Spring Cleaning Compliance

Blog
28 May 2021
Woman at desk working on computer.

It is that time of year! The weather is warming up, and spring cleaning is underway. While tossing out the old and bringing in the new, now is the perfect time to freshen up your compliance strategy. 

If your organisation takes card payments from customers over the phone or via digital engagement channels such as SMS or WebChat, there are certain checks you must perform to ensure sensitive data’s security. 

Use this checklist below to ensure your contact centre is running at optimum performance in the compliance department. 

Compliance Checklist 

  • Complete an annual risk assessment. 
  • Train your staff to follow PCI DSS procedures. 
  • Make sure that you only store data that is essential and that is encrypted and/or masked. Do not store Sensitive Authentication Data (the security code on the back of card, for Card-not-Present payment transactions) after authorisation in any situation. 
  • Protect your data network and make sure you are using a firewall and up-to-date anti-virus software. 
  • Perform internal and external vulnerability scans on a quarterly basis. External ones need to be performed by an approved scanning vendor (ASV). 
  • Ensure third parties that could affect the security of cardholder data have maintained their PCI DSS compliance and are still registered with the card schemes. 
  • If you are using a third-party application in your contact centre, make sure the product and particular version you are using is Payment Application Data Security Standard (PA DSS) compliant. (Note: This one isn’t a requirement but is a good steppingstone for easing compliance.) 
  • If you use an integrator to bring the products together, make sure they are certified to the required standards to do so. 
  • Take the time to discuss security with your web hosting provider to ensure they have secured their systems appropriately. Web and database servers should also be hardened to disable default settings and unnecessary services. 
  • Run annual security tests for Card-Present transactions that use pin entry devices (PED), to identify any vulnerabilities. 
  • Have a QSA confirm your current setup is compliant. 

Ways to Simplify your Compliance Spring Cleaning 

Much like with traditional spring cleaning, the more hands you have helping keep compliance front of mind, the easier it will be to maintain. This is where keeping the company as a whole educated on both security and compliance can benefit the contact centre in the long run.

Quarterly education is recommended to keep these items front of mind. The more aware employees are of internal and external threats, the quicker the organisation can act when one arises. 

Additionally, descoping your infrastructure from the requirements of PCI DSS is one of the most effective ways to not only protect your customers’ data, but also maintain compliance once you have achieved it.

Ensuring that sensitive cardholder data doesn’t enter your environment can reduce the amount of time that you need to invest at time of auditThe time that you spent throughout the year focused on redaction or maintaining antiquated systems such as “pause and resume” is time returned back to you to focus on your objectives.  

For help with your compliance spring cleaning, check out our cloud-based solutions that help keep your contact centre clean and tidy this spring! 

View more Blogs Knowledge Centre

How can we help?

Get in touch today to discuss our technology and your requirements.

CONTACT US

Sign up for Knowledge Centre notifications

Never miss the latest blog, news, podcast or event. Sign up to be notified when we publish something new.

notify me

You may also be interested in

podcast hero image
Podcast
Securing Contact Centres: Beyond Pause and Resume Recording
Securing Contact Centres: Beyond Pause and Resume Recording
In this episode of 'Secure Payments' PCI Pal’s CISO, Geoff Forsyth, explains the threats posed by outdated Pause and Resume call recording technology. Helping listeners find an easier path to compliance with data security regulations, and less chance of being fined for a data breach.
Read more
Blog
Protecting Online Card Payments: Explore PSD2 and 3D Secure
Protecting Online Card Payments: Explore PSD2 and 3D Secure
Discover the world of protecting online card payments and fraud protection. Dive into the impact of PSD2 and the introduction of Strong Customer Authentication (SCA), including the use of 3D Secure (3DS) as an authentication protocol.
Read more
News
PCI Security Standards Council welcomes PCI Pal® CISO, Geoff Forsyth, to its Board of Advisors
PCI Security Standards Council welcomes PCI Pal® CISO, Geoff Forsyth, to its Board of Advisors
Geoff Forsyth, Chief Information Security Officer of PCI Pal®, has been appointed to the prestigious PCI Security Standards Council Board of Advisors for 2023-2025. As one of 52 members, Forsyth will contribute his extensive IT and security experience to advance global payment security standards.
Read more
News
PCI Pal Named Finalist in 2023 Security Awards
PCI Pal Named Finalist in 2023 Security Awards
PCI Pal named a finalist in the Best Security Compliance in Enterprise category in The Cloud Security Awards 2023.
Read more

More related content

Chat with us