PCI DSS & Telephone Payments

PCI DSS & Telephone Payments

If your customers speak their payment information to agents in your contact centre who then enter the details into their desktop, PCI compliance can involve many checks and controls, including:

  • Up to 286 security controls that need to be applied regularly to the desktop and the network it operates on.
  • Ensuring sensitive authentication data is not stored on call recordings.
  • Minimising the risk of a security breach by vetting new agents with the Criminal Records Bureau; an expensive and time consuming process.
  • Making sure data cannot be removed by any means; usually by banning pens and paper and mobile phones from the contact centre.

These measures are time-consuming, expensive and are detrimental to the contact centre working environment.  With the right solution from Semafone it is possible to eliminate them altogether.

PCI DSS and the FSA

The FSA requires that some types of calls taken by financial services companies, including all calls dealing with mortgages in arrears, be recorded. This is to ensure that customers are treated fairly and consistently and are given the correct information and advice.

This causes a real problem for financial services call centres, which have to record calls to comply with FSA requirements, but cannot record or store sensitive information in order to comply with the PCI DSS.

What Works >>