Welcome to PCI Pal’s A Compliance Carol. In the run-up to Christmas 2019, we are delighted to take you through our tale where, in true Dickens’ style, you will be visited by three ghosts: the Ghost of Compliance Past, the Ghost of Compliance Present and the Ghost of Compliance Future.
Let’s begin in the Past, and you dear friends are taking the role of Ebenezer Scrooge, visiting organizations of yesteryear who are still using complicated compensating controls to achieve PCI Compliance. Bah! Humbug!
The Ghost of Compliance Past paints a bleak picture of a time when contact centers were mostly reliant on compensating controls to achieve PCI Compliance. These methods, such as pausing and resuming call and screen recordings and ‘Dickensian’ clean rooms, will quite rightly give any contact center manager nightmares due to their inherent risks and lack of compliance.
After all, they only make the call recording, screen recording or agent compliant, yet sensitive card holder data continues to enter the organization’s infrastructure. This means the environment is ‘inscope’ of the requirements of PCI DSS, sending many nervous shivers up the spines of any compliance manager.
Compensating controls also provide a haunting customer experience; disrupting the flow of business and causing issues from both an audit trail and complaint resolution perspective.
Sadly, conclusions from a study conducted by Verizon has found that as many as 60 percent of organizations are still using outdated pause-and-resume technologies, the usage of which has been shown to be common in organizations that have suffered a data breach.
The Ghost of Compliance Past then reveals the harsh and antiquated realities of clean room environments, where agents are watched extensively; they have no access to emails, the internet or other media, no personal phones or even pen or paper. They’re scanned before entering the building in case of recording devices, and are not permitted to enter with bags, coats or other personal items.
Research has shown that staff turnover at clean room call centers is extremely high due to low staff morale. With contact centers already reporting turnover rates at 26% – way above the UK average of 15% – it’s easy to understand why with organizations using clean rooms to try and safeguard customer data.
It’s a harsh environment and with the modern technologies today at our disposal, it simply isn’t needed as a way of protecting customer data, reducing internal fraud risk and achieving PCI compliance.
The final stop for you, Mr. Scrooge, in your journey into Compliance Past, is a visit to the unhappy customer of yesteryear! The use of these archaic ways of securing aspects of your organization from the requirements of PCI DSS and the continuing threats of dreaded hackers has resulted in a poor customer experience. The call disruption with pausing, resuming, transferring to automated payments lines, and the worry about how their data is recorded and being stored isn’t very reassuring.
The Compliance picture of the past was indeed bleak however it is now time for the Ghost of Compliance Past to go and we wait with anticipation as to where the next steps of this journey will take us….
Take a look at our infographic on PCI Compliance through the years
If you’re still using some of the methods described above, change your ways and contact us for a demo of our secure CNP payment solutions.