PCI Pal, a secure payments provider to contact centers, has welcomed updated guidance on protecting payment card data in contact center environments, as published by the Payment Card Industry Security Standards Council (PCI SSC).
The new ‘Protecting Telephone-Based Payment Card Data’ guidelines details how merchants need to protect customers’ sensitive payment card data when processing ‘Cardholder Not Present’ transactions using Voice-over-IP (VoIP) based communications in contact centres.
Comments James Barham, CEO, PCI Pal: “The tech landscape has evolved significantly since 2011, which is when the last version of the guidance came out, and data loss and fraud rates have continued to increase. Rapid change in contact centre technology, including the virtualisation of phone systems, mass adoption of VoIP and the migration to cloud infrastructure across multiple platforms has also further complicated an already complex environment.
“As a result, it’s more important than ever to standardise payment processes and secure sensitive payment data shared over voice channels. The new guidance from the PCI SSC gives practical advice on how to best tackle the ‘compliance nightmare’ that credit card handling brings.”
Adds Geoff Forsyth, CTO, PCI Pal: “The new guidance includes advice to ‘de-scope’ contact center environments to stop any credit card details from entering in the first place. If that can be achieved, complex infrastructure already in place no longer has to meet the stringent PCI regulations, meaning hundreds of hours of complex IT work and expensive restructuring can be avoided.
“The guidance focuses on how de-scoping using cloud-based Dual Tone Multi Frequency (DTMF) solutions can be the perfect answer. By replacing outdated pause-and-resume systems with modern DTMF masking technology, it ensures organisations stay one step ahead of hackers by keeping customers’ sensitive data out of their reach.
“Conclusions from our recent study conducted with Verizon found that 60 percent of organisations are still leveraging outdated pause-and-resume technologies to avoid storing sensitive data on call recordings. In order to align with the new guidance, it’ll be important for businesses to eliminate data breaches at the contact centre level by preventing payment data from ultimately entering the environment.
“Well done to the PCI SCC on producing a guidance document that offers serious advice on how Contact Centres can make themselves secure and complaint for now and in the future.”
PCI Pal is a member of the global Payment Card Industry Security Standards Council (PCI SSC).
Please click here to download release for distribution