November 24, 2011 @ 4:18 PM

Does your PCI Compliance meet industry standards?

ABT builds and maintains the finest “best practices” PCI DSS 2.0 compliance platforms

DELRAY BEACH – The development of the Payment Card Industry Data Security Standard (PCI DSS) standard over the last decade has had a huge impact on the call center industry.

Call centers are required to maintain the appropriate call recording and data management and storage systems. As designated by PCI DDS, call centers must protect the transmission, processing, and storage of credit card contact data and appropriately control the agent-caller interface within the physical call center.

As a result, one of the primary goals for any call center should be to strictly comply with PCI DDS standards. It is vital to make sure that your call center environment minimizes payment card data loss.

The current 2.0 version of PCI DSS, which was implemented in late 2010, specifies twelve (12) control requirements that must be met each year:

1. The installation and maintenance of a firewall configuration to protect cardholder data;
2. The prohibition of use of vendor-supplied default system passwords and other security parameters;
3. The protection of stored cardholder data;
4. The encryption of transmissions of cardholder data across open, public networks;
5. The use and regular update of anti-virus software on all systems commonly affected by malware;
6. The development and maintenance of secure systems and applications;
7. The restricted access to cardholder data by business need to know;
8. The assignment of a unique identification to each person with computer access;
9. The restriction of physical access to cardholder data;
10. The tracking and monitoring of all access to network resources and cardholder data;
11. The regular testing of security systems and processes; and,
12. The development and adherence to a policy that addresses information security.

A compliance validation process, established by PCI DSS 2.0, calls for the annual review of standards by an external “Qualified Security Assessor” for call centers handling large volumes of transactions: or, the filling out of a “Self-Assessment Questionaire (SAQ) for those entities with smaller transactional volumes.

Pursuant to a recent PCI DSS issued FAQ specific to call centers, any form of digital audio recording containing CVV information cannot be stored if that data can be queried. Thus, call centers that record cardholder data in audio recordings are barred from using formats such as WAV, MP3, etc. involving CAV2, CVC2, CVV2 or CID codes after authorization.

A call center must enable its platform’s tools to call record, track, measure and monitor any query from a variety of digital recordings involving cardholder data, when the platform contains the capacity to prevent recording of these data elements. (RYAN: please scrutinize this particular revision very carefully, please; it’s extremely dense, and I want to ensure that it accurately reflects the regulation)

Applied Business Technologies (ABT) is a leader in designing and delivering call center software platforms which strictly adhere to PCI DDS 2.0 requirements. ABT’s secured call recording platform also complies with PCI DSS best practices standards to protect cardholder data. Our software implements PCIDSS 2.0 controls that limit access to cardholder systems and data, and institute monitoring of unauthorized access or suspicious behavior for voice and screen capture.

Do you have the most up-to-date and appropriate measures to protect your call center’s cardholder information? Do your current systems store, process and transmit cardholder information in true compliance with PCI DSS 2.0?

Breaches in credit card privacy and data protocols can result in significant fines which damage your business and impact your bottom line!

ABT offers call recording and quality monitoring solutions that bring call center best practices into PCIDSS 2.0 compliance and allows users to configure and operate data recording, call monitoring and information protection as specified by PCI DSS 2.0 standards and other industry standards.

Isn’t it time for you to contact ABT for a consultation to review your PCI DSS 2.0 practices and controls?

Call me today at 561-282-6318, or email me: rmorriss@appliedcorp.com. Let’s get started today!

Comments are closed.