Every contact centre that accepts credit and debit card payments over the telephone needs to be PCI DSS (Payment Card Industry Data Security Standard) compliant. However the process of becoming and staying compliant can be hugely expensive. The interpretation of the 258 controls often results in confusion and conflicting advice from PCI Qualified Security Assessors (QSAs).
Information about the "dos" and "don’ts" of PCI DSS and its cost and impact on every day business processes can often result in companies putting off the process or self-certifying unaware of the risks should they then suffer card data loss. For many once PCI DSS has been achieved the expense in time and resource leaves them with very little to show or to shout about.
The answer is to wise up on what compliance really means and what the responsibilities really are. PCI DSS covers a great many areas and touches almost every aspect of an organisation’s operations. Compliance in the contact centre should address risk and be achievable for a sensible and realistic cost. To understand the practices for each of the 258 boxes that should be ticked takes detailed knowledge; however, looking at the key vulnerabilities, namely staff and the choice of third party payments supplier, will result in large reductions in both PCI DSS scope and the price of securing your customers’ valuable information.
There is no such thing as a PCI DSS compliant solution
Solution providers can make the mistake of marketing their products as "PCI DSS Compliant" – there is no such thing. It is correct, however, to state that a given solution can help achieve compliance. Any third party payment service provider needs to be able to prove it is PCI DSS compliant. This is because the overall contractual obligation of compliance is always between the merchant and their merchant bank. So the third-party organisation which may include outsourced contact centres, payment service providers or collections companies will not get fined in the event of a breach that results in card data loss or fraud. The buck stops with the merchant.
Get smarter – chose the right payment solution for customer demographics
No one payment solution fits all. Different people prefer different methods of payment. A younger tech-savvy demographic may be happy with mobile payments while more mature customers may prefer to speak to an agent. Therefore think of customer demographics and select a payment solution to suit. This usually results in a requirement for multiple payment methods being implemented but has the overall benefit of reducing frustration felt by customers that would have otherwise been forced to use a payment service they’re not comfortable with.
Continuous authorised payments (also known as recurring payments) can help to reduce the scope and cost of PCI DSS compliance audits. Once an initial transaction is verified the card used becomes trusted and any repeat uses will not require details to be taken again. On average 40% of customers will opt to have their card details stored for future use. However, there may not always be funds available on the stored card and therefore payments can be declined. Some suppliers, such as Encoded, have a Tokenisation feature to enable card holders to validate and amend stored cards when something goes wrong; avoiding fines, fees and interest charges by self-managing the details held on file.
Tokenisation, recurring and stored card payment solutions mean that organisations with contact centres can vastly reduce the scope of their PCI DSS audits. Tokens can only be used through specific payment gateways and if they are stolen or written down then the Token is completely useless to anyone outside the payment environment. So take the time to wise up on PCI DSS and save money.
About Encoded Ltd.:
Encoded provides interactive voice response solutions and automated payment solutions. Encoded has invested in achieving the highest level of PCI DSS compliance. It has a Level 1 Attestation of Compliance (AOC) which applies to organisations that store, process and/or transmit more than 300,000 Visa transactions per year it also appears on the Visa Europe Merchant Agents List.
Published: Friday, February 20, 2015
ASC Recording Insights and neo
ASC Recording Insights guarantees legally compliant recording and analysis of all communication channels in Microsoft Teams - including audio calls (internal and external calls), chat conversations and video meetings.
neo Recording, QM & Analytics address all enterprises with recording needs, especially contact centers. The content of communication becomes accessible and critical information and trends are revealed, providing real-time business intelligence for immediate management action.
Microsoft Teams Cloud Recording Service
Geomant offers a fully managed recording service for those organisations who need to address compliance or quality management while working on Teams. The Service utilises Verint’s market leading recording technology and is hosted by Geomant in Microsoft Azure. Our managed service approach is unique in that it allows organisations to benefit from advanced recording features, all while being free from any technical infrastructure or maintenance requirements that come with a traditional on-premises set up.
|4.)||Lieber & Associates|
Recording System Consulting
L&A provides vendor-independent consulting services to select, contract for, test, and implement contact center recording systems. The firm's consultants specialize in contact center I.T. and have several decades of experience each with all major and many smaller makers of phone and call recording systems.
MiaRec Call Recording
MiaRec's compliant, secure, and reliable Call Recording software is the foundation of our Customer & Workforce Engagement Platform.. MiaRec Call Recording seamlessly integrates with MiaRec Agent Evaluation & Scoring, Live Monitoring, Voice Analytics, Screen Capture, and Advanced Reporting to provide a comprehensive solution you can trust.
Numonix's IXCloud is one of the first fully managed compliance recording solutions for Microsoft Teams. IXCloud securely records, stores and analyzes interactions in the cloud without physical or virtual servers. As a fully managed Azure-based, Software-as-a-Service cloud interaction recording solution, IXCloud takes interaction capture into the future. It enables instant and elastic scalability to support business growth and provides the necessary tools to enhance business performance while maintaining compliance. IXCloud redefines versatility with its OpenAPI framework that enables application development. Companies and third-party developers benefit from IXCloud native capture technology, whether it be integrating with internal systems or building a third-party application.
Enterprise recording management for storage, retrieval, playback, and monitoring communications throughout your contact center.
Record screen activity and calls across agent workstations, measure and monitor quality levels across all campaigns and analyze recordings to capture first-hand customer data and requirements.
Easly access all recordings and critical information to provide improved customer experience, sales, and productivity!
Oreka TR total recorder includes all of the call recording capabilities you will need, at about half the cost of competing for call recorder solutions, including screen recording, mobile phone recording, live monitoring, on-demand recording, multi-tenancy, multi-site recording, audit trail, call exporting, retention management, auto-tagging (for speech analytics and phrase spotting) and so much more.
Call recording solution fully integrate to all main pbx solutions.
|10.)||Teckinfo Solutions Pvt. Ltd.|
InterDialog UCCS enables organizations to adhere to all compliances with its inbuilt call recording software and also has an option for screen recording. With centralized repository of all voice logs, its easy to maintain & retrieve all voice files and have a central control in case of multiple branches set up.