PCI Pal is a multi award-winning cloud-based secure payments provider specializing in PCI DSS Compliant Card Not Present (CNP) payment solutions for contact centers. AVDS leverages the expertise of PCI Pal to provide companies with a secure way of handling payments by phone without bringing their environments in scope of PCI DSS.
The Contact Center is often the hub for financial transactions, especially CNP or Card Not Present payments. The transmittal, processing, and storage of payment transaction data carries with them an obligation for Payment Card Industry (PCI) compliance. By ensuring your contact center is PCI DSS compliant, you are also protecting your business – both financially and legally. A single data breach is now estimated to cost a company $3 million on average. Damages to your reputation and perhaps the demise of your company could be more costly.
What is PCI DSS Compliance?
The Payment Card Industry Security Standards Council (PCI SSC) was formed in 2004 by Visa and Mastercard. It created a set of 12 mandatory rules designed to protect payment transaction data.
Compliance requirements are clearly stated. Every business that handles cardholder information must do so in a manner that secures and protects the data using the following 12 requirements.
- Install and maintain a secure firewall
- Use unique passwords (rather than defaults)
- Encrypt stored data
- Encrypt data during transmission
- Keep anti-virus software current and updated
- Regularly check systems and applications are secure
- Ensure access is restricted to only those who need it
- Make sure those with access have a unique user ID
- Ensure physical access to data is restricted and controlled
- Make sure access to network and data is tracked and monitored
- Regularly test security systems and incident response plans
- Have a clear information security policy
Adherence to these requirements will ensure PCI DSS compliance for your contact center. However, PCI compliance doesn’t automatically reduce risk or increase security. PCI DSS compliance is not a legal requirement, yet it does ensure compliance with the Data Protection Act – protecting you legally should the worst happen.
What makes PCI Pal the best?
Currently, contact centers agents request credit card numbers and other sensitive data and then enter that directly into the payment portal. This results in broken recordings, inaccurate coaching and training material, expensive infrastructure costs, and reduced customer care.
What’s the worst that can happen?
If a system is compromised and the company is found not to be PCI DSS compliant, the business could face severe penalties, such as brand damage, lawsuits and legal costs, share price drop, job losses, insurance claims, regulatory fines, higher banking fees, and potentially, the loss of ability to accept card payments.
A recent report from Verizon (Verizon 2017 Payment Security Report) revealed an alarming percentage of businesses that fail to maintain PCI compliance:
- 57.1% of Hospitality businesses fail to maintain PCI compliance
- 50.0% of Retailers fail to maintain PCI compliance
- 40.9% of Financial Services businesses fail to maintain PCI compliance
- 38.7% of IT companies fail to maintain PCI compliance
There is much to know. Have you reviewed your PCI DSS compliance? Are you protecting your business and your data? The Team at AVDS can help answer these questions and help you plot your course for compliance and peace of mind. You don’t have the time to let this one wait. Contact AVDS TODAY and speak with an expert data security consultant.