PCI DSS Compliance – The Definitive Guide to

pci.dss.compliance.image.march.2016PCI DSS Compliance – The Definitive Guide to.

The aim of Payment Card Industry (PCI) Data Security Standards (DSS) in contact centres is to safeguard the security of customers’ phone-based card payments by ensuring that the sensitive card details are not stored, even in call recordings, and that staff do not have access to them unless strictly controlled and monitored.

The best way to achieve PCI DSS compliance is to stop the card numbers entering the contact centre at all, to descope both your contact centre and your call recordings from PCI DSS audit regulations. This means that the agent is not exposed to the sensitive card details during the process of taking payment, nor are these details captured in call recordings nor exposed in your network of PCs.

Why does PCI DSS compliance matter?
Data security breaches can be catastrophic for your organisation. Just one instance can damage your reputation beyond repair and open you up to the possibility of law suits, insurance claims, fines and lost customers from which it may take many years to recover. Complying with PCI DSS means that your systems are secure and customers can trust you with their payments.Merchants and service providers are now required to certify to their acquiring banks that they are compliant.

PCI DSS requirements

– It is a violation to store sensitive card data after authentication without proper protection, including in call recordings – and in particular it is prohibited to store/record the CVV/CV2 number at all.

– Where it is necessary to record calls (for quality control or regulatory purposes), appropriate technology must be introduced to prevent the recording of these elements.

– Personal Account Numbers (PAN, or the long card number) must not be held in a manner accessible to others and should be masked in part if/when displayed (e.g. last 4 numbers only).

– Encryption should be used when storing or transmitting sensitive data, including the need to avoid using unencrypted VoIP telephone systems.

– Agents and homeworkers who have access to card details should be tightly supervised to ensure that they are not able to store or transmit sensitive client data (known as ‘clean rooming’).

What consumers say*

77% view call centre agents as a source of potential fraud

56% are reluctant to purchase a product or service when faced with making a payment over the phone

72% feel organisations should be doing more to prevent credit and debit card fraud

Only 1% feel that paying by card over the phone is the most secure form of card payment

49% feel technology should be used to hide credit card details from call centre agents

What so Contact Centre IT & Ops Nanagers say

47% agree that their organisation loses sales because their phone payment systems are not secure

62% agree that they too were reluctant to make payments over the phone in their personal life

46% say they will trial a PCI-secure payments system in the next year

74% will consider hosted (or ‘cloud’) secure payment systems


syntec.logo_.2014.1-300x120Additional Information

For additional information on Syntec’s range of PCI DSS Compliant products and services visit their Website or view their Comany Profile

*Source: Syntec IT and Ops managers research, Summer 2015

error: Content Protected