A Beginner’s Guide to PCI DSS Compliance
PCI Pal’s secure cloud payment solutions are certified to the highest level of security by the leading card companies. We’ll help you find the best PCI solution for your contact centre.
If you work for a company or contact centre who takes card payments from customers over the phone, you are responsible for keeping that data as safe and secure as possible – not just to protect your customers but to protect your business as well.
The Payment Card Industry Data Security Standard (or PCI DSS) is a set of 12 binding requirements that are designed to ensure complete data protection for merchants who take card payments from the major card schemes, such as VISA, MasterCard, AMEX, Discover and JCB.
Our pioneering Level 1 PCI DSS certified solutions are built around your contact centre and processes, so your customer service operation will remain exactly as you want it to be. Customisable, scalable and reliable, with 24/7 global support and 99.999% uptime.
For more information about our secure payment solutions and the way we do things, please download our digital brochure. If you'd prefer a hard copy, let us know.
PCI Pal works with any payment gateway, major cloud carrier platforms and all leading phone and CRM systems.
What is PCI DSS and how does it work?
Set up in 2004 by VISA and MasterCard, and now regulated by the Payment Card Industry Security Standards Council (PCI SSC), PCI DSS is a set of 12 mandatory rules designed to protect data that is processed, transmitted and stored during manual or electronic payment transactions.
Any organisation that stores, processes or transmits cardholder data from the major card schemes must comply with PCI DSS requirements. The PCI compliance standards work to protect against card fraud by ensuring every business that handles cardholder information does so in a way that keeps customer data secure and protected.
If a contact centre wants to handle card payments from any of the major schemes they must comply with the following 12 requirements:
Adhering to each of these requirements will ensure PCI DSS compliance for your contact centre, but remember: PCI compliance doesn’t automatically reduce risk or make you more secure.
Why is PCI Compliance important?
The PCI DSS requirements are designed to combat card fraud by keeping cardholder data safe from hackers and other security breaches, but it’s not just your customers’ safety that is protected.
By ensuring your contact centre is PCI DSS compliant, you are also protecting your business – both financially and legally. A single data breach is now estimated to cost a company £3m on average, while the loss of connectivity caused by a breach or DDoS attack can prevent businesses operating for long periods of time.
Not only can this negatively affect or even ruin a company’s reputation, it also damages confidence in the industry as a whole.
While PCI DSS compliance is not a legal requirement, it does ensure compliance with the Data Protection Act – protecting you legally should the worst happen.
What level of PCI protection do I need?
If you take card payments for goods or services via any of the 5 members of the PCI SSC (Payment Card Industry Security Standards Council), you will be required to meet one of four levels of compliance as part of your PCI DSS assessment.
Known as “merchant levels”, your compliance requirements will vary depending on several factors, including the number of transactions you process annually and your history of processing transactions. Although compliance with the rules laid out by these merchant levels is not a legal requirement, any company (including contact centres) which accepts card payments from the big 5 will need to comply or risk potential financial penalties.
There are four different categories that your organisation may fall into, defined primarily by the number of transactions you process, but also by the security risks you might be facing. These criteria allow the PCI SSC to determine the possible risks your customers might face when transacting with you, and thus, informs which level of security they need to enforce in order to improve their safety.
The following guidelines will help you decide which merchant level applies to you and which steps you need to take to ensure PCI DSS compliance:
What are the risks and penalties of non-compliance?
As mentioned above, PCI DSS compliance is not a legal requirement, but it is mandatory if your contact centre wants to process transactions with the major card schemes.
If a system is compromised and the company is found not to be PCI DSS compliant, the business could face severe penalties, such as brand damage, lawsuits and legal costs, share price drop, job losses, insurance claims, regulator fines, higher banking fees, and potentially, the loss of ability to accept card payments.
These, coupled with the fraud losses, the cost of replacing cards, loss of customer confidence, and the ensuing decrease in sales can all lead to a company suffering huge financial losses or even going out of business entirely.
9 out of 10 large organisations suffered a security breach last year; can you afford to be one of them? If the answer is “no”, then get in touch with PCI Pal today to see how we can help.