Cirrus PCI Pro
If your contact center is taking debit or credit card payment from callers, regardless of volume or value of transactions, you are required to comply with PCI DSS guidelines. Failing to comply not only reduces customer confidence and your bank’s confidence in doing business with you, it can result in substantial fines and potentially your right to take card payments can be withdrawn.
Payment Card Industry Data Security Standard (PCI DSS) compliance means mitigating the risk of sensitive payment card information being copied and used for potential fraudulent use or identity theft. PCI DSS prohibits the retention of sensitive card authentication data such as the CVV2 being retained by transactional systems, call recording and most importantly by the person taking card information from the callers.
A particular challenge for contact centers and businesses that take payments over the phone is call recording. It is extremely hard to stop the recording systems from collecting and storing the card information, which by default makes the business non-compliant. Another particular challenge is making sure that the people who take the payments cannot copy the information down on paper, send it off site using 3rd party email accounts or social media, or even take pictures of it with their phones. While several solutions to the problem are commercially available, none are as effective as Cirrus PCI Pro Assisted Automation.