Justin Robbins of Talkdesk discusses three things that you must know about PCI compliance, before sharing six key contact centre security goals.
A few months ago I had a fraudster use my credit card to purchase a bunch of stuff online. I was furious!! I spent the next few days stewing over how they got hold of my information.
I’m always so careful with these kinds of things but somehow the bad guys still got me. Any time you provide your personal details to a business to validate your identity or provide credit information to pay for something, there are regulatory compliance standards that all businesses must abide by. This compliance is called the Payment Card Industry Data Security Standards (PCI DSS).
While there are four different levels of PCI DSS compliance, here I’m simply going to talk about PCI compliance as a whole.
As you can imagine, with so much commerce taking place over the phone, chat, email, and online contact centres are often a key focal point for PCI regulators. PCI DSS provides key guidance in helping to keep sensitive personal and payment information safe.
Here are three “must knows” about PCI DSS compliance.
1. Data Breaches Continue to Be a Trend
Nowadays, with the amount of information all businesses and customers share digitally, data security must be stronger than ever. Ransomware attacks like WannaCry or others with major damages almost resemble a sci-fi horror movie. Besides the big and mediatic attacks, there are others that affect even the smallest of businesses.
According to NBC News, between 2016 and 2018 there were 184 cyberattacks on public safety agencies and local governments in the USA – more than one attack every four days!
With the evolution of e-commerce and simply making payments over the phone, all consumer personal information, and especially credit card information, can be at risk if businesses don’t adhere to proper and robust security standards.
2. Consumers Are Concerned About How Their Information Is Stored and Used
New regulations, such as GDPR in Europe, have brought fresh attention to information protection, consumer rights, and the methods and practices used in storing and processing consumer information.
Having safe and clear protection mechanisms for your personal data is considered to be a basic human right, and as the digital channels evolve and keep getting more secure, the more the remnant channels will have to evolve to keep up.
Gaining and maintaining consumer trust helps to build loyalty, but a single breach can shatter everything.
3. Put Your Customer First by Striving to Meet the Highest PCI Standards
PCI DSS helps to address the most common cybersecurity standards for contact centres.
Contact centres are no exception to the fast digital transformation that’s happening across most industries. With the advantages of digital transformation, either the efficiency of processes or the lower costs of handling, comes the ongoing concerns about ethics and information protection.
As of February 1st 2018, all new requirements in PCI DSS are in effect for organisations. This means that contact centres will have to meet a newer level of standards established by the Security Standards Council. And as the requirements are continuously evolving so businesses need to ensure they have an evolving, agile view and technology structure to ensure they stay on pace as these standards change over time.
Contact Centres Have Six Main Security Goals
These are the six main goals to contact centres and the several levels of security to be comply to:
1. Build and Maintain a Secure Network and Systems
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
2. Protect Cardholder Data
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
3. Maintain a Vulnerability Management Programme
- Protect all systems against malware and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
4. Implement Strong Access Control Measures
- Restrict access to cardholder data by business need to know
- Identify and authenticate access to system components
- Restrict physical access to cardholder data
5. Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
6. Maintain an Information Security Policy
- Maintain a policy that addresses information security for all personnel