The aim of Payment Card Industry (PCI) Data Security Standards (DSS) in contact centres is to safeguard the security of customers’ phone-based card payments by ensuring that the sensitive card details are not stored, even in call recordings, and that staff do not have access to them unless strictly controlled and monitored.
The best way to achieve PCI DSS compliance is to stop the card numbers entering the contact centre at all, to descope both your contact centre and your call recordings from PCI DSS audit regulations. This means that the agent is not exposed to the sensitive card details during the process of taking payment, nor are these details captured in call recordings nor exposed in your network of PCs.
Why does PCI DSS compliance matter?
Data security breaches can be catastrophic for your organisation. Just one instance can damage your reputation beyond repair and open you up to the possibility of law suits, insurance claims, fines and lost customers from which it may take many years to recover. Complying with PCI DSS means that your systems are secure and customers can trust you with their payments.Merchants and service providers are now required to certify to their acquiring banks that they are compliant.
PCI DSS requirements
– It is a violation to store sensitive card data after authentication without proper protection, including in call recordings – and in particular it is prohibited to store/record the CVV/CV2 number at all.
– Where it is necessary to record calls (for quality control or regulatory purposes), appropriate technology must be introduced to prevent the recording of these elements.
– Personal Account Numbers (PAN, or the long card number) must not be held in a manner accessible to others and should be masked in part if/when displayed (e.g. last 4 numbers only).
– Encryption should be used when storing or transmitting sensitive data, including the need to avoid using unencrypted VoIP telephone systems.
– Agents and homeworkers who have access to card details should be tightly supervised to ensure that they are not able to store or transmit sensitive client data (known as ‘clean rooming’).
What consumers say*
77% view call centre agents as a source of potential fraud
56% are reluctant to purchase a product or service when faced with making a payment over the phone
72% feel organisations should be doing more to prevent credit and debit card fraud
Only 1% feel that paying by card over the phone is the most secure form of card payment
49% feel technology should be used to hide credit card details from call centre agents
What so Contact Centre IT & Ops Nanagers say
47% agree that their organisation loses sales because their phone payment systems are not secure
62% agree that they too were reluctant to make payments over the phone in their personal life
46% say they will trial a PCI-secure payments system in the next year
74% will consider hosted (or ‘cloud’) secure payment systems
Additional Information
For additional information on Syntec’s range of PCI DSS Compliant products and services visit their Website or view their Comany Profile