Understanding PCI DSS Compliance

What is PCI DSS and why is it important?

PCI DSS stands for Payment Card Industry Data Security Standard and is a set of requirements which are designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

The key requirements of PCI DSS Compliance

There are 12 broad requirements for PCI DSS compliance, which are grouped together under six headings as shown below. Each of these headings represents a whole raft of specific actions. For a more in-depth look at what is needed, The Security Standards Council have produced a reference guide.

Build and Maintain a Secure Network

Install and maintain a firewall configuration to protect data
Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

Protect stored data (use encryption)
Encrypt transmission of cardholder data and sensitive information across public net

Maintain a Vulnerability Management Program

Use and regularly update anti-virus software
Develop and maintain secure systems and applications

Implement Strong Access Control Measures

Restrict access to data by business need-to-know
Assign a unique ID to each person with computer access
Restrict physical access to cardholder data

Regularly Monitor and Test Networks

Track and monitor all access to network resources and cardholder data
Regularly test security systems and processes

Maintain an Information Security Policy

Maintain a policy that addresses Information Security

The Impact of PCI DSS for Contact Centres

What does this mean for your contact centre?

If your business requires you to accept card transactions then you need to ensure that you are able to satisfy the requirements of PCI DSS in your own contact centre environment or work with a partner that has obtained accreditation. If your organisation is large enough and has the requisite skills in-house then it may be appropriate for you to obtain your own accreditation. But for many smaller businesses, there are good reasons for finding a partner who can do this work for you.

What are the advantages of working with PCI DSS compliant partner?

There are several reasons to consider finding a partner that can work with your contact centre rather than trying to go it alone.

The PCI DSS is likely to be an expensive process and is likely to require a capital investment of tens of thousands of pounds.
The process can take up to a year to complete depending on your current level of data security.
You may have to install additional software on your current systems in order to protect data and track changes in your data environment.
Your compliance will be reassessed on a quarterly basis.

I don’t currently take card payments: does it matter to me?

There are benefits for any contact centre of working with a PCI DSS compliant partner. This is because the requirements for PCI DSS will take you at least 70% of the way to ensuring that your business complies with the GDPR regulations, which will begin to apply from May 2018.

The Hostcomm Contact Centre Payment IVR

Hostcomm’s payment solution is the first to offer a contact centre platform and agent-assisted payment IVR in one PCI-DSS certified package. Its integrated approach eliminates many of the costs that standalone payment IVR solutions must occur in order to descope your contact centre, improves payment closure rates, while also minimising your commitment of resources and allowing businesses to start taking secure payments immediately.

LEARN MORE