Call centres
Concerned that your Call Centre might not be compliant in respect of your data capture and storage processes, but don’t want to change your Payment Service Provider?
Get in touch today, call 0800 077 6311, we may be able to help!
Any Call Centre that handles credit and debit card details has a duty to protect their customers from fraud
More than £1.6 million worth of fraud occurs on UK credit and debit cards every day.
A fraudulent transaction takes place every eight seconds.
One in five of the 200+ UK contact centres that took part in a recent ContactBabel survey are not fully PCI compliant.
Build and maintain secure systems.
What are the penalties for non-compliance with the PCI data security standard?
Non-compliant operations may lose the right to accept credit card transactions or be fined.
Mastercard recently updated its merchant compliance plan, with fines for a fourth PCI DSS violation now ranging up to $400,000 for non-compliant merchants.
In February 2015 an online travel insurance company was fined £175,000 for storing data in a manner that breached PCI DSS requirements. The data including names, payment card details (including CVV and expiry dates), dates of birth, address, email addresses, phone number, travel dates and destinations and medical screening was stolen by hackers.
Also in February, Islington Council was reprimanded for three serious data breaches in the course of a year; one resulting in a £70,000 fine. The ICO found that the Council failed to disable call recording when bank details were being given. They also identified failures in protecting staff access to sensitive data and discrepancies in server access requests.
Future standards of PCI DSS will undoubtedly be more stringent, with concomitant naming and shaming of non-compliant brands in the press. Avoid these headaches and make sure your business has robust processes in place to protect your profits and customers.
The security considerations
PCI compliance is about more than just securing your systems and encrypting your data.
In many ways, those are the easy parts. Where those systems and data come into contact with humans is the weak point. In a complex operational environment, where hundreds of people might be coming and going every day, proper security procedures are absolutely essential.