Titanic differences in de-scoping vendors
It’s relatively easy to spot an iceberg floating in the ocean. But it’s impossible to know just how massive it is without diving deep into the water.
Similar hidden dangers exist in the PCI DSS compliance market. There may be providers or compliance solutions that offer to secure your payments and give you broad promises about de-scoping, but their solutions only tackle surface-level threats and often rely on compensating controls. And that’s just the tip of the iceberg. The real dangers to your contact centre lurk deep beneath the surface, in the areas that most vendors are incapable of protecting.
In other words, you may have paid for de-scoping but get stuck with de-risking.
The dangers of de-risking
By using a de-risking strategy to achieve PCI DSS compliance, which often includes a number of compensating controls which may soon be deemed unacceptable, you allow sensitive data to continue to flow through crucial parts of your contact centre.
Only by completely removing the data from your environment (full de-scoping) can you be sure that your contact centre is as safe as possible.
The difference between de-risking and de-scoping can have significant implications for merchants, and these implications aren’t always clear when you choose an approach.
On average, UK contact centres use three different PCI DSS solutions to maintain compliance.
A multi-solution approach offers some form of de-risking, but not full de-scoping. You might be investing time, money and effort in an unreliable system that still leaves you exposed. Ineffective solutions can include:
Don’t let de-risking sink your contact centre
There’s only one solution that truly removes the contact centre environment from the scope of PCI DSS compliance. You need a hosted solution like CallGuard from Eckoh which will fully protect your contact centre by preventing customer card data from entering in the first place. If there’s nothing there, there’s nothing to steal.
Publish Date: June 2, 2020 4:13 PM
Securing payments for on-premise or remote agents for telephone, IVR, web, mobile, Chat and Chatbot.
A patented technology that is flexible way to take secure, PCI DSS compliant payments via live agents over the telephone, web, Chat, Chatbot, or IVR. No sensitive data enters the contact centre environment so, agents do not see, hear, store or record any card or personal details.
CallGuard can be deployed in various ways to fit the way your contact centre works. The solution can de-scope all, or parts, of your contact centre from the scope of PCI DSS compliance and works just as well for on-premise or home/remote working agents.
ChatGuard makes payments in Chat PCI DSS compliant and...
PH: 01442 458300
|Contact centre resilience – 5 lessons learned from COVID-19||June 16, 2020 5:26 PM|
|How to make remote working secure||June 2, 2020 4:26 PM|
|Self-Service - what's in it for me?||June 2, 2020 4:22 PM|
|How can I avoid storing card data when taking payments?||June 2, 2020 4:16 PM|
|Your PCI DSS compliance – can you see the hidden threats||June 2, 2020 4:13 PM|
|Are your callers trapped inside the IVR that time forgot?||August 9, 2016 5:00 AM|
|Fine Tuning Your IVR Can Win You Customers||July 28, 2016 5:00 AM|
|What to do — if your IVR behaves badly?||July 14, 2016 5:00 AM|
|Should we use Pause-and-resume call recording to meet PCI Compliance?||May 4, 2016 5:00 AM|
|It’s true- IVR Systems don’t have to be frustrating||March 30, 2016 5:00 AM|