Card PaymentsPCI CompliancePhone Payments

Descoping PCI

By March 17, 2020June 11th, 2020No Comments

Cyber-attacks

As you’re probably aware, cyberattacks are a real problem for contact centres, currently occurring on a near-daily basis, and are set to increase in frequency. What may shock you is that the average data breach costs on average around £3.5 million!

To combat this, the Payment Card Industry Data Security Standard (PCI DSS) lays out a set of security standards designed to ensure that all companies who accept, process and store credit card information maintain a secure environment.

Contact centres who take payments over the phone in particular need to be PCI compliant due to the added risks associated with reading card details over the phone. The PCI DSS also helps contact centres with their GDPR projects.

Business Payment header

The PCI DSS also helps contact centres with their GDPR projects.

PayGuard and More

One of the most popular ways contact centres try to get around PCI compliance is manually pausing and resuming call recording while card details are being read out. However, this method isn’t actually PCI compliant.

Here are 5 alternatives:

  • Making sure payment information never enters your contact centre.
  • Creating a “clean room” setting in the agent’s workspace.
  • Outsource your PCI requirements to an approved PCI DSS Level One service provider like PayGuard®.
  • Transferring calls to an IVR platform at the point where payment is taken.
  • Using DTMF tone suppression to allow the agent to guide the customer through the payment process, while at no point being able to hear any information being input.