The Contact Center is often the hub for Card Not Present (CNP) payment transactions. The transmittal, processing, and storage of payment transaction data carries with them an obligation for Payment Card Industry (PCI) compliance. By ensuring your contact center is PCI DSS compliant, you are also protecting your business – both financially and legally. A single data breach is now estimated to cost a company $3 million on average. Damages to your reputation and perhaps the demise of your company could be more costly.
The Payment Card Industry Security Standards Council (PCI SSC) was formed in 2004 by Visa and Mastercard. It created a set of 12 mandatory rules designed to protect payment transaction data. If your business is processing card payments, you are affected by PCI DSS requirements.
The requirements are clearly stated. Every business that handles cardholder information must do so in a manner that secures and protects the data using the following 12 requirements.
- Install and maintain a secure firewall
- Use unique passwords (rather than defaults)
- Encrypt stored data
- Encrypt data during transmission
- Keep anti-virus software current and updated
- Regularly check systems and applications are secure
- Ensure access is restricted to only those who need it
- Make sure those with access have a unique user ID
- Ensure physical access to data is restricted and controlled
- Make sure access to network and data is tracked and monitored
- Regularly test security systems and incident response plans
- Have a clear information security policy
Adherence to these requirements will ensure PCI DSS compliance for your contact center. However, PCI compliance doesn’t automatically reduce risk or increase security. PCI DSS compliance is not a legal requirement, yet it does ensure compliance with the Data Protection Act – protecting you legally should the worst happen.
If a system is compromised and the company is found not to be PCI DSS compliant, the business could face severe penalties, such as brand damage, lawsuits and legal costs, share price drop, job losses, insurance claims, regulator fines, higher banking fees, and potentially, the loss of ability to accept card payments.
A recent report from Verizon (Verizon 2017 Payment Security Report) revealed the following percentage of businesses that fail to maintain PCI compliance:
- 57.1% of Hospitality businesses fail to maintain PCI compliance
- 50.0% of Retailers fail to maintain PCI compliance
- 40.9% of Financial Services businesses fail to maintain PCI compliance
- 38.7% of IT companies fail to maintain PCI compliance
There is much to know. Is your contact center PCI DSS compliant? Are you protecting your business and your data? The Team at AVDS has partnered with industry leader PCI Pal to help you get answers to these questions and plot your course for compliance and peace of mind. You don’t have the time to let this one wait. Contact AVDS TODAY and speak with an expert data security consultant.
Director of Sales & Marketing, Engineer, Storyteller, Photographer, Decent Cook, Family Man…