With Christmas fast approaching, contact centres are starting to prepare for increased calls and transactions. However, with payment card fraud continuing to rise and data theft constantly in the news, non-PCI DSS compliant contact centres could be risking more than just a fine.
Here are five reasons why to have a PCI DSS Compliance programme in place:
1. News travels fast
Survey¹ findings revealed that almost a third of medium sized organisations have no compliance programme in place. Downloading the standard available via SAQ (Self Assessment Questionnaire) can help companies to roadmap a PCI DSS programme.
Referring to the downloadable PDF of the VISA Merchant Agents List to engage with a trusted advisor is also a useful first step to vetting vendors – and avoiding fines and lawsuits should the unthinkable happen and customer card data be stolen.
2. The buck stops with the merchant
Paying for goods and services remotely is the norm for consumers and they expect their personal information to be kept secure. Every contact centre that accepts card payments over the telephone is responsible for safeguarding their customer’s information and can be held liable for security compromises.
The Payment Card Industry Data Security Standard (PCI DSS) is intended to protect cardholder data. By complying with PCI DSS, companies can meet their obligations to the payment eco-system and build a culture of security that benefits everyone.
3. PCI DSS Compliance is not a one-off exercise
PCI DSS compliance must be revisited every year and that takes time and resource. Employing a compliance officer, who has the complete support of the contact centre management, can help to ensure the required changes are driven through.
4. Customer awareness is increasing
In the event of a security breach customers become quickly upset at the thought of their details being stolen and used fraudulently. The resulting inconvenience and risk leads to reduced customer confidence in the retailer and payment method. Reactive contact centres could find themselves playing catch up as customers vote with their feet.
5. Being PCI DSS compliant means the entire trading environment
The latest version of PCI DSS introduced a new requirement, compelling service providers to supply a “Responsibility Matrix” which defines who is responsible for each of the 300+ PCI controls; namely the client, the supplier or both.
The best way to minimise exposure to the primary risk areas of staff and infrastructure is by investing in training and education on the PCI DSS standard and work with payment organisations that are themselves Level 1 PCI DSS compliant.
Take steps today for a safe and profitable Christmas
The time to take action is now – put a checklist in place, work with the right payment solution provider and get a compliance programme underway and have a secure, profitable Christmas.