In the aftermath of the EU GDPR coming into force, most contact centres have looked at their own compliance and checked whether their service providers meet the same standards. However, it is important to remember the wide array of compliance standards that may affect your business.
The Payment Card Industry Data Security Standard, or PCI DSS, defines 12 key controls and expectations for any business that handles sensitive cardholder information. If you process payments, compliance is essential.
Even if you do not take payments, though, there are several reasons why you should check that your inbound contact centre solutions provider is compliant.
1. To reduce your risk of fraud
Fundamentally, PCI DSS was created to ensure a level of security around payment information and reduce the risk of fraud or data exposure. If you process payments, PCI DSS compliance is a fundamental obligation.
For many contact centres, there’s only so much they can do. While you could work to ensure your internal systems and processes are compliant, what if payment information is transmitted to your service provider for processing? What if your call recordings inadvertently contain sensitive data?
In these instances, it is your responsibility to choose a service provider that can handle data compliantly on your behalf. If not, your internal efforts to achieve and maintain compliance are wasted.
In addition, choosing a PCI compliant contact centre provider can completely eliminate the cost and complexity of achieving compliance in-house. Some providers even offer compliant payment systems to shift the burden of compliance away from your business.
2. To demonstrate a commitment to security
If you do not process payments in your contact centre, it’s tempting to think that you can choose a non-compliant provider. However, many of the expectations defined under PCI DSS are established best-practice for network and data security in general.
Even where PCI DSS is not relevant, there will be other standards you need to comply with. GDPR is just one of many – and working with a PCI-compliant service provider can be an effective shortcut towards GDPR compliance.
PCI DSS gives you an assurance that your service provider is serious about security across:
- Building and maintaining a secure network
- Protecting cardholder data
- Eliminating software vulnerabilities
- Implementing strong access control
- Ongoing monitoring and network testing
- Maintaining an information security policy
- These are all critical areas of security, whether you’re processing payments or not.
3. To build confidence for you and your customers
Finally, while strong cyber security reduces your risk of a data breach, negative press and large-scale fines to pay, it can also be a powerful way to build customer confidence.
If your inbound contact centre solution service provider is PCI DSS compliant, you can feel assured that security is a priority. You can trust that your service provider is committed to protecting sensitive data – and leverage your provider’s own compliance to build that same sense of trust in your own customers.
Learn more about PCI DSS compliance at Hostcomm.
Visit https://www.hostcomm.co.uk/solutions/understanding-pci-dss-compliance
