Regardless of the type of industry that your business is in, security is one of the crucial things that you shouldn’t neglect. As a PCI DSS compliant call center, we’d like to share this guide with you to help you in keeping your business secure with PCI compliance.
If you’re new to PCI compliance and are wanting to learn about how it works, then this guide is certainly for you.
Let’s hop right in.
What is PCI DSS?
PCI DSS means “Payment Card Industry Data Security Standard.” This was created by the PCI Security Standards Council — a global body comprised of five major card brands located worldwide.
These five companies include:
- Visa Inc.
- JCB International
- Discovery Financial Services, and
- American Express.
This standard aims to reduce credit card fraud by placing safeguards on how sensitive authentication data is stored, processed, and transmitted. Any companies using any one of the five card payment systems are required to comply with the regulations set by the council.
Why is telephone card payment security essential?
Many regulatory bodies require companies to record and store phone conversations in different situations. In line with this, many fraudsters are currently shifting towards the telephone-order medium to steal data due to increased security and risk-mitigation factors in e-commerce environments.
Because of this regulatory compliance to other authorities, organizations who take customer card details over the phone may be exposing the obtained cardholder data to unnecessary risk due to being in contravention of the established PCI DSS requirements.
What are PCI DSS compliant call centers?
In a nutshell, call centers who comply with the PCI DSS standards have to ensure the following requirements:
- Implement and maintain an appropriate sensitive-authentication-data retention policy;
- Mask the primary account number of customers whenever it is displayed;
- Render the customer’s primary account number as unreadable whenever being stored;
- Encrypt the cardholder data before transmitting it through public networks;
- Implement proper user authentication for agents, staffs, and administrators;
- Adhere to a security policy on information;
- Label, inventory, and render unreadable any media that is used to record information as guided by PCI DSS requirements; and,
- Implement all PCI DSS requirements.
How do I know if a call center is PCI DSS compliant?
You can identify if call centers who take over-the-phone credit card details are PCI compliant or not.
Ask them to prove how they comply with PCI DSS regulations, and ask them to explain to you how they eliminate any sensitive authentication data from their recordings. This removal of data ought to be automatic and with no manual intervention from the staff.
If you’re looking for a PCI DSS compliant Philippines business process outsourcing call center to help you with administering your customer’s sensitive authentication data, then contact us now.