Cookie Preference Centre

Your Privacy
Strictly Necessary Cookies
Performance Cookies
Functional Cookies
Targeting Cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences, your device or used to make the site work as you expect it to. The information does not usually identify you directly, but it can give you a more personalized web experience. You can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, you should know that blocking some types of cookies may impact your experience on the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work then.

Cookies used

Performance Cookies

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.

Cookies used

Google Analytics

Functional Cookies

These cookies allow the provision of enhance functionality and personalization, such as videos and live chats. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these functionalities may not function properly.

Cookies used




Targeting Cookies

These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. They work by uniquely identifying your browser and device. If you do not allow these cookies, you will not experience our targeted advertising across different websites.

Cookies used


This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties


Here are some suggested Connections for you! - Log in to start networking.

Article : New Customer Payment Options Take the Headache out of PCI DSS Compliance for Contact Centres

#contactcenterworld, @CirrusResponse

With card fraud and identify theft continuing to hit the headlines, Jason Roos, CEO of Cirrus, discusses how call centres can navigate the options to ensure both PCI DSS compliance and the best possible customer experience

Data breaches continue to challenge and cost businesses

In today’s increasingly cashless society, customers rely more and more on using credit and debit cards for payments. Whether buying goods online or paying bills over the phone, they happily relay accounts and credit card details to a contact centre agent without a second thought, trusting that the company that they are dealing with will manage their card data securely. But how secure are they?

According to UK Finance (the collective voice for the UK banking and finance industry representing more than 250 firms across the industry), the theft of personal and financial data through social scams and data breaches was a major contributor to fraud losses in 2018.

In fact, in 2018 data breaches involving just three well-known brands are reported to have resulted in the attempted compromise of around 6.3 million payment card details. The Information Commissioner’s Office (ICO) reports that during the second quarter of 2018/19, there was a total of 4,056 data security incidents. Worryingly, information stolen through a data breach can be used for months - or even years - after the event.

PCI DSS compliance – the challenges

Card fraud is a threat that the finance industry cannot tackle alone, which means that it is the responsibility of all companies in the chain to take preventative measures and secure data. If a business loses a customer’s card data i.e. suffers a data breach and is not PCI DSS compliant, they could incur fines for the data and be liable for the costs of fraud incurred and those associated with replacing the accounts. Not to mention the reputational damage that may mean losing even its most loyal customers.

Yet for many businesses, compliance means expense and changes to IT infrastructure that they can ill afford. According to Verizon’s 2019 Payment Security Report, (PSR) there has been a negative trend globally for companies reporting full compliance with PCI DSS. Assessments from other Qualified Security Assessor (QSA) companies also show lower full compliance. Since 2008, Verizon has tracked the percentage of organisations that achieve PCI DSS compliance, and noted in previous editions of the PSRs, that it has varied from a low of 11.1% in 2012 to a high of 55.4% in 2016 and dipping well below 40% (36.7%) in 2018.

While these statistics show improvement, when the PCI Security Standards Council first published the PCI DSS in 2004, it was expected that organizations would achieve effective and sustainable compliance within about five years. Today, less than half maintain programs that prevent PCI DSS security controls from falling out of place within a few months after meeting formal compliance requirements.

One size does not fit all

Depending on the merchant level (i.e. how many card payments are taken), businesses can either self-certify PCI compliance or use a Qualified Security Assessor (QSA) who is accredited by the PCI SSC. Only Level 1 merchants with over 6 million transactions per year or who are a ‘Compromised Entity’ (having experienced attacks before) must have an annual on-site QSA audit rather than one of the self-assessment questionnaires (SAQs) now available in current PCI DSS standards.

Recognising that one size did not fit all, and that smaller and less at-risk companies should not have to complete the same list of requirements as a large multinational, the recent PCI DSS 3.0 Standard has also introduced a number of different types of SAQ (a list and explanation of each SAQ is available from the PCI Security Standards Council). . Many contact centres do not require a full audit with a QSA and self-assessment questionnaires are becoming far more popular.

The view from the contact centre

The need for many contact centres to record calls, for security and training purposes, makes protecting the data more difficult. There is no single right way to handle payments in order to be PCI-DSS compliant, but companies can meet the security levels required by achieving compliance.

There are many methods available that contact centres can employ to prevent card fraud and technology plays an important part in these practices, however, it can be a complex and costly technical process to set up and follow. To reduce these costs and comply with the standards, many organisation’s call centres choose to minimise (often called ‘de-scoping’) or eliminate altogether the customer card data that they hold in their systems. Not holding on to data reduces the risk that customers will be affected by fraud.

Offering different payment options means checking every possible area of security exposure in the payment process. The latest UK Contact Centre Decision-Makers’ Guide (DMG) published by analyst ContactBabel, outlined eleven different ways in which contact centres currently attempt to reduce card fraud. Ranging from technology solutions to physical methods such as clean rooms, where pens, paper and mobiles are prohibited, different ways of processing card payments have their pros and cons:

  • offering pause and resume - or ‘stop-start’ recording, preventing sensitive and confidential data from entering the call recording environment. Cheaper to implement than almost any other option, it offers high levels of customer service but is inherently unreliable and depends on agent compliance with the process.

  • having ‘clean rooms’ (where nothing can be written and no paperwork is allowed on desks) or having dedicated payment teams means agents can sometimes be underutilised or queues can form waiting to make payments, but they do provide the best customer experience. However, they are not considered a particularly pleasant working environment and can be expensive to operate.

  • implementing an Interactive Voice Response (IVR) Payments system is an option that is often used by large contact centres. An automated IVR process takes card details from the customer, cutting the agent risk out of the loop entirely. However, the card data is still within the organisation’s network, so although this approach takes the agent out of scope, it does not in itself ensure PCI compliance, and is a cumbersome user experience.

  • using a third party provider to handle data that is PCI-DSS compliant means that no cardholder data is passed into the contact centre environment, whether infrastructure, agents or storage. As such, this can de-scope the entire contact centre from PCI compliance, but does rely on the security processes and operational effectiveness of the service provider.

New ways to pay with digital channels are ringing the changes

There are also recent new ways to pay that make it even easier for customers. As an example, Cirrus’ new LinkPay+ service (a partnership with Semafone) sends the customer a secure payment link, via any digital channel (such as web chat, WhatsApp, SMS, Facebook Messenger etc.), while they are on the phone or conversing with the contact centre agent or bot using these digital channels. Customers entering card details in a web chat is high risk – in a contact centre quality assessors, team leaders and tech support people could all look up the history of chats and potentially pull out credit card details.

Providing a service like LinkPay+ means the customer can enter their card details on a secure website page with confidence. The agent or bot on the call doesn’t see the card information, but sees a checklist of the steps completed. This means the purchase can be completed during the call or chat, saving the customer the hassle of ringing a different number or visiting a website (with the risk of losing the sale). It’s more convenient for the customer than entering card details over the phone using the keypad and help and advice can be given while on the phone or online.

There are also plans in the future for this technology to tie up with Apple Pay and Google Pay, which will make it even easier for customer to pay securely and confident that they are protected from card fraud.

Being compliant with PCI DSS means that companies are doing their best to keep customers valuable information safe and secure and out of the hands of people who could use that data in a fraudulent way. At the end of the day the responsibility for compliance lies with the merchant - the key is to choose the right technology solution that fits the organisation and delivers the best possible customer experience.

#contactcenterworld, @CirrusResponse

About Jason Roos:
Jason Roos is CEO of Cirrus

About Cirrus Response:
Company LogoCirrus is a provider of omni-channel cloud Contact Center Solutions (CCaaS) and IPT telephony, with over 10 years’ experience of using the best technology to deliver business outcomes and effortless customer experiences. Modern technology and a team that has many years of experience working in and around the Contact Center and IPT environment, provides a recipe for business transformational success. With a true cloud infrastructure, Cirrus operates on a true real-time basis with unlimited scalability and the highest level of resilience and security. We can help you leverage the best AI solution available to deliver an awesome experience for your customers; getting better results for less cost. At the point you want to introduce agents into the customer journey, Cirrus then brings contact from voice, email, web, SMS, video, social, Messenger, WhatsApp, app store reviews, YouTube and more into a simple view that your advisors will love.
Company RSS Feed   Company Facebook   Company Twitter   Company LinkedIn   Company Profile Page

Today's Tip of the Day - Build In Training Time

Read today's tip or listen to it on podcast.

Published: Wednesday, December 18, 2019

Printer Friendly Version Printer friendly version

2023 Buyers Guide Automation

1.) Agara

Agara is an autonomous virtual voice agent powered by Real-time Voice AI. It is designed to have intelligent conversations with your customers, vendors, and partners without any assistance from human agents. It can handle a wide variety of calls including inbound customer care calls, outbound lead generation calls, appointment scheduling calls, and overdue payment recovery calls.

Agara is available for several industries including banking, insurance, retail, e-commerce, airlines, and telecom. Powered by advanced Real-time Voice AI that understands speech in real-time, automatically determines the right process to follow and guides the caller along in the process with natural conversation.


EVA Voice Biometrics
Powered by Auraya's patented ArmorVox engine, EVA is a voice biometric extension that provides secure and seamless identification & verification capabilities for Amazon Connect. EVA provides delightful customer experience by removing the friction of providing PINs, passwords or secret information in order to prove caller identity. EVA comes standard with active and passive modes and a simple yet powerful agent interface. This allows for personalised self-service and a more friendly and efficient experience when interacting with an agent.

Outdated security methods such as PINs, passwords and security questions have become insecure and unreliable. Forgetting passwords and security answers o...
(read more)

Call Adapt

Soundboard Software
Call Adapt is a cloud-based digital soundboard application designed for contact centers. It works with any type of call and integrates with your existing dialer system. Powered by smart audio technology, Call Adapt gives your agents the ability to converse with customers in real time using programmed keyboard shortcuts. The result is perfect pitch delivery and less time spent on repetitive tasks.


Cognigy is a global leader in Conversational AI Automation. Its platform, Cognigy.AI, enables enterprises to automate customer and employee communications using intelligent voice and chatbots

Consilium Software

Consilium UniCloud™
UniCloud™ is an intuitive platform that allows Enterprises to deploy and manage their Unified Communication (UC) and Contact Center (CC) services with ease and entire provisioning can be completed in seconds using this comprehensive tool supporting digital transformation. The latest release 7.0 of UniCloud™ is a multi-tenant platform that transforms the delivery, management, and integration of collaboration and contact center solutions, for both Cloud and On-Premise deployment models.
With its single-pane-of-glass views and quick provisioning tool, UniCloud™ is instrumental in reducing the time to provision an entire multi-cluster Cisco collaboration platform, including contact centers (C...
(read more)

eGain Corporation

eGain Solve
Proven, Easy, and Guided Journey to Automate Customer Engagement in a Digital+AI World


Automated Language Testing
Emmersion offers automated assessments to quickly and accurately test speaking, writing, and grammar fluency in 9 languages and counting. We help contact centers improve CSAT scores by screening for top talent and retaining top performers.

OpsTel Services

The SPEED solution solves for service level issues while cost optimizing the environment with automation.

Provides an enhanced way to speed up & optimize invoking temporary agent skills configuration changes into the contact center environment.

Speed allows you to schedule both future changes & temporary changes that auto-revert back to the original state when scheduled time expires.

Speed features:

*Automated / Scheduled Temporary Agent Skills Configuration Management
*Immediate Temporary or Reoccurring Schedule Skills Configuration Changes
*Easy to Use/Operations Administration Focused
*Descriptive Monitoring Activity Dashboard
*Detailed “End to End’ Audit Trail and Perfor...
(read more)

About us - in 60 seconds!

Submit Event

Upcoming Events

Europe's leading call & contact center event is now arriving at the U.S., showcasing the latest and most effective technologies, strategies and advancements to industry professionals who are looking to excel in the customer engagement world!

Disco... Read More...

Newsletter Registration

Please check to agree to be placed on the eNewsletter mailing list.

Latest Americas Newsletter
both ids empty
session userid =
session UserTempID =
session adminlevel =
session blnTempHelpChatShow =
session cookie set = True
session page-view-total = 1
session page-view-total = 1
applicaiton blnAwardsClosed =
session blnCompletedAwardInterestPopup =
session blnCheckNewsletterInterestPopup =
session blnCompletedNewsletterInterestPopup =