Burning Questions: PCI Compliance in the Contact Center

Burning Questions: PCI Compliance in the Contact Center

April 1, 2020

The news cycle is full of stories about data breaches and cybersecurity threats, including massive attacks on well known enterprises such as Marriott, Equifax and Yahoo. In most cases, it is personal information that is leaked, but those problems compound for both users and companies when payment information is exposed.

If your contact center handles any kind of financial transactions, whether via phone, email, chat, or SMS, having a PCI Compliance plan is essential. PCI Compliance can sound daunting to a smaller contact center, or one that is new to taking payments. But you’re not alone – Although Verizon’s latest PCI DSS compliance report said that PCI compliance has increased 167% since 2012, it also found that 80% of all organizations are still not compliant with the data security standard.

Achieving PCI compliance starts with understanding the PCI DSS and the responsibility taken on by companies that handle transactions via one or more of their channels. Here we take a look at the burning questions surrounding PCI compliance in the contact center:

For one, it is very had to pinpoint the scope of PCI Compliance within a contact center because there are many moving pieces. The Payment Card Industry standard was primarily created for any company that performed a financial transaction by swiping a credit card.

But within a contact center, those transactions can be made via different channels – voice call, chat, SMS, email, and more. Customer information, even if it not the actual credit card number being entered, still falls under PCI compliance. Unlike a physical retailer, who receives credit card information via a physical swipes, the compliance scope for the contact center must expand to cover the omnichannel approach.

Get help with contact center PCI compliance

If your contact center has a need for enhanced PCI compliance, NICE can help. Our Trust Office provides a team of PCI compliance experts that can provide the security your contact center needs to drive compliance and protect your customer’s information. Even if PCI compliance doesn’t fall under the scope of your contact center requirements right now, it is a best practice to work with a cloud-based software partner that provides a high level of security & compliance to allow your company to scale in the future.

For more information on how NICE security protocols drive compliance for contact centers, visit our Trust Office page.