What is PCI Compliance and Why Should You Care?

A few months ago I had a fraudster use my credit card to purchase a bunch of stuff online, I was furious!! I spent the next few days stewing over how they got a hold of my information, I’m always so careful with these kinds of things but somehow the bad guys still got me. Anytime you provide your personal details to a business to validate your identity or provide credit information to pay for something there are regulatory compliance standards that all businesses must abide by. This compliance is called the Payment Card Industry Data Security Standards (PCI DSS). While there are 4 different levels of PCI DSS compliance, here I’m simply going to talk about PCI compliance as a whole.

As you can imagine, with so much commerce taking place over the phone, chat, email, and online Contact Centers are often a key focal point for PCI regulators. PCI DSS provide key guidance in helping to keep sensitive personal and payment information safe.

Here are 3 “must knows” about PCI DSS compliance.

1. Data breaches continue to be a trend

Nowadays, with the amount of information all businesses and customers share digitally, data security must be stronger than ever. Ransomware attacks like WannaCry or others with major damages almost resemble a sci-fi horror movie. Besides the big and mediatic attacks, there are others that affect even the smallest of businesses. According to NBC News,  between 2016 and 2018 there were 184 cyberattacks on public safety agencies and local governments in the USA – more than 1 attack every 4 days! With the evolution of e-commerce and simply making payments over the phone, all consumer personal information, and especially credit card information, can be at risk if businesses don’t adhere to proper and robust security standards.

2. Consumers are concerned about how their information is stored and used

New regulations, such as GDPR in Europe, have brought fresh attention to information protection, consumer rights, and the methods and practices used in storing and processing consumer information. Having safe and clear protection mechanisms of your personal data is considered to be a basic human right, and as the digital channels evolve and keep getting more secure, the more the remnant channels will have to evolve to keep up. Gaining and maintaining consumer trust helps to build loyalty, but a single breach can shatter everything.

3. Put your customer first by striving to meet the highest PCI standards

PCI DSS helps to address the most common cyber security standards for contact centers.

With the fast digital transformation across most industries, contact centers are no exception. With the advantages of digital transformation, either the efficiency of processes or the lower costs of handling, comes the ongoing concerns about ethics and information protection.

As of February 1st 2018, all new requirements in PCI DSS are in effect for organizations. This means that contact centers will have to meet a newer level standards established by Security Standards Council. And as the requirements are continuously evolving so businesses need to ensure they have an evolving, agile view and technology structure to ensure they stay on pace as these standards change over time.

Contact Centers Have Six Main Security Goals

These are the six main goals to contact centers and the several levels of security to be comply to:

Build and Maintain a Secure Network and Systems

1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

5. Protect all systems against malware and regularly update anti-virus software or programs
6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes

Maintain an Information Security Policy

12. Maintain a policy that addresses information security for all personnel