3 Reasons Your Contact Centre Provider Needs PCI DSS

In the aftermath of the EU GDPR coming into force, most contact centres have looked at their own compliance and checked whether their service providers meet the same standards. However, it is important to remember the wide array of compliance standards that may affect your business.

The Payment Card Industry Data Security Standard, or PCI DSS, defines 12 key controls and expectations for any business that handles sensitive cardholder information. If you process payments, compliance is essential.

Even if you do not take payments, though, there are several reasons why you should check that your inbound contact centre solutions provider is compliant.

1. To reduce your risk of fraud

Fundamentally, PCI DSS was created to ensure a level of security around payment information and reduce the risk of fraud or data exposure. If you process payments, PCI DSS compliance is a fundamental obligation.

For many contact centres, there’s only so much they can do. While you could work to ensure your internal systems and processes are compliant, what if payment information is transmitted to your service provider for processing? What if your call recordings inadvertently contain sensitive data?

In these instances, it is your responsibility to choose a service provider that can handle data compliantly on your behalf. If not, your internal efforts to achieve and maintain compliance are wasted.

In addition, choosing a PCI compliant contact centre provider can completely eliminate the cost and complexity of achieving compliance in-house. Some providers even offer compliant payment systems to shift the burden of compliance away from your business.

2. To demonstrate a commitment to security

If you do not process payments in your contact centre, it’s tempting to think that you can choose a non-compliant provider. However, many of the expectations defined under PCI DSS are established best-practice for network and data security in general.

Even where PCI DSS is not relevant, there will be other standards you need to comply with. GDPR is just one of many – and working with a PCI-compliant service provider can be an effective shortcut towards GDPR compliance.

PCI DSS gives you an assurance that your service provider is serious about security across:

  • Building and maintaining a secure network
  • Protecting cardholder data
  • Eliminating software vulnerabilities
  • Implementing strong access control
  • Ongoing monitoring and network testing
  • Maintaining an information security policy
  • These are all critical areas of security, whether you’re processing payments or not.

3. To build confidence for you and your customers

Finally, while strong cyber security reduces your risk of a data breach, negative press and large-scale fines to pay, it can also be a powerful way to build customer confidence.

If your inbound contact centre solution service provider is PCI DSS compliant, you can feel assured that security is a priority. You can trust that your service provider is committed to protecting sensitive data – and leverage your provider’s own compliance to build that same sense of trust in your own customers.

Learn more about PCI DSS compliance at Hostcomm.


Trusted by

Bt Logo 2018 Case Study Help Lin N Case Study Shelter Logo N Case Study Home Logic Icynene Case Study Orbit Logo Purple 2 Case Study Homeserve Logo Svg 2 Case Study The Car Buying Group Logo 2 Case Study First Data Logo 2018 N Case Study Inspire Logo 2 Case Study Beer 2 Case Study


PCI DSS Certified, TPS Telephone Preference Service, ICOCSA Supplier Member, Cyber Essentials