Communications company, Verizon, and secure payments provider for contact centres, PCI Pal recently released a new White Paper examining the challenges with PCI “SSC” compliance in the contact centre.
As contact centres continue to grow as the most crucial point of interaction between companies and their customers, large amounts of sensitive data circulate throughout business technology stacks every day. With so much information to protect, it’s crucial for organisations leveraging contact centres to think carefully about their security and privacy standards.
In the past, protecting contact centre used to be all about awareness, monitoring, and advanced user training. The Verizon and PCI Pal study found that 60% of today’s organisations are still leveraging outdated technologies (pause-and-resume) to avoid storing sensitive information in their call recording systems. This means that users are “paused” when collecting payment information, which disrupts the flow of business and presents issues with compliance and auditing.
Security and Compliance Issues in the Contact Centre
For businesses struggling to eliminate common data breach issues and privacy problems in the contact centre, they may need to begin looking at ways that they can prevent payment data from entering their communication stack in the first place. This means that companies need to get rid of their pause-and-resume systems and explore solutions like Dual Tone Multi-Frequency (DTMF) masking tech instead.
By upgrading their technology, companies are better positioned to de-scope the payment processing environment in the contact centre, adhering to PCI Compliance requirements and allowing payment card information to be entered into the system without giving agents or computers access to that information. This process will help to reduce the risk of fraud by getting rid of sensitive card data discussions so that breaches don’t lead to compromised details.
Supporting PCI DSS Security
According to the CEO for PCI Pal, James Barham, it’s up to today’s businesses to think about how they can adjust their contact centre activities to adhere to the requirements of PCI DSS. Contact centres face a lot of problems with legacy technology that can no longer reasonably protect the vast amounts of data they gather and process every day. Combine the rise of data levels in the average business environment with the fact that contact centres have notoriously high turnover rates, and it’s easy to see how private information can fall into the wrong hands.
PCI Pal found that 72% of contact centres are now accepting card payments over the phone, which highlights how important it is for organisations to deliver a safe customer experience while ensuring their compliance standards are met.
