4 Ways to Facilitate PCI DSS Compliance in the Contact Center

What is PCI (News - Alert) DSS?

The Payment Card Industry Data Security Standards (PCI DSS) are “a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.” Any organization, regardless of size, that takes payment remotely online, over the phone or via mail order is responsible for maintaining PCI DSS compliance.

Noncompliance can be very costly to an organization that puts its customers’ payment information at risk, with penalties ranging from $5,000 to $500,000 coming from the banks or the credit card institutions. There is also the significant risk to an organization’s reputation.

These penalties extend beyond just noncompliance. Even if a contact center is entirely compliant, the fallout from a breach can be just as significant. According to Focus on PCI DSS, cardholder breaches can result in a $50-$90 fine per piece of cardholder data compromised, a suspension of credit card acceptance by a merchant’s provider, loss of reputation with customers, suppliers and partners, possible civil litigation from breached customers, and loss of customer trust—all of which affects future sales.

PCI DSS in the Contact Center

Call centers must ensure that their agents are acting in compliance with many regulatory standards, including PCI DSS. When customers provide their payment information over the phone, your contact center is at risk of breach. Because of this, PCI DSS requires that certain portions of sensitive customer information not be stored within the contact center.

Your agents are your first line of defense when it comes to PCI DSS. They have the power to ensure that customer information is safe and secure, and they need to understand the importance of this responsibility. When training new hires, explain that the responsibility for protecting customer information is in their hands.

4 Ways to Facilitate PCI DSS Compliance in the Contact Center

Aside from training your agents, there are several steps you can take to facilitate PCI DSS compliance within your contact center. Consider whether your organization currently has these processes in place:

1. Ensure you are working on a strong network. Your network should be as compliant with PCI DSS standards as your call scripts.
2. Do not allow agents to do any work on personal mobile devices. Cell phones and personal mobile devices are not secure contact center technologies. Banning all mobile phones will prevent personal and sensitive information from being leaked onto a personal device.
3. Practice continual training. Ensure that you are checking up on PCI DSS compliance regularly and not simply on an annual basis. You will be more likely to catch hiccups by making continual improvements.
4. Dispose of scrap paper properly. If agents are forced to write down any sensitive information, ensure that they are disposing of it properly by shredding it or destroying it immediately. Better yet, create a paperless environment.

In addition to the above, consider working with KomBea to add a layer of security to your customer service or contact center. SecureCall and ExactCall allow you to give your agents and customers peace of mind that their sensitive information is protected. Contact KomBea to schedule a demo of our unique contact center solutions.