For the first time in over seven years, the Payment Card Industry Security Standards Council (PCI DSS) have updated their guidance document.
They have strongly reiterated their advice about the risk to businesses and contact centres who continue to use “Pause and Resume” methods for processing telephone card payments.
Updated guidelines clearly state that removing payment card data from the contact centre environment is the only secure solution to prevent fraud attacks and ensure compliance.
To quote section 6.5.1
“Pause-and-resume technologies may be manual or automated, and whilst a properly implemented pause-and-resume solution could reduce applicability of PCI DSS by taking the call-recording and storage systems out of scope, the technology does not reduce PCI DSS applicability to the agent, the agent desktop environment, or any other systems in the telephone environment”
Please note, your organisation must urgently review the way they take card payments over the phone.
I enclose a copy of the full guidance document. PCI DSS regulations apply to any organisation that stores, processes or transmits cardholder information, from any known credit or debit card including Visa, MasterCard and American Express.
SVL are happy to offer you a free initial consultation and review, regardless of contact centre size, if you are in any doubt about the compliance of your system.
You would even have the choice to bring your own SiP trunks or we can supply competitive SiP trunks from our secure cloud-based PCI Solution if your situation required.
Please contact us on 01355 900 000 or email firstname.lastname@example.org
Steven Perrins talks about the World of Compliance Huge efforts have been made to record, analyse and improve every interaction that comes into a contact centre, but what about the client meetings that take place remotely/face-to-face? We have the solution.READ MORE