Securing the Contact Center with PCI DSS Compliance
With the numerous interactions customer service agents handle day to day, contact centers are entrusted with handling volumes of personal and sensitive customer data—namely, their credit card information. Yet notable incidents such as American retailer Target's massive data breach in 2013, which compromised the credit and debit card information of 40 million customers, and the most recent Apple Pay fraud also stemming from retail data breaches are stark reminders that even the largest corporations are not always safe from fraud. The aftermath can be potentially catastrophic as companies that fall victim to fraud may pay massive fines for failing to follow security measures, spend an additional fortune on resolving the issue, and ultimately risk losing their reputation and the loyalty of their customers.
To help protect customers from identity theft, the PCI DSS global security standard was established in 2006 and adopted by payment card companies for all businesses which store, process, or transmit cardholder data. The security measures outlined in the PCI DSS guidelines therefore set strict rules for contact centers to ensure that customer service agents, and the company's IT systems as a whole, handle customer data responsibly and securely. For example, the guidelines dictate that certain parts of cardholder data cannot be stored, and recorded calls are subject to the same rules as all other methods of obtaining and storing customers' card authentication data to prevent any security codes or account numbers from being recorded.
Contact centers may take several steps toward following the guidelines. With regard to IT systems, it's critical to maintain a firewall configuration that protects cardholder data by establishing an overall secure network, while using and maintaining antivirus programs are equally essential to keeping the network secure. To prevent the recording of sensitive data, compliance may be met by using a software solution that enables start/stop recording for moments when cardholder information is being communicated as well as automated IVR payment solutions that use voice recognition or keypad entry. In addition, contact center employees may play a key role in meeting the guidelines. Issuing each employee a unique ID or password to gain computer access is one strategy, as well as making sure that the passwords are strong and changed frequently. It's also a good idea to limit the number of employees in direct contact with cardholder data while carefully monitoring any access points at which employees come in contact with customer data.
PCI DSS compliance is a requirement for contact centers which needs to be taken seriously. By setting high standards for security, contact centers may enhance their reputation with payment providers, protect their businesses from future fraud, and maintain the loyalty and trust of their customers. To learn more about PCI DSS-compliant Contact Center Software solutions, please visit www.vocalcom.com.