With the new EU General Data Protection Regulations (GDPR) coming soon and the banking community committed to PCI DSS there is more and more pressure on contact centres to become PCI compliant. The resulting incentives sometimes offered (reduced merchant fees in return for better security) means that there has never been a better time for contact centres looking to justify the budget for a PCI programme.
However, the headache for many organisations is that achieving and maintaining compliance involves meeting a number of requirements (and specific sub-requirements) which add up to hundreds of security controls that could change with every new version of the standard! The risks, complexity, time and cost impacts of such a project cause many contact centres to just veto the idea of offering any kind of PCI service.
The reality is that things do not need to be as complicated, costly and negatively impactful as this may all initially sound.
There is a value in becoming compliant – both in budget and time terms. Currently there are very few organisations that can deliver the knowledge and skills required to get businesses to where they need to be. There is a general lack of availability of resources – particularly apparent within the PCI DSS industry. Therefore, early adopters have the opportunity to gain a competitive advantage when compared to organisations who are unable to see their way through the risks and costs.
Pay per use charging models mean that costs are now scalable, however the key is finding the right expertise that will eliminate the burden involved in PCI compliance.
One way to protect companies from losing sensitive data is to completely avoid being exposed to it in the first place. All that’s needed is the information that the payment was received, not the full details of the payment. That way If a data breach does occur, card details are never recorded and therefore risk to the business, brand, reputation and its customers is minimised. This approach also ensures compliance with PCI-DSS regulations.
Contact us so that we can tell you what the new EU GDPR means for you and how we can help you become PCI compliant – the easy way.