Update August 2016 – We’ve recently put together an updated article on PCI DSS Compliance. Check out our latest articles on this topic – The Insiders’ Guide to Contact Centre PCI Compliance.
Can we ever really believe our personal banking information is safe? The government can’t seem to manage it nor the private sector as Nationwide proved with their £1m FSA fine for security lapses. So where does this leave us?
Visa and Mastercard have implemented their own measures to protect payment providers and merchants from identity theft and credit card security breaches.
The Payment Card Industry Data Security Standard (‘PCI DSS‘) as it is known, has been set up by them and other providers as a compliance standard, it is not law but is a contractual obligation which can be applied and enforced by PCI compliance fines and other restrictions – directly by the payment providers themselves.
What does this mean for your contact centre? Basically if you fail to comply with the standard you face the prospect of compliance fines of up to £50,000 per infringement or being permanently barred from the card acceptance programme should a serious breach occur.
Under the new standard, organisations are legally obliged to take a number of steps to ensure cardholder data is secure. These include assigning a unique ID to each person with computer access and restricting physical access to cardholder data. There are a number of measures you can take to ensure PCI DSS compliance such as automated IVR self-service solutions for credit card payment and data capture. Such applications are not expensive to implement using a hosted model, credit card payments can be taken using automated scripts and integrated into customer data. Passwords can be set up to ensure complete customer security.
A small price to pay for peace of mind. Find out more on our PCI DSS Compliance page.