discussion in the contact centre

The balancing act between maintaining multiple standards without impacting the customer journey isn’t an easy task for the contact centre, especially with data breaches on the rise. Recently, PCI Pal and Verizon teamed up to examine the challenges in achieving and PCI compliance. Let’s look at what we discovered in more detail and see how some of the challenges can be mitigated.

Generating around $300bn in revenue annually, contact centres are an essential part of business operations. They are also a hotbed of sensitive customer data. Our report found that 72% of contact centres accept payment card data. Moreover, 76% of data breaches are financially motivated. Add to this that threats can be from internal and external sources, it is no surprise that security is a major concern for contact centres. With this in mind, what can be done to alleviate the risks faced?

Traditionally, compensating controls such as pause & resume have been used along with staff training, both of which present their own problems. The problem with pause and resume is that where they stop card details being recorded they do not stop them being seen and heard, and therefore there is still a very real threat that these details can be stolen. When it comes to training, as pointed out by James Barham (CEO PCI Pal) “Contact centres are notoriously complex environments within which to secure data due to the variety of systems in use; and also generally high employee turnover rates resulting in multiple opportunities for data to become vulnerable” Not only this, but disrupting the call flow can cause issues for audit trails and is also in breach of some other regulations. The only way to ensure protection of cardholder data now and long term is to prevent it from entering the contact centre environment to begin with. By using solutions such as PCI Pal’s Agent Assist businesses completely de-scope the contact centre. This not only removes the risk from internal sources, as the data isn’t stored it cannot be taken in the event of a breach.


Click here to download the whitepaper in full.

To discuss how PCI Pal can de-scope your contact centre from PCI compliance, get in touch with one of our experts.