How Are UK Call Centres Managing PCI Compliance Issues?
What is PCI compliance?
The Payment Card Industry Security Standards Council (PCI SSC) was formed in September 2006 with the purpose of improving the security of credit / debit card information throughout the process of a card transaction. The Payment Card Industry Security Standards Council are responsible for application and management of the Payment Card Industry Data Security Standard, which is the standards and requirements that are used to ensure that all organisations that process, store, or transmit their customers’ card information, do so in a secure environment. PCI compliance applies to any organisation that processes payment via credit or debit card, regardless of their size.
The Importance of PCI compliance to Call Centres
It has become very common to hear in the press about security breaches of some of the largest companies in the world, and if organisations of this scale can have their security breached, the importance of PCI compliance can’t be emphasised enough – particularly due to the fact that most call centres process financial transactions on a large scale. When you add this reasoning, the fact that fines of up to &250,000 can be enforced against organisations for each breach, the reasons for your call centre becoming PCI compliant become extremely compelling.
How Are Call Centres Managing PCI Compliance Issues?
The level of PCI Compliance and the steps that must be taken by an organisation to ensure that they are PCI compliant will typically depend on the amount of transactions that are processed annually by the organisation in question. However, there are occasions where an account data compromise result in a merchant being escalated to a higher validation level. The validation levels, and the validation requirements of the typical call centres are as follows:
Merchants processing over 6 million Visa transactions annually, or Global merchants identified as Level 1 by any Visa region.
The Validation Requirements for level 1 merchants are an annual report on compliance by a qualified security assessor, or an internal auditor if signed by an officer of the company. In addition to this, there must be a quarterly network scan by an approved scan vendor, and a Attestation of Compliance Form.
Merchants processing 1 million to 6 million Visa transactions annually.
The Validation Requirements for level 2 merchants are an annual self assessment questionnaire, a quarterly scan by an approved scan vendor, and an Attestation of Compliance Form.
Overall, the measures required by call centres to manage PCI compliance issues will depend largely on the merchant level that they operate based on the Visa Standards specified above. As you can see from the validation requirements specified for each merchant level, there are provisions and guidelines to assist contact centres in becoming PCI compliant, and should a call centre not have the expertise or resources required to become PCI compliant, there are many approved organisations that are available to assist.