Meeting the compliance standards for accepting card payments

Understanding PCI DSS Compliance

Understanding PCI DSS Compliance

What is PCI DSS and why is it important?

PCI DSS stands for Payment Card Industry Data Security Standard and is a set of requirements which are designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

The key requirements of PCI DSS Compliance

There are 12 broad requirements for PCI DSS compliance, which are grouped together under six headings as shown below.  Each of these headings represents a whole raft of specific actions. For a more in-depth look at what is needed, The Security Standards Council have produced a reference guide.

  1. Build and Maintain a Secure Network
    • Install and maintain a firewall configuration to protect data
    • Do not use vendor-supplied defaults for system passwords and other security parameters
  2. Protect Cardholder Data
    • Protect stored data (use encryption)
    • Encrypt transmission of cardholder data and sensitive information across public net
  3. Maintain a Vulnerability Management Program
    • Use and regularly update anti-virus software
    • Develop and maintain secure systems and applications
  4. Implement Strong Access Control Measures
    • Restrict access to data by business need-to-know
    • Assign a unique ID to each person with computer access
    • Restrict physical access to cardholder data
  5. Regularly Monitor and Test Networks
    • Track and monitor all access to network resources and cardholder data
    • Regularly test security systems and processes
  6. Maintain an Information Security Policy
    • Maintain a policy that addresses Information Security

The Impact of PCI DSS for Contact Centres

What does this mean for your contact centre?

If your business requires you to accept card transactions then you need to ensure that you are able to satisfy the requirements of PCI DSS in your own contact centre environment or work with a partner that has obtained accreditation. If your organisation is large enough and has the requisite skills in-house then it may be appropriate for you to obtain your own accreditation. But for many smaller businesses, there are good reasons for finding a partner who can do this work for you.

What are the advantages of working with PCI DSS compliant partner?

There are several reasons to consider finding a partner that can work with your contact centre rather than trying to go it alone.

  1. The PCI DSS is likely to be an expensive process and is likely to require a capital investment of tens of thousands of pounds.
  2. The process can take up to a year to complete depending on your current level of data security.

  3. You may have to install additional software on your current systems in order to protect data and track changes in your data environment.
  4. Your compliance will be reassessed on a quarterly basis.

I don’t currently take card payments: does it matter to me?

There are benefits for any contact centre of working with a PCI DSS compliant partner. This is because the requirements for PCI DSS will take you at least 70% of the way to ensuring that your business complies with the GDPR regulations, which will begin to apply from May 2018.

The Hostcomm Contact Centre Payment IVR

Hostcomm is currently at an advanced stage in completing the requirements to ensure that our Hosted Contact Centre solution is PCI DSS compliant.

Learn more about the Hostcomm Payment IVR by visiting What Is A Payment IVR?

We also have created a secure Payment IVR system which will allow the customer to make secure payments that meet the PCI DSS standards.  This advanced IVR also ensures that the agent remains on the call, is able to monitor the customer’s progress through the payment process and has the power to intervene if the customer appears to be unable to proceed.  At the end of the payment process, the customer is reconnected to the same agent, who can then complete the call, answer any questions and ensure that the customer is entirely happy before hanging up.

And if you are just concerned about ensuring that your contact centre is operating with high standards of data security the Hostcomm Contact Centre solution provides you with an effective contact centre inside a secure environment.

Connected by VOIP Communications

You’re in good company

Pharm N Case Study
Logo New V Case Study
First Data Logo 2018 N Case Study
Help Lin N Case Study
Shelter Logo N Case Study