For customers to buy from an organisation either in person, online or via a contact centre they need to be confident that their payment cards will not be compromised, their personal details are secure and their identities cannot be stolen. PCI DSS was created to protect consumers and merchants against security breaches.
PCI DSS stands for the Payment Card Industry Data Security Standard, developed by Visa®, MasterCard®, JBC®, Discover® and American Express®. It is made up of 12 requirements designed to secure business systems that store, process or transmit card holder data.
As the stakes are getting higher with millions of pounds being lost as a result of card fraud PCI DSS is enjoying a well-earned revival. Earlier this month a London student was sentenced to 22 months in prison for sending out scam text messages. This followed an investigation by the Dedicated Card and Payment Crime Unit (DCPCU), a specialist City of London and Metropolitan police unit funded by the banking and cards industry(i). Officers found the student’s digital devices contained personal details from hundreds of victims while a large quantity of cash was found at his home address.
Many merchants believe if they don’t take payments over the phone then PCI DSS doesn’t apply to them. However, the regulation applies to card payments made over all channels, including in store and online, to prevent personal details falling into the wrong hands.
What’s the price of non-compliance?
In contact centres the most effective way to be PCI DSS compliant is to introduce clever behind the scenes technology. For example, the latest Agent Assisted Payment systems from Encoded allow contact centre agents to process card payments without being exposed to sensitive card data. While PCI DSS compliance can be seen as expensive and complicated to implement, working with the right payment service provider will make it your friend and keep you and your customers, safe.
download the Truth about PCI DSS compliance ebook