The contact center is a rich source of valuable data and insight, documenting the voice of the customer through transaction histories, comments, compliments, and complaints. Unfortunately, that same data represents an irresistible prize for criminals, who have worked all manner of brute force, social engineering, and internet attacks in an attempt to exploit vulnerabilities and appropriate sensitive financial information.
Financial data security standards handed down and ultimately enforced by credit card network processors have turned a keen eye on the contact center. All interaction channels – call, chat, email, video, etc. – that dutifully store the verbatim details of payment card transactions represent a potentially rich vein of illicit account information for thieves, and the payment card industry has responded in clear terms. Capturing sensitive authentication data is expressly forbidden by the Payment Card Industry Data Security Standard (
PCI DSS).
What is PCI Compliance?
When the credit card industry moved into the digital space, it quickly realized the need to protect itself from digital fraud. Merchants and those responsible for handling the data needed to protect it in the same way they would protect physical currency.
Credit card handlers knew they had to protect the data, but they didn't necessarily know how. The major credit card companies had a vested interest in helping companies protect the data, and so each developed their own security standards.
At first, credit card companies came up with their own internal information security programs. The introduction of a centralized requirement helped unite these disparate programs under one umbrella, and the Payment Card Industry Data Security Standard (PCI DSS) was born.
Simply put, PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. Any organization, regardless of size, that takes payment remotely online, over the phone, or via mail order is responsible for maintaining
PCI DSS compliance.
Sounds simple enough, right? But PCI compliance can pose a major challenge to organizations if they're not equipped with the proper knowledge and tools.
The Importance of PCI Compliance
Although the PCI Council itself does not enforce compliance with its rules, its member organizations expect and require that PCI standards be followed. The card networks are not pulling punches. One even actively solicits businesses to inform on their non-compliant vendors and trading partners. In short, if your company is not in compliance with PCI-issued rules, you risk being cut off from the world's most popular consumer and small business payment brands. That is an intolerable risk in any industry, in any economy.
Call center PCI Compliance
Protecting customer data requires more than simply omitting sensitive data from a permanent record. A qualified contact center compliance partner will provide all the tools and insights to guide a complete evaluation of the infrastructure involved in the transaction process. Security audits of both the network and individual payment processing applications are just as important as the safety of the interaction recording system.
Let's take a look at the 6 key requirements to comply with the PCI DSS:
NICE Compliance Center Makes PCI Compliance Easy
The
Compliance Center is a unique end-to-end compliance solution that assures interactions are recorded, stored, and accessible in adherence with specific regulatory requirements and according to the best practices and policies defined by each organization. The solution leverages automation and analytics for PCI DSS compliance:
- Agents can receive real-time notifications on their recording on demand system, or leverage automation and manual commands to pause & resume recording activities, to ensure they don't record sensitive information
- The IT team can promptly monitor their system's behavior focusing on sensitive data, cardholder data, and encryption
- Compliance officers benefit from mission critical mechanisms for policy definition, management and approval
Thanks to its "Assurance Dashboards" application, the PCI DSS Compliance Center solution offers actionable insights enabling detection of any interaction in violation with the standard.
The "Policy Manager", the second pillar of the Compliance Center, is a mission-critical application enabling users to define policies for extraction in case of audits, as well as other common policies such as playback lock, litigation hold, or deletion. The policies can be applied on a large amount of interactions or on very specific ones to accommodate any use case. With dedicated workflows for approval processes and predefined wizards for policy definition and interactions retrieval, all compliance policies can be managed from a centralized hub.