PCI DSS Compliance Checklist
The Payment Card Industry Data Security Standard (PCI DSS) is a global set of requirements that are designed to protect sensitive cardholder data wherever it is stored, processed, or transmitted. These requirements apply to any organisation that handles card payments in any capacity.
PCI Compliance Evolution: PCI DSS v4.0
The first release of the PCI DSS (v1.1) was in 2004. At only 12 pages long and with a strong focus on the recording and storage of credit card data, it’s very different from today’s PCI DSS v4.0, which recently replaced PCI DSS version 3.2.1. The newest evolution of the standard aims to better address emerging threats and technologies and provide innovative ways to combat new threats by achieving four goals:
- Continue to meet the security needs of the payment industry
- Promote security as a continuous process
- Add flexibility for different methodologies
- Enhance validation methods
Ultimately, PCI DSS 4.0 is designed to further secure cardholder data by helping organisations take a more holistic view of security measures and access controls.
Annual Contact Centre PCI DSS Compliance Checklist
If you operate a contact centre that takes card payments from customers over any channel, including phone, email, social media, SMS, and web chat, there are certain checks you must perform to ensure the security of cardholder data.
To remain compliant, the following checks must be performed annually.
- Complete an annual risk assessment
- Ensure third parties that store, process and/or transmit card data have maintained PCI DSS compliance and are registered with the card schemes
- If you are installing a third-party application in your contact centre, simplify your compliance by ensuring the product and particular version used are Payment Application Data Security Standard (PA DSS) compliant
- If you use an integrator to bring the products together, make sure they are certified to the required standard
- Train your staff to follow PCI DSS procedures
- Make sure you only store data that is essential and that it is encrypted and/or masked
- Protect your data network and make sure you are using a firewall and up-to-date anti-virus software
- Perform network scans on a quarterly basis. These must be performed by an approved scanning vendor (ASV)
- You should also discuss security with your web hosting provider to ensure they have secured their systems appropriately. Web and database servers should also be hardened to disable default settings and unnecessary services
- Annual Pin Entry Device (PED) tests need to be run to identify any vulnerability
- Any software or hardware you use to process transactions should have approval from the Payment Card Industry Security Standards Council (PCI SSC)
REDUCE YOUR PCI COMPLIANCE CONCERNS
PCI Pal is a leading provider of SaaS solutions empowering companies to take payments securely. With extensive operations and technical experience across a myriad of industries, PCI Pal is qualified to deliver operationally efficient cloud-based payment security solutions to organisations operating on a global scale.
Connect with one of our experts to see how PCI Pal’s innovative secure payment solutions can be seamlessly integrated with your contact centre operations to ensure compliance without compromising the customer experience.
Learn more about ‘Starting Your PCI Compliance Journey‘.