PCI DSS in Contact Centres
Card accepting contact centres understand the importance of protecting customer data from fraud and cybercrime but not all appreciate the implications of PCI DSS (Payment Card Industry Data Security Standard). The main danger points to non-compliance fall within three main areas: storage, people and infrastructure. The ability for dishonest employees to access call recordings or to write down card details should not be ignored. In terms of infrastructure, every aspect should be considered including telephony, desktop computers, internal networks, IVR, databases, call recording archives, removable media and customer relationship management software.
Intelecom and PCI DSS
Intelecom has invested in achieving PCI DSS compliance. By working with Intelecom, contact centres will benefit when it comes to security and PCI audits. Intelecom also works with customers to ensure basic precautions are taken such as:
- Contact centre employees do not share passwords or user IDs
- Limiting the number of employees given access to full card information
- Restricting access to call recording based on roles and responsibilities
- Only allowing screen recording playbacks that display payment card information to managers and compliance officers while having it masked from others
- Managing the physical and logical access to stored recordings.
PCI DSS is often seen as a “black art” however, working with Intelecom, contact centres can be confident that the best solutions can be found for customer data and card payment security.