Top Three Issues Creating PCI Compliance Strain


August 8, 2013

The agents in your contact center likely record every customer conversation. However, while this helps to provide the best customer service possible and to meet financial regulations in some industries, it presents a serious issue related to the storage of sensitive personal data, like credit card information. In order to protect that confidential data, your company must therefore follow the Payment Card Industry Data Security Standard (PCI DSS).

Recent research indicates that PCI compliance is a major concern for companies today. In fact, 79 percent of merchants that employ 51 or more employees confirmed in a recent survey that PCI compliance is a high priority, while 82 percent consider it mandatory. The reality is any organization that harbors credit card information, phone and Social Security Numbers could be in jeopardy of PCI compliance violation—which could carry fines of up to $500,000 per each data security incident.

Here is a look at some of the top issues currently facing call centers when it comes to the management of personal client information: 

Unauthorized Access to Personal Information

By and large one of the biggest challenges facing companies is the risk of credit card information falling into the wrong hands. Many companies concern themselves with protection against third-party invasion, but fail to take into account the security concerns surrounding employees. Security measurements must be taken to ensure that those handling sensitive information are not put in a position where they could fraudulently misuse data.

Insecure Data Storage

As the bring your own device (BYOD) movement picks up momentum, and more and more organizations begin to implement mobilization strategies, concerns about the security of stored information is becoming more prevalent. Hackers, malware and device theft could leave customer information exposed—and could jeopardize your organization in the process. 

End-Point Validation

Another pressing issue about the storage of big data concerns the storage of information as its streams in from various sources. Due to the fact that consumer data is now collected from a variety of places including email, social media, phone calls and more, there must be a way to validate its safe storage and access at the intake point. Failure to do so could result in a serious breach of personal information from outside intrusion such as malware working its way into a company’s database, as one example.

Cloud-Based Contact Center Providers and PCI

The good news, however, is that when you outsource to a cloud-based contact center provider that is fully PCI DSS compliant, you ensure that your organization and your customers are protected by infrastructure that has been validated and certified by independent and competent security assessors.  Qualified Security Assessors (QSAs) are the only recognized organizations by the major credit card issuing companies that have the skills, expertise, and current knowledge to certify that all twelve (12) mandatory requirements of the PCI Institute have been addressed successfully which is the key element of full PCI certification. Safely maintaining that sensitive personal information is critical, and adopting the highest possible levels of security and validation is essential in today’s theft-prone and litigious environment.

Questions or comments or would you like more information on this topic? Please click here.

Dennis Empey

Chief Information Security Officer

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s