Contact centres are now privy to more customer data than ever before, with so many of our transactions happening online and omni-channel now as the industry default. However, there’s still work to be done when it comes to making contact centres more secure and compliant.
One research survey found that 70% of agents collecting PII confirmed the data by reading it out aloud. 30% of agents have persistent access rights, and 11% have been approached by an internal or external threat. A different study confirms that 73% of companies believe they should be more stringent when it comes to contact centre compliance. These statistics point to one key requirement – tightening the security measures around customer data collection and utilisation, especially in the context of payment information.
That’s what makes PCI DSS compliance so important.
What is PCI DSS?
The Payment Card Industry Data Security Standard defines guidelines and regulations on data security in the payments industry. This covers six areas – network security, efforts to protect cardholder data, vulnerability management, access control, security monitoring and testing, and policy/documentation.
What is the Cost of PCI DSS Non-Compliance for Contact Centres?
PCI typically finds the merchant’s partner bank in case there is a data breach, which can be traced back to a security or compliance misstep. While PCI DSS isn’t legally binding, the fines levied on the bank is usually passed onto the merchant organisation. Repeat offenders can even be blacklisted from working with customers using cards from that bank.
How can Contact Centres Achieve PCI DSS Compliance?
To achieve compliance, contact centres must go through three steps – first, rework their processes and infrastructure to meet the six requirements as stated, second, demonstrate the compliance efforts with proper documentation, and third, undergoing an external audit to prove and certify compliance. Importantly, contact centres must be audited regularly, for continued compliance certification.
What are the Top Risk Factors That Could Cause Non-Compliance in a Contact Centre?
The biggest challenge to achieving and ensuring compliance is probably a human error. In contact centres employing large agent teams with constant turnover, it can be difficult to detect and prevent non-compliant activity among staff. Outdated technology – e.g., call recordings that do not mask the exchange of payment details – are also a risk factor.
What are the Top Three Ways to Maintain PCI DSS Compliance?
The three steps for ensuring compliance are:
- Providing agents with on-demand and regular training on PCI DSS
- Screening technology vendors on compliance parameters and ensuring they are PCI DSS-certified
- Engaging in regular audits, network tests, and documentation overhaul to keep the compliance landscape up to date
Are there any Solution Vendors that can Help with PCI DSS?
Leading contact centre solution providers like NICE and Vonage have dashboards to monitor data sharing consent, PCI DSS data, encryption, etc. You could also explore dedicated payment security and compliance providers like PCI Pal to further reinforce your payment data compliance capability.
