A PCI DSS Level 1 Certified Call Center Can Be Your Best Partner
Those in the customer care and payment card industries have a great responsibility to protect their customers and the organization. Criminals actively seek to exploit systems, technology, and sometimes even the desire of customer service representative to be helpful in order to steal customer data.
When standards aren’t established, maintained, and audited to ensure compliance, criminals have their window of opportunity to steal and hold data for ransom. Malicious entities seek out the weakest link. In some cases, companies are leaving the door wide open for data breach with outmoded systems or alack of education about the risks.
Fortunately, when it comes to managing credit card data there are clear sets of rules. These are known as Payment Card Industry Data Security Standard (PCI DSS). PCI compliant companies need a PCI compliant contact center partner to maintain a safe, secure environment.
We take pride in protecting your business and customers.
What Are PCI Call Center Compliance Requirements?
Six goals and 12 vital requirements compose the payment card industry data security standard PCI DSS.
There are four PCI DSS compliance levels of requirements with Level 1 being the highest. The PCI DSS Level 1 compliance requirement states that a company can safely manage 6 million Visa and Mastercard transactions in a year. In order for a call center to state that they meet PCI call center compliance requirements for Level 1, they must at a minimum be able to demonstrate through self-audits that they are complying with PCI Level 1 standards.
This audit requires six basic steps:
- Scope – Assess which systems and networks must comply with PCI DSS standards.
- Assess – Determine whether each component within scope meets each PCI DSS requirement.
- Report – A Qualified Assessor documents findings
- Attest – Attestation of Compliance (AOC) must be completed
- Submit – submit the Self-Assessment Questionnaire (SAQ), Report on Compliance (ROC), Attestation of Compliance (AOC) and other requested supporting documentation such as Approved Scanning Vendor (ASV) scan reports to the acquirer (for merchants) or to the payment brand/requestor (for service providers)
- Remediation – Perform remediation to address any gaps identified. This includes followup documentation of the course of action, goals and progress.
How Does PCI DSS Level 1 Compliance Protect Customers Against Data Breaches?
There are several ways a PCI Certified Level 1 Contact Center protects you from data breaches.
- Working on a secure network
- Full encryption
- Using the best security software
- Restricting access based upon job role and need-to-know criteria
- Clearly-defined and written document management process
- Rigorous training and ongoing training programs
- Full network monitoring
- CSR compliance monitoring
What Are the Risks and Penalties for Non-Compliance?
You have everything to lose when you or your partners are not equipped to safely manage your payment processing volume and the customer relationships associated with each and every one of those payments. PCI DSS is not a legal requirement, but major credit card companies require compliance.
Failure to comply will lead to not only higher banking fees and regulatory fines should a breach occur; you could face lawsuits and significant damage to the brand reputation you’ve worked so hard to build with customers. A PCI compliant contact center helps you maintain the trust of your customers that is so vital to your continued success as a business. They have the proven systems in place to prevent data breaches that may result incostly fines, lost customers, remediation plans. Your company can’t afford not to work with a PCI call center.
How Does a Call Center Become Certified & Remain Certified?
In order for a call center to get certified, they must:
- Complete annual on-site audits by a PCI-SSC-accredited Qualified Security Assessor (QSA).
- They must complete annual penetration testing (a.k.a. “pen testing”) via an Approved Scan Vendor (ASV). This is the act of testing computer systems systematically to seek out vulnerabilities that a hacker could exploit.
- Complete attestation and payment card industry data security standard PCI DSS compliance documentation.
What Industries Need a PCI DSS Compliant Contact Center?
A payment card industry data security standard isn’t just important in retail. Any for-profit or not-for-profit organization that is taking customer payments or managing customer payment inquiries through phone, email, chat, social media, SMS text or other technology, inbound or outbound, needs the re-assurance that working with a compliant contact center offers.
Global Response is PCI DSS Level 1 certified. This means that not only does Global Response undergo internal audit; an external auditor has reviewed our systems, controls and card data environment to establish compliance. We take pride in protecting your business and customers from data breach.