Juergen Tolksdorf of Genesys discusses contact centre compliance and the role of encryption technology.
I recently read an article that discussed how PCI compliance is not enough for breach prevention, but rather businesses should focus on chips and tokens as a best strategy.
The author’s argument is that “while PCI compliance is necessary and useful, it’s not always sufficient to be fully secure. To counter this, independent software vendors (ISVs) must adopt a layered security approach that uses EMV, encryption technology and tokenization in addition to keeping up with PCI compliance requirements.”
In general, encryption technology and tokenization are invaluable security tools. Not leaving data on your system waiting to be easily stolen is obviously a good idea. Even better if it’s tokenized, making it nearly impossible to use.
However, these solutions won’t be 100% effective in a contact centre environment. The use of Point to Point Encryption Solutions in a contact centre still exposes an organisation to massive PCI compliance risks.
While the data might not be stored in their system using this technology, there are holes when it comes to agent activity.
Agent conversations are recorded, leaving room for hackers to steal recordings. Additionally, this also still gives internal employees the ability to steal information with the agent’s ability to see and hear a customer’s PII.
Think about the last time you said your credit card number or social security number out loud to an agent on the phone. It probably felt unsafe – and it is. But what’s the best way to solve this issue?
On top of tokenization and encryption, contact centres need these calls to be descoped from PCI DSS.
Using a solution like Agent Assist masks Dual Tone Multi Frequency, aka touch tones, to provide companies with a solution to receive payments by phone without agents seeing or hearing the PII and without the recording software picking up the information and storing it.
With the most recent Verizon 2018 Data Breach investigation report finding that almost a third of breaches are executed by an internal employee, this is not a risk that companies should be taking. Even if they completely trust their workforce, it’s not worth it.
This blog post has been re-published by kind permission of Genesys – View the original post
To find out more about Genesys, visit their website.