Steve McSherry | February 2019

I recently completed a contact centre audit for a large retail company. When I asked if they were operating their telephone sales in a PCI-DSS compliant manner they confirmed they were.

Unfortunately, that wasn’t the case.

Indeed, they had spent thousands of pounds on consultants to help achieve their compliance and had even recruited a part time compliance manager.

All good and valid steps you say, but within a matter of moments I found 5 voice recordings stored on their system that had captured their customers’ sensitive data including names, addresses and card details.

The company was horrified to say the least, but my explanation was simple: PCI-DSS experts are not always contact centre experts.

In this instance, they had ensured that the customer sales order line was operating in a PCI-DSS compliant manner. But at times of peak business, customers who were fed up with queuing on the order line would phone a different number. These calls were answered by a different team, who transferred the customers internally to the sales team through a non PCI-DSS compliant route.

So what’s the easy solution – take yourself completely out of scope for PCI-DSS, so no matter how your customer gets to your sales team you are secure.

Our Partners: OnePayment

We work with our customers to ensure 100% of all customer transactions through their contact centre are PCI-DSS compliant. Working with our partners, OnePayment we can deliver a variety of e-commerce solutions that easily integrate within your contact centre.

If you are unsure whether your contact centre is PCI-DSS compliant, or would like to find out more please get in touch.