Contact Centre PCI-DSS Compliance Made Easier
.jpg)
Basingstoke 4th June 2009. NewVoiceMedia has passed the final stages of becoming PCI-DSS Compliant with the issuing of the certificate by the Qualified Security Assessor (QSA). It means that any contact centre wanting to become compliant themselves can use the NewVoiceMedia mid-call IVR solution to take card payments and just check a box in a self-assessment questionnaire to cut months of work and typically well over £20,000 in costs…
NewVoiceMedia has achieved the highest standard, Service Provider Level 1, which is needed for service providers handling over 300,000 transactions per year. The company reports that it already taking over £100,000 a day in transactions for just one of its customers.
The NewVoiceMedia PCI-DSS Mid-Call solution is invoked by the agent when a card payment is about to be made. After entering the payment details in a screenpop, the caller is passed to an automated IVR that takes the card details, checks the card validity with the card company and then (if 
needed) returns the caller to an agent should anything go wrong. The agent will be able to see in a screenpop, for example, that the card had expired and talk to the caller. The solution allows recordings of the conversations to be made which is important for security and training purposes, but no recordings are made during the payment process itself, as is dictated by the standard. Also, full integration with any back office systems is made during the call, thus speeding up the entire process.
By implementing the NewVoiceMedia solution the majority of contact centres can just make a tick against a self-assessment form to state that they are using a PCI-DSS Compliant company to outsource the payment process. The largest operations, graded as Level 1 because they perform over 6,000,000 transactions a year, will still need to be assessed by a QSA, but the process will be far cheaper and simpler.
More on PCI-DSS and the Contact Centre...
About PCI-DSS
The PCI (Payment Card Industry) is a body set up by Card companies such as Visa, MasterCard and American Express. Several years ago the PCI defined a Data Security Standard (DSS) that anybody taking card payments over the phone should conform to in order to protect the cardholder from fraud. All companies, big or small, should now be compliant as the deadline for compliance expired a long time ago. However, many contact centres are still not compliant and are now coming under intense pressure from the card companies.
Becoming compliant is a long and complicated process and, for the larger organisations, will involve certification by an external Quality Security Assessor (QSA). The QSA will validate the processes and perform penetration tests on their computer systems to ensure that call centre staff as well as external hackers can not access any cardholder data.