August 9, 2018 by Siobhan Climer
Are you preparing for an audit of your contact center? The Payment Card Industry Data Security Standards (PCI DSS) protect cardholder security and ensure the consistent application of data security standards; however, to remain PCI DSS compliant, contact centers need to maintain and monitor several interweaving systems and processes. Use the contact center PCI DSS compliance checklist to ensure your contact center checks all the boxes.
Prepare for the reviews ahead by performing a contact center roadmap. Get our free eBook Customers Drive, You Navigate: Your Contact Center Roadmap to Customer Care Success to find out how to build a strategic path to a sustainable technological future.
Who Needs To Be PCI DSS Compliant?
According to the PCI Security Standards Council, all entities that process card payments and all entities that process, transmit, or store cardholder data are required to be PCI DSS compliant. That includes merchants, processors, acquirers, issuers, and service providers.
Contact centers that handle billing, payments, or even simply the transfer of cardholder data or sensitive authentication data, i.e. primary account numbers, names, expiration dates, service codes, magnetic strip/chip data, CAV2/CVC2/CVV2/CID, or PINs, must be PCI DSS compliant. Even if this data is only transferred through your contact center and not processed by actual agents, you must ensure compliance. Read through the requirements and use our free contact center PCI DSS compliance checklist to begin an assessment of your protocols.
PCI DSS Compliance Certification Body And Requirements
The PCI Security Standards Council is the administrative and monitoring body for the standards and is comprised of all major credit card brands, including Visa, Mastercard, American Express, Discover, and JCB. The first standards were released in December of 2004 (Wonder if that was a rough holiday shopping season?) and have gone through several iterations. The most recent PCI DSS compliance standards, Version 3.2.1, were released in May 2018.
There are 12 PCI DSS requirements organized into 6 security layer frameworks.
Contact Center PCI DSS Compliance Checklist
Use our contact center PCI DSS Compliance Checklist, based directly on the PCI Security Standards Council’s requirements, to prepare for a PCI DSS audit.
The Contact Center Conundrum
Contact centers are at the epicenter of PCI DSS compliance because they often handle the front-end collection and transmission of cardholder data through websites, call center agents, IVRs, and even interactive self-service tools. Skimming, regulatory compliance failures (HIPAA, GDPR, etc.) due to call recording software, and unencrypted phone services where credit card numbers, CVV codes, and social security numbers are spoken and recorded leave the call center especially vulnerable to credit card fraud.
Implementing appropriate technology solutions can mitigate the risk. IVRs and other call center platforms – such as Uptivity – can reduce the risk of recording PCI by removing the agent from the interaction. Cloud technologies – such as Genesys PureCloud – which can assist with omnichannel routing, speech-enabled IVR, and call recording – are also working to solve the contact center conundrum.
A managed services provider can help, too. By bringing in a team of experts, you can ensure the monitoring and maintenance of all PCI DSS compliance areas are checked in your contact center PCI DSS compliance checklist. Put the weight of all twelve primary requirements and the 220+ sub-requirements in the hands of contact center experts. Contact Mindsight today for more information.
Like what you read?
About Mindsight
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.
Contact us at GoMindsight.com.
About The Author
Siobhan Climer, Science and Technology Writer for Mindsight, writes about technology trends in education, healthcare, and business. She previously taught STEM programs in elementary classrooms and museums, and writes extensively about cybersecurity, disaster recovery, cloud services, backups, data storage, network infrastructure, and the contact center. When she’s not writing tech, she’s writing fantasy, gardening, and exploring the world with her twin two-year old daughters. Find her on twitter @techtalksio.