Skip to content →

An Introduction to PCI Compliance

Many people think PCI compliance is as simple as pausing and resuming a call recording at the time that sensitive credit card details are captured. In fact, there is much more to it than that. Payment card industry (PCI) compliance is adherence to a set of specific security standards that were developed to protect card information during and after a financial transaction. PCI compliance is required by all card brands. The Payment Card Industry Data Security Standard (PCI DSS) defines the need to secure cardholder data that is stored, processed or transmitted by merchants and processors.

Why is it important to be PCI compliant?

If a business loses card data i.e. suffers a data breach and it is not PCI DSS compliant it could incur fines and be liable for the losses incurred against these cards and the operational costs of replacing the accounts. In 2015, for example, staysure.co.uk, an online travel insurance company that stored sensitive payment card details in breach of PCI DSS requirements was fined £175,000 by the UK’s Information Commissioner’s Office (ICO) after the data was stolen by hackers.

You need to remember though that these PCI DSS specific costs are just part of the story. Organisations should not look at this in isolation. Instead they need to consider the issue of quality of service and PCI compliance as part of their wider performance quality obligations and requirements across the whole contact centre and even the entire organisation. It should be part of overall quality management, call recording and speech analytics approach in the contact centre.

This is certainly the case for one Scotland-based outsourced contact services provider to which Enghouse Interactive delivers its Quality Management Suite. One of the key benefits of the solution and approach that QMS supports is its ability to help ensure the outsourcer and its agents remain fully PCI-DSS compliant throughout all of their interactions with customers. When sensitive information i.e. credit card details are being taken by the agent, the provider can, thanks to the Enghouse Interactive QMS system, ensure that the recording is paused (an action that is automatically triggered when the agent reaches a certain point in the process) and then resumed at the right point.  It effectively introduces silence during the period that the credit card details are being taken. This in turn allows them to clearly ascertain how long its agents take to carry out the credit card processing and rectify any issues with the process.

Click here to read further about PCI compliance and the key goals and requirements which appeared in Mycustomer.com

Published in agent evaluation computer recording quality management quality monitoring workforce management