4 min read

How to Ensure Contact Center PCI Compliance

Featured Image

The contact center industry has evolved in the last decade to become a crucial part of any company’s customer service strategy. With businesses now offering self-service, digital support platforms and chatbots as standard, call centers are no longer simply somewhere you have to call if you want to speak to a real person about your product or service. This shift towards digital support has also brought with it new compliance challenges. The revised Payment Card Industry (PCI) standards came into effect on June 1st and bring increased security requirements for all companies that handle credit card information. In this post, we take a look at what these changes mean for the contact center industry and some ways you can ensure your data is compliant.

What is PCI Compliance?

The Payment Card Industry (PCI) is a governing body responsible for setting security standards for the credit card industry globally. It includes American Express, Discover, Mastercard, and Visa. PCI compliance refers to the rules 

organizations must follow in order to process credit card payments securely and keep customer data protected. It doesn’t matter the size of your business, everyone must comply with PCI-DSS. The standards were originally put in place to protect customers from fraudulent activity on their credit cards.

Why is PCI Compliance Important?

Credit card data is a highly valuable commodity. It is also relatively easy to steal, making it a lucrative target for cybercriminals. PCI compliance ensures that your organization has the security measures in place to protect customer data. If you fail to comply with PCI standards, you face some serious consequences: 

A significant drop in customer trust and brand reputation - If you are found to be in violation of PCI standards, you will most likely be blacklisted by payment service providers. This means that your organization will no longer be allowed to handle payments using credit cards as a form of payment. 

A hefty fine - If you are found to be in violation of PCI compliance, you will be fined $100,000 per month. If the violation is deemed to be willful, the fine can be as high as $10,000,000 per month. 

Legal action - You may face legal action from customers who have experienced financial loss as a result of the security breach.

Which Contact Center Functions Are Affected by PCI Compliance?

The following contact center functions may be impacted by PCI compliance: 

Data center security - In order to comply with PCI standards, you must ensure that your data center is physically secure. You must also control access to your data center via ID badges, biometric systems and other methods of authentication. 

Network security - You must implement a secure network infrastructure with regular security assessments. Hiring a PCI compliance firm to conduct a security audit of your network can be a good idea. 

Firewall and router configurations - You must ensure that your firewall and router configurations comply with PCI standards.

Monitoring and logging - You must have a PCI-compliant monitoring and logging system in place to ensure your network is secure.

How to Achieve PCI Compliance for Your Call Center

If you have not already done so, you should conduct an initial risk assessment to identify your current PCI compliance status. This will help you to determine what areas of your business require the most attention. 

Once you have completed your assessment, you will know which areas of your business need to be prioritized. Focus on the following:

Passwords - Ensure that your team follows best practice when it comes to creating passwords. This means that each password should be at least 16 characters long, contain letters, numbers, symbols and be changed regularly. 

Network security - Schedule a network security audit to ensure that your network meets PCI compliance requirements. You should also conduct regular network monitoring and security patching to keep everything up to date. 

Data encryption - Implement PCI compliant data encryption across your business to ensure data stays safe and secure.

Use a PCI-DSS Level 1 Service Provider - By using a service provider you outsource the responsibilities of PCI-DSS. Many service providers prevent cardholder data from ever entering your business systems and environment. If your business never had cardholder data to begin with, it cannot be accused of losing it.

Is a Secure Virtual Terminal suitable for contact centers?

 

Yes. A Secure Virtual Terminal will prevent cardholder data from entering your business systems or environment. In fact, if you use a traditional Virtual Terminal then you are putting cardholder data security into the hands of your staff on the phone. 

By using a Secure Virtual Terminal, customers can enter their sensitive and private payment information using their telephone keypad. The card data is sent directly to the payment processor without ever touching your business.

A Secure Virtual Terminal also takes a lot of the hassle out of complying with industry data protection regulations such as PCI-DSS, GDPR and CCPA.

Conclusion

 

The revised Payment Card Industry standards have brought with them some important changes for the contact center industry. You will need to ensure that your data center and network are physically secure, that your firewall and router configurations comply with PCI standards, and that you are encrypting data appropriately. If you have not already done so, it is a good idea to conduct an initial risk assessment to identify your current PCI compliance status. This will help you to determine what areas of your business require the most attention.

Companies like Paytia, a Level 1 PCI-DSS Service Provider can help your business with its PCI-DSS compliance obligations. By using a Paytia solution you won’t be responsible for approximately 96% of the PCI responsibility matrix. 

 

LEARN MORE: Our Ultimate PCI Compliance guide

 

Book a demo