GoResponse Telephone Answering Service Staff

How to successfully plan a PCI DSS programme

purchases are in the internetIn December 2004, the first draft of the Payment Card Industry Data Security Standard (PCI DSS) first appeared. Despite coming into effect more than a decade ago, plenty of misinformation and confusion about it remains. The PCI DSS applies for all call centres that take card transactions, regardless the size of the business.

In addition, the standard needs to be applied across the entire trading environment for compliance to be met, meaning that all vendors and third parties handling card data need to be included. Setting up a PCI DSS programme is, therefore, extremely important.

For telephone answering services, PCI DSS covers a wide variety of areas. Compliance needs to address all the potential risks whilst remaining at an achievable cost. It sounds daunting, especially considering there are 300 controls that surround sensitive card data in a bid to protect firms and consumers against security attacks.

Understanding each of these controls often requires a specialist, but call centres can also look at key vulnerabilities, such as third-party payments suppliers and employees. By actively working to reduce potential threats from these areas, companies can reduce both the scope of PCI DSS and the expenses required to keep consumer data safe. For example, some firms might like to use a tokenisation system of storing recurring card data. Because data is not stored within a database, the risk of hacking is reduced, thereby lowering the scope of PCI DSS audits.

Reducing the scope of PCI DSS requirements can be an ideal way to plan a successful programme. This not only reduces overall risk, but it can also help call centres bring down their expenses.

award winning