If your company processes card payments, then it’s likely that you have heard of the Payment Card Industry Data Security Standard (or the PCI DSS as it is more commonly known). In this article we take a deep dive into what PCI DSS is and if it is something that affects your contact centre.
What is PCI DSS compliance?
PCI DSS is essentially a range of payment card security standards that ensure that businesses are following proper security measures when dealing with card payments and payment-related data.
PCI DSS involves 12 requirements which are set by the Payment Card Industry Security Standards Council (PCI SSC) that need to be met. The standards exist to increase controls around cardholder data in order to reduce credit card fraud and ensure all merchants maintain a secure environment.
Validation of compliance is performed annually or quarterly, and varies depending on the volume of transactions that you handle:
» Self-assessment questionnaire (SAQ) – Applicable to merchants processing less than 1 million transactions per year
» External qualified security assessor (QSA) – Applicable to merchants processing between 1 and 6 million transactions per annum
» Internal security assessor (ISA) – Applicable to merchants processing 6 million+ transactions per annum
PCI DSS v4.0 is expected to be rolled out in the middle of 2021 and organizations will be required to update their security processes in order to maintain their compliance.
What is the PCI Security Standards Council?
The PCI Security Standards Council (PCI SSC) was founded in 2006 by American Express, Discover, JCB International, MasterCard, and Visa. It is a global forum that brings together stakeholders to develop and drive the adoption of data security standards and resources for safe payments worldwide. The PCI SSC is in charge of upholding the payment card industry’s security standards, ensuring that merchants meet them, as well as managing payment card data security worldwide.
The PCI SSC’s mission is to ‘enhance global payment account data security by developing standards and supporting services that drive education, awareness and effective implementation by stakeholders.’
Does my business need to comply with PCI DSS?
If you accept, process, store, or transmit any form of payment data then PCI DSS applies to your organisation, although the specific payment security requirements are likely to be slightly different for each merchant.
Regardless of the industry or vertical that you operate in, if your contact center takes card payments then you are responsible for keeping your customers’ personal and payment data safe. You, therefore, need to be sure that you are PCI DSS compliant.
What are the benefits of achieving PCI compliance?
» Enhanced security when dealing with sensitive card data
» Lower risk of experiencing data breaches
» Improved customer trust in your company and greater brand reputation
Helps to avoid fines (card brands can impose fines on merchants who fail to achieve PCI DSS compliance)
How can CardEasy help you achieve PCI compliance?
We work extensively with merchants that operate contact centres to help them ensure that their operations are secure and PCI DSS compliant. However your customers choose to make payment (whether on the phone to your agents, via an IVR, or any digital channel) CardEasy prevents payment card data from entering your contact centre environment, which de-scopes it from PCI DSS.
Using CardEasy saves you time and money by de-scoping your operations from PCI DSS controls, whilst removing the need for time-consuming oversight and PCI DSS audits. Traditional approaches such as ‘pause and resume’ only protect the call recording. Everything else, from the edge of your network right through to the agent, is still exposed to sensitive cardholder data and therefore ‘in scope’ for PCI DSS.
CardEasy reduces PCI DSS scope to the lowest level and ensures your customer’s payments are handled securely no matter where your workforce is based, irrespective of how PCI DSS evolves.
As long-term experts in our field, we are here to work with you and reduce the burden of PCI DSS on your business. Contact firstname.lastname@example.org for further information or to arrange a demo showing how CardEasy can help you overcome your payment security challenges.