Spring Cleaning Compliance
It is that time of year! The weather is warming up, and spring cleaning is underway. While tossing out the old and bringing in the new, now is the perfect time to freshen up your compliance strategy.
If your organisation takes card payments from customers over the phone or via digital engagement channels such as SMS or WebChat, there are certain checks you must perform to ensure sensitive data’s security.
Use this checklist below to ensure your contact centre is running at optimum performance in the compliance department.
- Complete an annual risk assessment.
- Train your staff to follow PCI DSS procedures.
- Make sure that you only store data that is essential and that is encrypted and/or masked. Do not store Sensitive Authentication Data (the security code on the back of card, for Card-not-Present payment transactions) after authorisation in any situation.
- Protect your data network and make sure you are using a firewall and up-to-date anti-virus software.
- Perform internal and external vulnerability scans on a quarterly basis. External ones need to be performed by an approved scanning vendor (ASV).
- Ensure third parties that could affect the security of cardholder data have maintained their PCI DSS compliance and are still registered with the card schemes.
- If you are using a third-party application in your contact centre, make sure the product and particular version you are using is Payment Application Data Security Standard (PA DSS) compliant. (Note: This one isn’t a requirement but is a good steppingstone for easing compliance.)
- If you use an integrator to bring the products together, make sure they are certified to the required standards to do so.
- Take the time to discuss security with your web hosting provider to ensure they have secured their systems appropriately. Web and database servers should also be hardened to disable default settings and unnecessary services.
- Run annual security tests for Card-Present transactions that use pin entry devices (PED), to identify any vulnerabilities.
- Have a QSA confirm your current setup is compliant.
Ways to Simplify your Compliance Spring Cleaning
Much like with traditional spring cleaning, the more hands you have helping keep compliance front of mind, the easier it will be to maintain. This is where keeping the company as a whole educated on both security and compliance can benefit the contact centre in the long run.
Quarterly education is recommended to keep these items front of mind. The more aware employees are of internal and external threats, the quicker the organisation can act when one arises.
Additionally, descoping your infrastructure from the requirements of PCI DSS is one of the most effective ways to not only protect your customers’ data, but also maintain compliance once you have achieved it.
Ensuring that sensitive cardholder data doesn’t enter your environment can reduce the amount of time that you need to invest at time of audit. The time that you spent throughout the year focused on redaction or maintaining antiquated systems such as “pause and resume” is time returned back to you to focus on your objectives.
For help with your compliance spring cleaning, check out our cloud-based solutions that help keep your contact centre clean and tidy this spring!