Meeting the compliance standards for accepting card payments

Understanding PCI DSS Compliance

Understanding PCI DSS Compliance

What is PCI DSS and why is it important?

PCI DSS stands for Payment Card Industry Data Security Standard and is a set of requirements which are designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

The key requirements of PCI DSS Compliance

There are 12 broad requirements for PCI DSS compliance, which are grouped together under six headings as shown below.  Each of these headings represents a whole raft of specific actions. For a more in-depth look at what is needed, The Security Standards Council have produced a reference guide.

  1. Build and Maintain a Secure Network
    • Install and maintain a firewall configuration to protect data
    • Do not use vendor-supplied defaults for system passwords and other security parameters
  2. Protect Cardholder Data
    • Protect stored data (use encryption)
    • Encrypt transmission of cardholder data and sensitive information across public net
  3. Maintain a Vulnerability Management Program
    • Use and regularly update anti-virus software
    • Develop and maintain secure systems and applications
  4. Implement Strong Access Control Measures
    • Restrict access to data by business need-to-know
    • Assign a unique ID to each person with computer access
    • Restrict physical access to cardholder data
  5. Regularly Monitor and Test Networks
    • Track and monitor all access to network resources and cardholder data
    • Regularly test security systems and processes
  6. Maintain an Information Security Policy
    • Maintain a policy that addresses Information Security

The Impact of PCI DSS for Contact Centres

What does this mean for your contact centre?

If your business requires you to accept card transactions then you need to ensure that you are able to satisfy the requirements of PCI DSS in your own contact centre environment or work with a partner that has obtained accreditation. If your organisation is large enough and has the requisite skills in-house then it may be appropriate for you to obtain your own accreditation. But for many smaller businesses, there are good reasons for finding a partner who can do this work for you.

What are the advantages of working with PCI DSS compliant partner?

There are several reasons to consider finding a partner that can work with your contact centre rather than trying to go it alone.

  1. The PCI DSS is likely to be an expensive process and is likely to require a capital investment of tens of thousands of pounds.
  2. The process can take up to a year to complete depending on your current level of data security.

  3. You may have to install additional software on your current systems in order to protect data and track changes in your data environment.
  4. Your compliance will be reassessed on a quarterly basis.

I don’t currently take card payments: does it matter to me?

There are benefits for any contact centre of working with a PCI DSS compliant partner. This is because the requirements for PCI DSS will take you at least 70% of the way to ensuring that your business complies with the GDPR regulations, which will begin to apply from May 2018.

The Hostcomm Contact Centre Payment IVR

Hostcomm’s payment solution is the first to offer a contact centre platform and agent-assisted payment IVR in one PCI-DSS certified package. Its integrated approach eliminates many of the costs that standalone payment IVR solutions must occur in order to descope your contact centre, improves payment closure rates, while also minimising your commitment of resources and allowing businesses to start taking secure payments immediately.


Connected by VOIP Communications

Trusted by

The Car Buying Group Logo 2 Case Study Beer 2 Case Study EE logo white2 Case Study David lloyd white Case Study Kantar white Case Study Hmrc white Case Study Lb redbridge white Case Study Peabody White Case Study Scottishpower white 150px Case Study Shelter 2024 Case Study


PCI DSS Certified, TPS Telephone Preference Service, ICOCSA Supplier Member, Cyber Essentials