With the increased number and intelligence of fraud and cyber-attacks, it has become relatively easy for hackers and other external parties to gain access to sensitive information that your company may be handling, if it is not correctly protected.
Many call centres are at high risk of security breaches, because they often store large amounts of recorded calls for extended periods of time (for example, the legal minimum in the banking sector is 5 years). These call recordings usually contain extremely sensitive information, such as customer ID numbers, personal details, and even credit card numbers. With data compliance laws like POPI and GDPR gaining momentum, it’s important for anyone running a call centre to know that the call centre is the entity responsible for protecting this data, and the call centre who may be held liable for any clients’ information being stolen or misused.
What you need to know about PCI Compliance
The most important factor regarding PCI DSS compliance is that companies take a holistic approach, and assess all areas of their organisation that may be susceptible to security breaches. Companies need to make sure that their physical and digital infrastructures are secured and that sufficient compliance audits have been done.
It’s key to understand that while there are various factors that organisations need to adhere to, to be truly PCI DSS compliant, it’s vital to put these processes in place. Because the impact these processes have on your operations is far outweighed by the risk of getting caught not securing your data.
Another aspect to be aware of is that blanking out sensitive information and simply storing recordings of calls is not sufficient for compliance. Some call centres have the majority of their call recordings done via applications which are not fully secure. These unsafe applications store information as raw WAV files and leave them unencrypted. This allows any individual who has a decent audio-playing software to listen to the recordings, potentially gaining access to sensitive information (such as people's banking and personal data).
This is why PCI DSS compliance is so important for any business that creates, processes, and stores sensitive digital information. The below checklist aims to educate the communications industry about PCI compliance, and includes all of the tasks and measures you’ll need to be considered compliant.
The 12-Point PCI Compliance Checklist
Staying compliant in a fast evolving technology space can become a bit overwhelming. The PCI SSC’s quick reference guide to PCI compliance has insightful information that we find helpful. To make life easier for you, we’ve created the below checklist which expands on the points they talk to and highlights what is legally mandated.
Click here or below to get a copy of this checklist emailed to your inbox.
Those are the most basic steps to follow to ensure that you and your company are PCI compliant, but what is vital, is that companies take a holistic approach to security and understand the true importance of being PCI compliant.
If you want to stay up to date with the latest PCI policy news (which we recommend you do) take a look at the PCI Security Standards Council website, who are, “a global forum for the industry to come together to develop, enhance, disseminate and assist with the understanding of security standards for payment account security”.
How can you get PCI Compliant right now?
We recommend you use a telephony solutions provider who will implement an audit that assesses the security infrastructure of the company. This includes training employees on how to maintain access rights to information and mask sensitive information, as well as how to make sure that all internal safety measures are kept updated. Companies don't necessarily need a large budget to become PCI compliant, as there are many things that can be done internally to make sure that the information they handle is safe.
Above all, the best way to ensure you chase PCI compliance whole-heartedly is to understand the business benefits that come along with it. Not only does being PCI compliant safeguard you and your customers from potential harm, it also encourages your customers’ trust. Being PCI compliant it means that any customer data you handle is treated securely, which gives your customers peace of mind when dealing with your company.
Need some help convincing your organisation to implement PCI compliance? Download our IT Manager’s Guide for expert advice on implementing your telephony solutions.