PCI DSS in Contact Centres: This updated report presents the findings of our investigation into how contact centre leaders and payment service providers (PSPs) are meeting the challenges of Payment Card Industry Data Security Standard (PCI DSS) and card payment security in UK enterprises. We have also looked into concerns among consumers about card payments over the phone.
Executive Summary
PCI compliance and data protection in Contact Centres are hot topics for issuers, acquirers, fraud monitors, merchants, PSPs, assessors, outsourcers and consumers around the world. The cost of fraud continues to rise and Contact Centres are viewed as a weak link.
Some merchants are taking action to make sure their systems for contact centre telephone payment are compliant with PCI DSS, but others are not moving fast enough, either in terms of industry standards or consumer expectations.
Our research shows that for all the talk of compliance over the past few years, merchants are still adopting very diverse strategies for operating Contact Centres:
– ‘Head in the Sand’: These organisations are adopting a trust-based approach relying on existing systems and staff, including elements of ‘clean-rooming’, but are unaware of the seriousness of PCI requirements.
– ‘Segmenting the Problem’: Here, organisations are setting up discrete payment teams to reduce the numbers of agents taking payments, or just fixing part of the problem such as using ‘pause and resume’ for call recordings.
– ‘De-scoping’: Organisations engaged more fully in PCI DSS compliance are using new DTMF technology to shield the sensitive payment card data from the call centre altogether
The report covers:
Part 1: Why does PCI DSS matter to today’s Contact Centres?
Part 2: What are today’s consumer demands for better multichannel card payment and data security?
Part 3: How should IT and Operations Managers in Contact Centres respond to PCI DSS compliance?
The report concludes that one approach will not fit all.
With the advance of cloud technology, the schemes and acquirers are supportive of trusted hosted technology solutions which ensure compliance with PCI DSS.
The report introduces Syntec’s PCI DSS compliant CardEasy system for secure mid-call card payment and self-service autopay and concludes with eight tips for Contact Centre leaders tasked with telephone card payment security, overseeing risk and preventing fraud.
Additional Information
To Download the White Paper Click Here
For additional information on Syntec visit their Website or view their Company Profile