how to simplify pci compliance

How To Simplify PCI Compliance With Descoping

In 2020, the voice channel still accounts for a great deal of credit card transactions, whether for bill pay, purchases, or account renewals. Contact centers handle 1.6 billion credit card transactions annually. 

With this in mind, and with the technology used by fraudsters growing ever more complex, security should be a top priority, especially considering what’s at stake. According to the Ponemon Institute, the average total cost of a data breach in 2018 ranged from $2.2 million for incidents with fewer than 10,000 compromised records to $6.9 million for incidents with more than 50,000 records. Add that to the negative publicity and angry customers, and you can easily see how disastrous even a minor breach could be.

Why is PCI DSS Important?

In order to set standards that merchants and financial institutions could implement to ensure their data remains secure, the PCI Security Standards Council was formed. In 2006, American Express, Discover, JCB International, MasterCard, and Visa collaborated to form the Payment Card Industry Data Security Standard (or PCI DSS). PCI DSS covers all aspects of payment collection, from in-store transactions to phone payments.

Today, every merchant who accepts credit cards must abide by PCI DSS guidelines. Failure to do so can result in fines or even having the ability to process cards revoked. However, a 2019 report by Verizon revealed that in 2018, less than 40% of businesses were fully compliant with PCI DSS.

With evolving technology and increasingly complex and spread-out contact center operations, many organizations have found that the easiest way to achieve full PCI DSS compliance is through descoping the contact center.

What Is PCI DSS Descoping?

Any part of your contact center (including any person, piece of software, or technology) that comes into contact with payment information is considered within the scope of PCI DSS. It includes anything and anyone that stores, processes, or transmits payment data. And anything in-scope, therefore, needs to meet the requirements of PCI DSS. That includes not only agent training, but also any number of technological updates to your software, agent desktops, servers, physical environments, etc.

Requirement 3.2 of PCI DSS states, “Do not store sensitive authentication data after authorization (even if encrypted).” Since this includes your entire infrastructure (including call recordings), that makes keeping every in-scope entity compliant incredibly difficult. Descoping, on the other hand, means that your contact center does have access to protected information. Anything that does not touch this information is “out of scope”.

Descoping creates a scenario in which payment information never touches your contact center (and, naturally, is therefore never recorded by your contact center). And because your contact center is then not handling any payment information, it does not need to maintain compliance. Products like Plum SecureAssistant facilitate descoping by deploying a virtual assistant to handle the sensitive information, allowing the agent to converse with the caller without hearing or seeing the payment information.

Benefits of PCI Descoping

Not only is using a descoped payment solution a sure-fire way to achieve PCI DSS compliance in your contact center, it also saves you money. By not having to update your technology and provide additional training to your agents, you can create compliance without breaking the bank.

Having payments handled by an automated, descoped system also reduces average handle times for your contact center. This results in even more savings as well as happier agents.

Plum’s PCI Descoping Tool

Plum SecureAssistant is a virtual assistant that descopes your contact center from PCI-DSS requirements, enabling you to instantly achieve PCI compliance. SecureAssistant can be conferenced into calls to accept and mask sensitive payment details while the live agent remains on the line.

Integration is simple with SecureAssistant, as it connects with your existing payment processing systems and with multiple telecom carriers. And security has always been a top priority for Plum Voice. Our platform has been PCI-DSS compliant since 2013.

Contact us today to get started with SecureAssistant