I recently completed a contact centre audit for a large retail company. When I asked if they were operating their telephone sales in a PCI-DSS compliant manner they confirmed they were.
Unfortunately, that wasn’t the case.
Indeed, they had spent thousands of pounds on consultants to help achieve their compliance and had even recruited a part time compliance manager.
All good and valid steps you say, but within a matter of moments I found 5 voice recordings stored on their system that had captured their customers’ sensitive data including names, addresses and card details.
The company was horrified to say the least, but my explanation was simple: PCI-DSS experts are not always contact centre experts.
In this instance, they had ensured that the customer sales order line was operating in a PCI-DSS compliant manner. But at times of peak business, customers who were fed up with queuing on the order line would phone a different number. These calls were answered by a different team, who transferred the customers internally to the sales team through a non PCI-DSS compliant route.
So what’s the easy solution – take yourself completely out of scope for PCI-DSS, so no matter how your customer gets to your sales team you are secure.
MyCloudPayment ensures 100% of all customer transactions are PCI-DSS compliant. Our e-commerce platform is agnostic, so it does not care what contact centre you have or what methods customers might use to jump the queue. It simply removes all sensitive data from the merchant environment whilst still allowing the agent to control the call.
See all the features and benefits here or see for yourself and arrange a demonstration with us below.
Providing hosted inbound, outbound and full omni channel contact centre solutions for the small to medium enterprise market.
Part of the ccEvolution group of companies