CT Pros Blog

Ensuring PCI Compliance in Your Contact Center

Ensuring PCI Compliance Within Your Contact Center


The past year has seen an explosion of data breaches and credit card fraud, with the FTC reporting fraud losses of over $5.8 billion in 2021 alone. Thus, credit card safety has never been more critical or more vulnerable.  

Contact centers that take card payments must maintain the security of their customers. Payment card industry (PCI) compliance is one way that payment providers ensure companies do what they can to maintain the best security practices to keep cardholder information safe.  

Here's what you need to know about PCI compliance and tips to ensure adherence in your contact center: 

What is PCI Compliance? 

PCI compliance is the operational and technical standards companies must follow to ensure that customer card information is protected and secure from breaches. Compliance standards are determined in agreements and terms of contracts with merchant service providers and payment service providers.  

While details of agreements may vary, the PCI Data Security Standard (DSS) is the typically accepted guideline for compliance overseen by the PCI Security Standards Council (SSC). There are three main aspects of PCI compliance:  

  • Ensuring that sensitive card data is collected and transmitted in a secure manner  

  • Data is stored securely  

  • Security controls are validated each year according to the merchant level of requirements  

A contact center must complete an assessment comprised of 12 requirements that prove the company's systems and practices are secure to achieve compliance. They must also scan the process payment network, which requires the help of an outside organization. In some cases, small companies may be able to perform this themselves, while larger contact centers require a third-party assessment.  

Want to learn how we can help your business?

The 12 main requirements are:  

  1. Deploy and manage a firewall configuration that protects customer data 

  1. Avoid vendor-supplied defaults for passwords and other security parameters 

  1. Secure all stored cardholder information  

  1. Encrypt all cardholder data across public networks  

  1. Install and update anti-virus software to protect against malware  

  1. Deploy and manage secure systems and applications  

  1. Maintain need-to-know access to cardholder data  

  1. Assign a unique ID to everyone with access to customer data  

  1. Secure physical access to workplace and cardholder information  

  1. Supervise all network access to resources and customer information  

  1. Conduct regular penetration testing and vulnerability scans  

  1. Provide all personnel with a policy that addresses data security  

In addition, PCI DSS has more than 300 sub-requirements to address security best practices. Failing to follow the procedures set out in contracts can cause serious issues, such as thousands of dollars in fees and the potential cost of a data breach.  

IBM reported that the average price of a data breach in 2021 was $4.24 million. For most contact centers, the costs and headache of maintaining compliance are far easier than the expense of ignoring it.  

Businesses are categorized by level. Remaining compliant depends on business size, history, and the number of transactions they perform each year.  

The four compliance levels are:  

  • Level 1: Organizations that process over 6 million transactions or have experienced a breach that led to data loss.  

  • Level 2: Organizations that process between 1 million to 6 million transactions each year. 

  • Level 3: Organizations that process between 20,000 to 1 million credit card transactions. 

  • Level 4: Organizations that process less than 20,000 online transactions. 

Top Tips to Ensure PCI Compliance in the Contact Center 

To become PCI compliant, contact centers need to pay attention to how they use cardholder data to ensure it remains secure. Here are some of the top things to know about PCI compliance: 

PCI Compliance Applies to Almost Every Contact Center 

If a contact center accepts credit card payments, it must be PCI compliant, even if it only processes one transaction a year. Thus, even small contact centers must take steps to remain compliant.  

While filling out questionnaires can be tedious and frustrating, it is critical to maintaining compliance. Those who simply check yes to every question and are later compromised often face stiffer penalties. As a result, you need to take the steps to compliance seriously. 

Maintain Good Data Hygiene Practices 

In an effort to provide good customer service, many contact centers compromise cardholder data and fail to abide by PCI Compliance.   

For example, customer service reps take credit card information over the phone and keep ahold of sensitive data. One study found that 72% of contact center agents who collect payment information over the telephone still require customers to read their information aloud. Doing so is not compliant, and it leaves companies and customers vulnerable to scammers who can easily record and transcribe calls to steal information.   

It is essential to perform safe data practices to ensure PCI compliance and prevent compromised data.  

Other secure data practices include:  

  • Using strong, unique passwords  

  • Store only essential sensitive data and avoid physical copies  

  • Keep all software up to date as older software and point-of-sale terminals are vulnerable to data breaches, while newer cloud-based systems have strong encryption  

  • Use PCI SSC-validated card readers and payment software  

Security starts with your employees. By implementing and practicing good data hygiene, you can better achieve PCI compliance and lower the risk of compromised information. 

Leverage Systems for Easier Compliance 

PCI compliance does not have to be a long and tedious process. The right systems help secure contact centers with low-maintenance and PCI compliance support. 

PCI Pal, for example, provides solutions that are Level 1 PCI DSS certified PCI compliant to help contact centers assist customers and take payments securely. As one of our recent partners, they provide a solution that makes PCI compliance easier for contact centers. 

The right tools help contact centers provide the seamless support critical for businesses without compromising customer data or failing in their PCI compliance journey. 

Get PCI Compliant 

Maintaining PCI compliance is critical to improving cardholder security and preventing a costly information breach. Because contact centers are often required to handle sensitive customer data, abiding by PCI DSS minimizes the risk of leaking sensitive information and facing hefty fines. Always using best practices and the right tools will help ensure that data remains secure.  

If you are unsure about PCI compliance, please reach out and get the information you need to start maintaining compliance and customer trust. 

If you enjoyed this article you may also enjoy:

Ensuring PCI Compliance Within Your Contact Center

In the Meantime, Let's Connect!

Let's connect!

Follow us on Twitter! Like us on Facebook!

Follow us on LinkedIn! Like us on Facebook! Follow us on Twitter!

Contact Us