Skip to main content
The Insiders' Guide to Contact Centre PCI Compliance

The Insiders' Guide to Contact Centre PCI Compliance


In order to be PCI Compliant there are also four levels of compliance to watch out for which have been authorised by the card issuers. These levels of compliance differ according to your business needs and have been actioned according to the volume of card transactions completed over a 12 month period. 

PCI Compliance Level 1
If over 6 million Visa/Mastercard transactions are processed per year. 

PCI Compliance Level 2
If over 1 million to 6 million Visa/Mastercard transactions are processed per year. 

PCI Compliance Level 3
If over 20,000 to 1 million Visa/Mastercard e-commerce transactions are processed per year. 

PCI Compliance Level 4
If less than 20,000 Visa/Mastercard e-commerce transactions are processed per year as well as other companies that process up to 1 million Visa/Mastercard transactions per year. 

Companies that meet the level 1 requirement must have yearly on site reviews by an internal auditor as well as a required network scan. This should be completed by an approved scanning vendor. Companies that meet levels 2, 3 and 4 are obliged to annually complete the PCI DSS Self-Assessment questionnaire. Alongside this, they also need to undergo quarterly network scans accompanied with an approved scanning vendor.  

What are some of the implications of being non-compliant

The consequences of being non-compliant can mean serious implications for an organisation. Here we list a few: 

Monthly fines for non-compliance
Payment Card providers (who also form part of the PCI Security Standards Council) at their discretion can impose hefty penalties for non-compliance. Fines can range anywhere from £3, 500 to £250,000. A rather large penalty to pay. 

Withdrawal of Merchant Services
The ultimate penalty. This essentially entails the withdrawal of their Merchant ID. For any organisations that rely on taking card payment from customers this is the ultimate price for them to pay. 

Loss of customer confidence
While being PCI Compliant is extremely important, the trust your customers place in you should not be overlooked. It is the organisations responsibility to protect each and every customer’s personal details. Providing your customers with the confidence that you are safeguarding their highly personal information is crucial.  

How much should I budget for achieving PCI Compliance in the contact centre?

Costs for becoming PCI Compliant vary from business to business and are reliant on a range of different factors including business type, number of transactions processed, active IT infrastructure as well as existing debit/credit card processing and storage procedures.
Here are a few variables explained in more detail that will factor into the cost of being compliant: 

Business Type
Depending on whether you are a franchise or a service provider as examples each will have varying amounts of sensitive customer details as well as varying risk levels which will mean different requirements for being PCI Compliant. 

Organisation size
The larger the organisation the larger the amount of variables which can go wrong. Large amount of staff members means large amounts of customers which also mean large amounts of cardholder details being processed. 

Organisation environment
The programs already in use, the make and model of the desktops and the kind of firewalls that are being used – these can all affect the cost of PCI Compliance.

From a recording standpoint, the costs for PCI Compliance depend on which solution is chosen. Automated PCI using desktop triggering for example can range from approximately £7,000 to £30,000 depending on the recording solution.
For the Application Programme Interface (API) the software costs can also vary (ranging anywhere from £7,000-£20,000 depending on the solution) but there will be additional costs for development of the API interface itself. However, it is worth considering that the API method may not always be appropriate as the payment application may be an external application. API is best suited to ‘home-grown’ payment applications. 

*Original answers provided by Business Systems for Call Centre Helper – ‘An Introduction to PCI Compliance’ – 2016. 

Useful Links

If you want to find out more about PCI Compliance here are some useful links: 
PCI Security Standards Website >
[WHITEPAPER] Ensuring PCI Compliance >
When PCI Compliance for call recording sends you running for cover >

Back to Page 1 >