Why You Shouldn’t Go It Alone with PCI Compliance
After extensive research, we’ve found that the many contact centers who choose to “go it alone” to become PCI compliant experience difficulties.
But why would that be the case?
Firstly, becoming compliant can be a very expensive and time-consuming task. There can be many complex decisions to make, with no clear-cut solutions…
- What’s in scope?
- How do we take it out of scope?
- How much will it cost to become compliant?
These are just a few of the questions businesses will need to ask themselves when embarking on their data security journey.
Knowing Where to Start
PCI compliance can be a daunting task. In fact, a lot of businesses are running the risk of not being compliant as they just don’t know where to begin. To be fair, PCI DSS compliance can be a very complicated and confusing process, with new standards and requirements being added regularly, so it isn’t any wonder that companies starting a PCI project can feel intimidated.
One method that companies who choose to self-manage PCI compliance often implement is enforcing a ‘clean room’ environment in the contact center.
What is a Clean Room?
A ‘clean room’ means agents are watched extensively; no access to emails, internet or other media, and no pad and pen. They’re scanned before entering the building, in case of recording devices, and are not permitted to enter with phones, bags, coats or other personal items. The list goes on…
Research has shown that staff turnover at clean room call centers is extremely high and that’s because agent morale is extremely low. Another thing to add to the mix is call recording.
How Does Call Recording Work?
Many companies choose to stop call recordings altogether, while some manually cut off recording while the customer is verbally giving sensitive information to an agent.
Other businesses pay for expensive hardware to counteract this, when in fact call recording is just a small part of becoming PCI compliant – albeit a very important part!
Now if you’re one of the companies described above – great! This shows you are actively trying to achieve compliance and safeguard your customer’s data and your brand reputation.
Is There a Better Way to Attain PCI Compliance?
Yes, of course. PCI Pal’s innovative range of PCI solutions can fully de-scope your contact center by not allowing sensitive card data to enter your contact center in the first place. That means no clean room environment, no unnecessary hardware and no expensive fees. Worse still, some of the more expensive solutions only cover a small fraction of what it takes to be PCI compliant.
PCI Pal’s Agent Assist solution allows callers to enter their credit card details (16 digit PIN, expiry date and CV2 code) using their telephone keypad while remaining in conversation with your agent at all times. PCI Pal integrates directly into your payment gateway and sends the collected data securely. Sensitive card data never touches your network or enters your payment environment.
A PCI Solution Built Around Your Contact Centre
Because our background is in contact center operations, we’ve worked hard to ensure all our solutions cause minimal disruption or changes to your agents’ existing processes. We believe that a PCI solution built around your contact center, rather than vice versa, means enhanced productivity, increased staff morale, and an improved customer experience.
For all companies, there’s nothing more important than your customers. The first point of contact for them is your agents; they are the public face (or voice) of your brand, so a de-scoping solution which allows you to banish the clean room and put life back into your contact center will lead to better outcomes for all concerned.