way to fully descope your payment environment.
The Tech Solution
PCI Pal’s suite of secure payment solutions work by not allowing sensitive card data to enter the contact centre in the first place. With Agent Assist, callers enter their card details using their telephone keypad while remaining in conversation with your agent at all times. PCI Pal integrates with your payment gateway and sends the collected data securely, meaning at no point is sensitive data exposed to any security threats.
The result is no expensive compliance costs, no unnecessary hardware and no morale-eroding clean room.
To discuss your specific system requirements, contact our data security specialists today.