6 Strategies for Achieving PCI Compliance 4.0 in the Contact Center

In our last post, we discussed some of the challenges of maintaining regulatory compliance in the age of remote work. We used the Payment Card Industry Data Security Standard (PCI DSS compliance) as an example. As organizations work to ensure compliance with the latest version, PCI DSS 4.0, they must extend those efforts to offsite staff. PCI DSS applies to remote workers who access, store, process or transmit cardholder data.

6 Endpoint Vulnerabilities That Could Put Your Organization at Risk

It also applies to the contact center if agents take payment card information over the phone. Complying with PCI DSS compliance mandates is critical to preventing fraud and data exposure. It also provides the foundation for compliance with other regulations such as HIPAA, PIPEDA and state privacy laws.

As we noted in our last post, the people, processes and technologies that could impact the security of cardholder data must comply with PCI DSS. The contact center is fraught with risks for noncompliance given the diverse systems and communication channels involved. Remote work has made compliance more difficult, with agents spread across multiple locations. Organizations need a layered strategy to ensure that cardholder data is protected.

 

Step #1 Develop a Plan

As an initial step, organizations should determine which regulations they must comply with and whether any rules have changed since the last audit. They should then assemble a PCI data security compliance team with expertise in these regulations and the contact center environment. The team should develop processes for assessing systems, policies and procedures against compliance requirements, then develop a plan for closing any gaps.

PCI DSS version 4.0 introduces new requirements, including stronger authentication, anti-phishing measures, and enhanced security for data in transit, posing challenges for remote work compliance.

 

Step #2 Secure the Technology

Organizations should ensure that their networks are secure. Firewalls should restrict access between systems that store or process cardholder data and the Internet. Data should be encrypted at rest and in transit to prevent exposure. Role-based access controls should ensure that only authorized users can view sensitive information. Access should be restricted to only those who need it to do their jobs.

 

Step #3 Redact Recorded Calls

Recorded calls are subject to PCI DSS compliance requirements, just like any other means of capturing and storing cardholder data. Some call recording systems enable agents to pause the recording when the customer provides credit or debit card information. Others use speech analytics to pause the recording automatically while storing the information in the CRM. Automated systems that prevent the recording of cardholder data are not within the PCI Scope.

 

Step #4 Train Agents in PCI Compliance 4.0 Requirements

Agents who handle payment card information should be trained in PCI-compliant procedures. Training should cover how to verify the customer’s identity, what information to collect, and how to use technology appropriately. PCI compliance training should stress that agents should never write down any payment card data. The emphasis of PCI compliance training should be on protecting the customer first, with protecting the organization as a secondary objective.

 

Step #5 Implement Physical Security Controls

In a physical contact center environment, organizations should restrict access to areas of the building where payment card data is maintained. Security cameras and other controls may also be appropriate. Agents should not be allowed to bring their personal mobile devices into these restricted areas. Agents who work from home should ensure that family members and guests cannot access sensitive systems and data.

 

Ensure PCI Data Security Compliance by Partnering with a Qualified Technology Provider

The right technology provider can be an invaluable partner in contact center compliance. Global Data Systems offers a cloud-based contact center solution that delivers enterprise-class capabilities and the highest levels of security. These PCI compliance services are invaluable to call centers in a wide range of industries. This is a cost efficient alternative to the legacy contact center, ensuring the flexible capability of world-class customer service on one platform. It is easy to deploy, able to be customized to your workflow, and there is no hard equipment investment needed.

Using our proven implementation methodologies, we can have a state-of-the-art contact center solution up and running in just a few weeks. The solution is backed by our monitoring, management and support services to ensure performance and reliability. The GDS team then monitors, manages and supports the solution to ensure unmatched reliability for mission-critical operations. We also provide a range of security services to protect your entire IT environment. Let us help you meet regulatory requirements and secure your operations against the latest threats. Book a demo with the GDS team today and learn what our experts can do for you!

 

 


 

Benefits of Managed IT Services from Global Data Systems

  • Strategic Managed IT: We help you solve your technology related business problems.
  • Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
  • Support: When you need help simply call our 24x7x365 support number.
  • Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.

Contact Managed Services Provider, Global Data Systems >

 

Get In Touch

310 Laser Lane
Lafayette, Louisiana 70507
Office Hours: Monday - Friday
8 a.m. - 5p.m.
Contact Us >

24 / 7 / 365 Support

Our dedicated support
staff are available by
phone 24 hours a day.

Phone: 888-435-7986

Time to simplify your IT?

3 Muskateers Marketing Pixel