GoResponse Telephone Answering Service Staff

Remain PCI DSS compliant with password changes and protected data

log in boxThere has never been more emphasis on protecting consumer data, and call centres across the country need to comply with PCI DSS standards if they wish to keep customers on board. In addition, the European Union has just agreed on a new Data Protection Framework. Although this does not come into effect for a couple of years, it will affect the way telephone answering services handle consumer data, so it is essential to start making the necessary changes now.

Compliance with the new rules means that call centres will have to meet three components: a new Transparency Framework, a “Compliance Journey”, and an Enforcement, Sanction and Remedies Framework. In the event of breach, companies could be fined up to €20m or 4 per cent of their annual worldwide turnover, not to mention having their reputation tarnished.

Two ways to remain PCI DSS compliant are changing vendor-supplied passwords and correctly storing cardholder information. Many firms never change their login data, making it easy for cyber criminals to hack into their systems. Meanwhile, consumer cardholder data should be minimised. If the data is not required, call centres should not keep it, and the CV2 number should never be stored. For card numbers that need to be stored, tokenising data works well. Information should never be passed via insecure methods such as VoIP or email.

Experiencing a breach can be devastating to both a company and the customers it affects. Therefore, action should be taken now to ensure that PCI DSS compliance is maintained at all costs.

award winning