RevolutionCloud PCI-DSS Compliance
RevolutionCloud offers a flexible and scalable solution to ensure the safe collection of payments for any contact centre or organisation that takes card payments over the phone. It secures sensitive card and customer data, and ensures full PCI-DSS compliance.
It de-scopes organisations from PCI compliance checks as much as possible, especially in contact centres. Typically, organisations must complete a self-assessment questionnaire (SAQ), which is typically a SAQ-D, which contains 386 questions/controls to be met, something that often requires the services of a QSA provider which can cost up to £60,000 each and every year. Instead, RevolutionCloud ensures that organisations only need complete a SAQ-A with only around 14 questions/controls to be answered.
How Does It Work?
RevolutionCloud enables agents and customers to speak throughout the payment process and the card details are entered by the customer simply using their phone keypads, rather than reading them out on the call.
Agents engage a simple payment screen. CTI integration with payment service providers (PSP) the use of DTMF clamping to capture card details prevents customer card data from entering the organisation and de-scopes it from many of the compliance requirements.
At no time does any sensitive card information pass through or reside in any in-house systems and secure mode and routing to the PCI DSS-compliant service provider is only invoked when a payment actually takes place.
RevolutionCloud’s SIP-based solution is concise, simple to use and secure. It resides before the telephone system requiring no equipment installed on-site. Also, there is no need to change existing telecoms suppliers. It is fully flexible so can be integrated to an existing Customer Relationship Management (CRM) system, or used as a stand-alone agent application for quick set-up.
- Eliminates need to transfer all calls to access the PCI compliance delivering significant cost savings in terms of transaction fees, line rental and call charges
- No technology integration issues
- No equipment on-site which completely de-scopes the contact centre from PCI compliance checks