Organisations still confused about PCI compliance 6,589 Filed under - Archived Content, Business Systems, Compliance, Infographic, Legal, PCI Compliance According to a Business Systems best practice guide, there is still a lot of confusion in the market about the implications for PCI compliance when recording calls. Any organisation taking sensitive data from a customer, in particular credit or debit card details, has a duty to ensure they are taking every step possible to protect customers and their data from fraudulent use and identity theft, and this obviously extends into data captured in recorded calls. In 2012, according to the Financial Fraud Action (FFA UK) website, credit card fraud rose in the UK to £388m, up 14% on 2011. Within this figure, £32.1m was associated with card ID theft, a staggering 42% increase on the previous year. As a result, organisations are increasingly being put under the spotlight and fines being issued where breaches in compliance are uncovered. The Payment Card Industry Data Security Standard (PCI DSS) applies to anyone taking credit/debit card payments in-person, over the internet or by telephone. Yet in the UK, some organisations have still not yet put in place the necessary technology, processes and procedures to ensure full compliance. The main reasons cited for this failure to comply are: (i) They do not fully understand their obligations under PCI DSS or (ii) They wrongly assume the steps required for compliance to be too complex and costly. The Business Systems best practice guide ‘How to Ensure PCI DSS Compliance’ aims to provide an easy-to-follow, digestible and practical guide to what PCI compliance means, the different options for compliant call recording, the pros and cons of these options and a proven approach to help protect organisations and their customers. It goes on to identify some of the common mistakes organisations make when attempting to implement a PCI-compliant call recording solution, but it also highlights the importance of building a solution which does not detract from the overall customer experience. Atiq Rehman Atiq Rehman, Consultancy and Training Manager at Business Systems, concludes “Performing the development required to make your recording platform PCI compliant can be a daunting and lengthy process. It’s important to work with suppliers who can provide comprehensive end-to-end testing to validate that you are no longer capturing or storing payment details and that there are no exceptions. The more experienced providers should be able to achieve this whilst minimising disruption to your current payment process handling infrastructure.” References Best practice guide: How To Ensure PCI DSS Compliance PCI Compliant Call Recording Infographic Author: Jo Robinson Published On: 24th Jul 2013 - Last modified: 12th Dec 2018 Read more about - Archived Content, Business Systems, Compliance, Infographic, Legal, PCI Compliance Related Reports White Paper: Consumer Duty Compliance Through Effective QA Contact Centre Reports, Surveys and White Papers Get the latest exciting call centre reports, specialist whitepapers and interesting case-studies. Choose the content that you want to receive. Contact Centre Reports, Surveys and White Papers Invites to exclusive Webinars & Events Weekly Newsletter