Welcome to the third and final module of PCI Pal’s Summer School.
So far, we have introduced you to PCI DSS Compliance and why it matters to businesses taking payments, before looking at data breaches, data privacy laws and the associated repercussions of these.
The final module now looks at cybersecurity threats, both internal and external. And how businesses and their employees can prevent these; prepping staff to become their organisation’s ‘Human Firewall’, even if working remotely.
At the end of the module will be five scenario-based questions to test your learning.
Contact Centre challenges
Security is a major concern for contact centres, when considering the large amounts of data handled by individuals and the potential to create a data security breach.
Some 72% of contact centres accept card payments from brands or from one of the five payment card brands associated with the Payment Card Industry Standards Council (PCI SSC).
Data security and PCI Compliance are the responsibility of every employee, whether handling customer data or not.
Businesses are required to train all staff on hire and at least annually on both subjects, which includes employees confirming that they have read and understood the company’s security policies and procedures. These policies will include PCI DSS needs and the 12 requirements covered in module one.
Contact Centre challenges Remote workers
As we know, there are ways in which organisations can keep on top of data security and achieve PCI compliance within the contact centre, but not all of them are appropriate for remote working.
Using compensating controls such as a ‘clean room environment’ or ‘pause and resume technology’ will only limit a small amount of credit card data being exposed within the contact centre environment. When faced with working remotely however it’s clear that these solutions are not suitable.
A contact centre manager cannot ensure a cleanroom environment where the agent is working from home which is a real problem. Another is the use of pause and resume, which only stops credit card data being recorded and stored. It can still be heard and seen which means that it can easily be exposed and used unlawfully.
Cyber security risks and how to prevent them 4. Hacking
Hacking is the process cybercriminals use to gain access to company IT systems and networks.
Successful “hacks” can offer rich pickings for hackers, allowing them to steal customer payment information, intellectual property and other sensitive data.
To protect against hackers, businesses should:
Install network firewalls.
Implement strict data access security measures in line with PCI requirements.
Never take, process or store sensitive information that is not needed.
Thank you for completing Module Three of the Summer School. We hope that you have learned more about PCI DSS, cybersecurity and protecting yourself and your workplace.
Need PCI Pal to help? Take a look at