What is PCI DSS?To increase controls around cardholder data and help prevent payment card fraud, the Payment Card Industry (PCI) established a single set of Payment Card Industry Data Security Standards - PCI DSS.
Any business or organisation that takes card payments over the telephone and records their calls is directly affected by Section 3.2 of PCI DSS. This states that no sensitive authentication data may be stored in any format, once a transaction has been authorised. This directive does extend to contact centres which use call recording.
Payment Card Data Divides into Two Groups:
Customer Identifiable Data
This includes names and addresses.
Sensitive authentication data
Specifically the printed security code and magnetic stripe data.
So if you're storing any of this information, what are the implications of a breach?
PCI DSS Compliance is not a legal obligation, but the threat of fines for non-compliance or the high costs if breaches occur are firm drivers for organisations to invest in reviewing processes:
- Average cost per compromised record is £133
- Average cost of a breach event is £4.5 million
- Non-compliance cost is an average of 2.65 times the cost of compliance
- Also: business disruption, reduced productivity, fees, penalties, other legal and non-legal settlement costs
PCI DSS and Your Business
What does PCI DSS means for your business?
PCI DSS Compliance and Call Recording
How does PCI DSS Affect Your Call Recordings?
CallGuard and PCI DSS
CallGuard is the most effective and proven solution to advance your contact centre towards PCI DSS compliance.
Believe it or not, there are non-compliant methods to securing calls from cardholder data.
Compare CallGuard with Other Methods for Making Your Call Recording Solution PCI DSS Compliant.
Free PCI DSS Papers
PCI DSS is complicated enough so we have written some short papers below to help you with securing your phone payments.