PCI DSS: Version 3.2
The standard is being updated in the 1st of February 2018, so are you aware of how this will impact you and your contact centre?
Shortly every contact centre taking card payments have to adhere to this new standard, version 3.2.
Amongst other things, this will require contact centres to ensure that security controls are working after every single structural change, rather than in a single, annual audit. This will mean that you’ll have to conduct the PCI DSS impact analyses after each and every supplier that you take on.
That’s a lot of work in itself!
These changes in particular highlight the benefit of working with PCI DSS level 1 partners who are able to ensure security on your behalf and prevent the need to you to invest valuable time and resource into the additional administration that the impacts analysis and the constant re-evaluation of PCI compliance will have.
A new guidance will be issued in November 2019 for Telephone Payments from the PCI Security Standards Council. This will be the third version, long awaited since the second version was released in March 2011.
This guidance will graphically show how to define what’s in scope, and how to descope as the best way to comply.