Why You Shouldn’t Go It Alone with PCI Compliance

Blog
23 September 2014

After extensive research, we’ve found that the many contact centres who choose to “go it alone” to become PCI compliant experience difficulties.

But why would that be the case?

Firstly, becoming compliant can be a very expensive and time-consuming task. There can be many complex decisions to make, with no clear-cut solutions…

  • What’s in scope?
  • How do we take it out of scope?
  • How much will it cost to become compliant?

These are just a few of the questions businesses will need to ask themselves when embarking on their data security journey.

 

Knowing Where to Start

PCI compliance can be a daunting task. In fact, a lot of businesses are running the risk of not being compliant as they just don’t know where to begin. To be fair, PCI DSS compliance can be a very complicated and confusing process, with new standards and requirements being added regularly, so it isn’t any wonder that companies starting a PCI project can feel intimidated.

One method that companies who choose to self-manage PCI compliance often implement is enforcing a ‘clean room’ environment in the contact centre.

 

What is a Clean Room?

A ‘clean room’ means agents are watched extensively; no access to emails, internet or other media, and no pad and pen. They’re scanned before entering the building, in case of recording devices, and are not permitted to enter with phones, bags, coats or other personal items. The list goes on…

Research has shown that staff turnover at clean room call centres is extremely high and that’s because agent morale is extremely low. Another thing to add to the mix is call recording.

 

How Does Call Recording Work?

Many companies choose to stop call recordings altogether, while some manually cut off recording while the customer is verbally giving sensitive information to an agent.

Other businesses pay for expensive hardware to counteract this, when in fact call recording is just a small part of becoming PCI compliant – albeit a very important part!

Now if you’re one of the companies described above – great! This shows you are actively trying to achieve compliance and safeguard your customer’s data and your brand reputation.

 

Is There a Better Way to Attain PCI Compliance?

Yes, of course. PCI Pal’s innovative range of PCI solutions can fully de-scope your contact centre by not allowing sensitive card data to enter your contact centre in the first place. That means no clean room environment, no unnecessary hardware and no expensive fees. Worse still, some of the more expensive solutions only cover a small fraction of what it takes to be PCI compliant.

PCI Pal’s Agent Assist solution allows callers to enter their credit card details (16 digit PIN, expiry date and CV2 code) using their telephone keypad while remaining in conversation with your agent at all times. PCI Pal integrates directly into your payment gateway and sends the collected data securely. Sensitive card data never touches your network or enters your payment environment.

 

A PCI Solution Built Around Your Contact Centre

Because our background is in contact centre operations, we’ve worked hard to ensure all our solutions cause minimal disruption or changes to your agents’ existing processes. We believe that a PCI solution built around your contact centre, rather than vice versa, means enhanced productivity, increased staff morale, and an improved customer experience.

For all companies, there’s nothing more important than your customers. The first point of contact for them is your agents; they are the public face (or voice) of your brand, so a de-scoping solution which allows you to banish the clean room and put life back into your contact centre will lead to better outcomes for all concerned.

View more Blogs Knowledge Centre

How can we help you?

Get in touch today to discuss our solutions and your specific requirements.

CONTACT US

Sign up for Knowledge Centre notifications

Never miss the latest blog, news, podcast or event. Sign up to be notified when we publish something new.

notify me

You may also be interested in

podcast hero image
Podcast
Securing Contact Centres: Beyond Pause and Resume Recording
Securing Contact Centres: Beyond Pause and Resume Recording
In this episode of 'Secure Payments' PCI Pal’s CISO, Geoff Forsyth, explains the threats posed by outdated Pause and Resume call recording technology. Helping listeners find an easier path to compliance with data security regulations, and less chance of being fined for a data breach.
Read more
Blog
Protecting Online Card Payments: Explore PSD2 and 3D Secure
Protecting Online Card Payments: Explore PSD2 and 3D Secure
Discover the world of protecting online card payments and fraud protection. Dive into the impact of PSD2 and the introduction of Strong Customer Authentication (SCA), including the use of 3D Secure (3DS) as an authentication protocol.
Read more
News
PCI Security Standards Council welcomes PCI Pal® CISO, Geoff Forsyth, to its Board of Advisors
PCI Security Standards Council welcomes PCI Pal® CISO, Geoff Forsyth, to its Board of Advisors
Geoff Forsyth, Chief Information Security Officer of PCI Pal®, has been appointed to the prestigious PCI Security Standards Council Board of Advisors for 2023-2025. As one of 52 members, Forsyth will contribute his extensive IT and security experience to advance global payment security standards.
Read more
Digital Mock-up of PCI Pal Pause & Resume White Paper
White paper
Pause and Resume Call Recording: Calculating the Risk
Pause and Resume Call Recording: Calculating the Risk
In this white paper, we establish and explain the threats posed by outdated call recording technology, including Pause & Resume call recording. Through it, you'll find an easier path to compliance with data security regulations, meaning less chance of being fined for a data breach.
Read more

More related content

Chat with us