Cookie Preference Centre

Your Privacy
Strictly Necessary Cookies
Performance Cookies
Functional Cookies
Targeting Cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences, your device or used to make the site work as you expect it to. The information does not usually identify you directly, but it can give you a more personalized web experience. You can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, you should know that blocking some types of cookies may impact your experience on the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work then.

Cookies used

Performance Cookies

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.

Cookies used

Google Analytics

Functional Cookies

These cookies allow the provision of enhance functionality and personalization, such as videos and live chats. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these functionalities may not function properly.

Cookies used




Targeting Cookies

These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. They work by uniquely identifying your browser and device. If you do not allow these cookies, you will not experience our targeted advertising across different websites.

Cookies used


This site uses cookies and other tracking technologies to assist with navigation and your ability to provide feedback, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties


Here are some suggested Connections for you! - Log in to start networking.

Article : New Customer Payment Options Take the Headache out of PCI DSS Compliance for Contact Centres

#contactcenterworld, @CirrusResponse

With card fraud and identify theft continuing to hit the headlines, Jason Roos, CEO of Cirrus, discusses how call centres can navigate the options to ensure both PCI DSS compliance and the best possible customer experience

Data breaches continue to challenge and cost businesses

In today’s increasingly cashless society, customers rely more and more on using credit and debit cards for payments. Whether buying goods online or paying bills over the phone, they happily relay accounts and credit card details to a contact centre agent without a second thought, trusting that the company that they are dealing with will manage their card data securely. But how secure are they?

According to UK Finance (the collective voice for the UK banking and finance industry representing more than 250 firms across the industry), the theft of personal and financial data through social scams and data breaches was a major contributor to fraud losses in 2018.

In fact, in 2018 data breaches involving just three well-known brands are reported to have resulted in the attempted compromise of around 6.3 million payment card details. The Information Commissioner’s Office (ICO) reports that during the second quarter of 2018/19, there was a total of 4,056 data security incidents. Worryingly, information stolen through a data breach can be used for months - or even years - after the event.

Sponsor message - content continues below this message

2022 '17th annual' Global Contact Center World Awards NOW OPEN

Enter your Center, Strategy, Technology Innovation, Teams and Individuals into the ONLY TRULY GLOBAL awards program - regarded by many as being like the Olympics for the Contact Center World! Join the best from over 80 nations and compete for the most prestigious awards out there!


Content continues ….

PCI DSS compliance – the challenges

Card fraud is a threat that the finance industry cannot tackle alone, which means that it is the responsibility of all companies in the chain to take preventative measures and secure data. If a business loses a customer’s card data i.e. suffers a data breach and is not PCI DSS compliant, they could incur fines for the data and be liable for the costs of fraud incurred and those associated with replacing the accounts. Not to mention the reputational damage that may mean losing even its most loyal customers.

Yet for many businesses, compliance means expense and changes to IT infrastructure that they can ill afford. According to Verizon’s 2019 Payment Security Report, (PSR) there has been a negative trend globally for companies reporting full compliance with PCI DSS. Assessments from other Qualified Security Assessor (QSA) companies also show lower full compliance. Since 2008, Verizon has tracked the percentage of organisations that achieve PCI DSS compliance, and noted in previous editions of the PSRs, that it has varied from a low of 11.1% in 2012 to a high of 55.4% in 2016 and dipping well below 40% (36.7%) in 2018.

While these statistics show improvement, when the PCI Security Standards Council first published the PCI DSS in 2004, it was expected that organizations would achieve effective and sustainable compliance within about five years. Today, less than half maintain programs that prevent PCI DSS security controls from falling out of place within a few months after meeting formal compliance requirements.

One size does not fit all

Depending on the merchant level (i.e. how many card payments are taken), businesses can either self-certify PCI compliance or use a Qualified Security Assessor (QSA) who is accredited by the PCI SSC. Only Level 1 merchants with over 6 million transactions per year or who are a ‘Compromised Entity’ (having experienced attacks before) must have an annual on-site QSA audit rather than one of the self-assessment questionnaires (SAQs) now available in current PCI DSS standards.

Recognising that one size did not fit all, and that smaller and less at-risk companies should not have to complete the same list of requirements as a large multinational, the recent PCI DSS 3.0 Standard has also introduced a number of different types of SAQ (a list and explanation of each SAQ is available from the PCI Security Standards Council). . Many contact centres do not require a full audit with a QSA and self-assessment questionnaires are becoming far more popular.

The view from the contact centre

The need for many contact centres to record calls, for security and training purposes, makes protecting the data more difficult. There is no single right way to handle payments in order to be PCI-DSS compliant, but companies can meet the security levels required by achieving compliance.

There are many methods available that contact centres can employ to prevent card fraud and technology plays an important part in these practices, however, it can be a complex and costly technical process to set up and follow. To reduce these costs and comply with the standards, many organisation’s call centres choose to minimise (often called ‘de-scoping’) or eliminate altogether the customer card data that they hold in their systems. Not holding on to data reduces the risk that customers will be affected by fraud.

Offering different payment options means checking every possible area of security exposure in the payment process. The latest UK Contact Centre Decision-Makers’ Guide (DMG) published by analyst ContactBabel, outlined eleven different ways in which contact centres currently attempt to reduce card fraud. Ranging from technology solutions to physical methods such as clean rooms, where pens, paper and mobiles are prohibited, different ways of processing card payments have their pros and cons:

  • offering pause and resume - or ‘stop-start’ recording, preventing sensitive and confidential data from entering the call recording environment. Cheaper to implement than almost any other option, it offers high levels of customer service but is inherently unreliable and depends on agent compliance with the process.

  • having ‘clean rooms’ (where nothing can be written and no paperwork is allowed on desks) or having dedicated payment teams means agents can sometimes be underutilised or queues can form waiting to make payments, but they do provide the best customer experience. However, they are not considered a particularly pleasant working environment and can be expensive to operate.

  • implementing an Interactive Voice Response (IVR) Payments system is an option that is often used by large contact centres. An automated IVR process takes card details from the customer, cutting the agent risk out of the loop entirely. However, the card data is still within the organisation’s network, so although this approach takes the agent out of scope, it does not in itself ensure PCI compliance, and is a cumbersome user experience.

  • using a third party provider to handle data that is PCI-DSS compliant means that no cardholder data is passed into the contact centre environment, whether infrastructure, agents or storage. As such, this can de-scope the entire contact centre from PCI compliance, but does rely on the security processes and operational effectiveness of the service provider.

New ways to pay with digital channels are ringing the changes

There are also recent new ways to pay that make it even easier for customers. As an example, Cirrus’ new LinkPay+ service (a partnership with Semafone) sends the customer a secure payment link, via any digital channel (such as web chat, WhatsApp, SMS, Facebook Messenger etc.), while they are on the phone or conversing with the contact centre agent or bot using these digital channels. Customers entering card details in a web chat is high risk – in a contact centre quality assessors, team leaders and tech support people could all look up the history of chats and potentially pull out credit card details.

Providing a service like LinkPay+ means the customer can enter their card details on a secure website page with confidence. The agent or bot on the call doesn’t see the card information, but sees a checklist of the steps completed. This means the purchase can be completed during the call or chat, saving the customer the hassle of ringing a different number or visiting a website (with the risk of losing the sale). It’s more convenient for the customer than entering card details over the phone using the keypad and help and advice can be given while on the phone or online.

There are also plans in the future for this technology to tie up with Apple Pay and Google Pay, which will make it even easier for customer to pay securely and confident that they are protected from card fraud.

Being compliant with PCI DSS means that companies are doing their best to keep customers valuable information safe and secure and out of the hands of people who could use that data in a fraudulent way. At the end of the day the responsibility for compliance lies with the merchant - the key is to choose the right technology solution that fits the organisation and delivers the best possible customer experience.

#contactcenterworld, @CirrusResponse

About Jason Roos:
Jason Roos is CEO of Cirrus

About Cirrus Response:
Company LogoCirrus is a provider of omni-channel cloud Contact Center Solutions (CCaaS) and IPT telephony, with over 10 years’ experience of using the best technology to deliver business outcomes and effortless customer experiences. Modern technology and a team that has many years of experience working in and around the Contact Center and IPT environment, provides a recipe for business transformational success. With a true cloud infrastructure, Cirrus operates on a true real-time basis with unlimited scalability and the highest level of resilience and security. We can help you leverage the best AI solution available to deliver an awesome experience for your customers; getting better results for less cost. At the point you want to introduce agents into the customer journey, Cirrus then brings contact from voice, email, web, SMS, video, social, Messenger, WhatsApp, app store reviews, YouTube and more into a simple view that your advisors will love.
Company RSS Feed   Company Facebook   Company Twitter   Company LinkedIn   Company Profile Page

Today's Tip of the Day - Season Greetings

Read today's tip or listen to it on podcast.

Published: Wednesday, December 18, 2019

Printer Friendly Version Printer friendly version

2021 Buyers Guide Business Continuity


CallGuard Remote
A flexible way to take secure, PCI DSS compliant payments from home or remote locations. It’s quick to deploy needs no changes to processes or systems.

CallGuard Remote prevents agents from seeing, hearing or recording card details so, the agent, their screen, and any call recordings are removed from the scope of PCI DSS.

This simple approach means the customer effectively types their own payment information into the agent’s payment screen, but with the card details being shielded from the agent’s view. It’s simple, and highly effective.

OpsTel Services

The SPEED solution solves for service level issues while cost optimizing the environment with automation.

Provides an enhanced way to speed up & optimize invoking temporary agent skills configuration changes into the contact center environment.

Speed allows you to schedule both future changes & temporary changes that auto-revert back to the original state when scheduled time expires.

Speed features:

*Automated / Scheduled Temporary Agent Skills Configuration Management
*Immediate Temporary or Reoccurring Schedule Skills Configuration Changes
*Easy to Use/Operations Administration Focused
*Descriptive Monitoring Activity Dashboard
*Detailed “End to End’ Audit Trail and Perfor...
(read more)


VADS Business Continuity Plan
VADS provides a business continuity plan by providing full outsource services and manage services. we've provided this to several clients. You can contact us for a detailed study case.

Teckinfo Solutions Pvt. Ltd.

InterDialog UCCS
Adapting to the new normal contact center industry has to be ready for work from anywhere agents to maintain business continuity. Even when working from remote locations, the work from home agents or remote agents need to be monitored for smooth customer service operations or effective tele sales.

InterDialog UCCS with its work from home agent ready call center software helps you to have complete control over your contact center operations. Agents can log in from any where , home, office or any other place where they are through their mobile phone or desktop , or even through our ID mobile app . With centralized recording & reporting , you gain visibility of all contact center metrics , and you can manage your center the same way as you were doing when working from office.

About us - in 60 seconds!

Industry Champion Award Leaderboard

Most active award (top 10) entrants in the past 48 hours! - Vote for Others / About Program
Submit Event

Upcoming Events

The most important day of the year for the CC & CX industry in the world!

We are proud to announce the winners of The 2022 '17th Annual' Global Top Ranking Performers Awards, The World's Most Prestigious Awards in the industry! Read More...

Newsletter Registration

Please check to agree to be placed on the eNewsletter mailing list.

Latest Americas Newsletter
both ids empty
session userid =
session UserTempID =
session adminlevel =
session blnTempHelpChatShow =
session cookie set = True
session page-view-total = 1
session page-view-total = 1
applicaiton blnAwardsClosed =
session blnCompletedAwardInterestPopup =
session blnCheckNewsletterInterestPopup =
session blnCompletedNewsletterInterestPopup =