Matthew Chadd, Security Manager at Content Guru, gives his five top tips for success in managing PCI compliant collections
PCI Compliance is not just a ‘nice to have’ - it is a necessity. Your business is responsible for the security of data. If you are not PCI compliant, then banks and card brands can levy fines for fraud on customer cards, and you could incur further costs to generate new cards.
You can suffer reputational damage,and face the risk that customers may not do further business with you. So it is crucial to implement all of the relevant controls. Here are five tips to help ensure that you maintain PCI DSS compliance when collection agents are taking payments over the phone:
Be aware of your technology options.
There are broadly four approaches:
- Pause/resume call recording.
- Stop/start call recording.
- DTMF masking – callers enter details on telephone keypads: the technology prevents agents from seeing or hearing the corresponding tones.
- Fully-automated IVR services.
Speak to an expert to understand the suitability and limitations of each.
Be aware of wider security implications
Pay attention to areas where systems and data come into contact with people in complex operational environments – and ensure proper security procedures are in place.
Plan for PCI compliance strategically.
Achieving compliance is an on-going task. New systems and processes can impact on compliance – and regulations are constantly changing. Version 3.0 of the PCI DSS and PA-DSS rules, for example, has introduced more rigorous and specific testing procedures, while adding greater flexibility and guidance for integrating card security into business-as-usual activities.
Educate your people properly about payment security.
Look at security in a broader context. Clean out cupboards. Look at storage and data cleansing. Take a look at what people bring to their desks.
Embrace the cloud.
Cloud technology vendors such as Content Guru not only provide a wide and flexible range of PCI technology options but also cost-effective solutions for achieving PCI DSS compliance through pay-as-you-use pricing models.
By Matthew Chadd, Security Manager, Content Guru