ABT builds and maintains the finest “best practices”
PCI DSS 2.0 compliance platforms
DELRAY BEACH – The development of the Payment Card Industry Data Security Standard (PCI DSS) standard over the last decade has had a huge impact on the call center industry.
Call centers are required to maintain the appropriate call recording and data management and storage systems to protect the transmission, processing, and storage of credit card contact data as well as safeguarding by appropriate controls of agent/caller interface within the physical call center.
As a result, one of the primary goals for any call center should be to in strict compliance the PCI DDS standards and to make sure that your call center environment minimizes payment card data loss.
The current 2.0 version of PCI DSS, which was implemented in late 2010, specifies twelve (12) control requirements that must be met each year:
1. The installation and maintenance of a firewall configuration to protect cardholder data;
2. The prohibition of use of vendor supplied default system passwords and other security parameters;
3. The protection of stored cardholder data;
4. The encryption of transmissions of cardholder data across open, public networks;
5. The use and regular update of anti-virus software on all systems commonly affected by malware;
6. The development and maintenance of secure systems and applications.
7. The restricted access to cardholder data by business need to know;
8. The assignment of a unique identification to each person with computer access;
9. Restriction of physical access to cardholder data;
10. The tracking and monitoring of all access to network resources and cardholder data
11. The regular testing of security systems and processes;
12. The development and adherence to a policy that addresses information security.
A compliance validation process established by PCI DSS 2.0 calls for the annual review of standards by an external “Qualified Security Assessor” for call centers handling large volumes of transactions or the filling out of a “Self-Assessment Questionaire (SAQ) for those entities with smaller transactional volume.
Pursuant to a recent PCI DSS issued FAQ specific to call centers, any form of digital audio recording containing CVV information cannot be stored if that data can be queried. Thus, call centers that record cardholder data in audio recordings are barred from using formats such as WAV, MP3, etc. involving CAV2, CVC2, CVV2 or CID codes after authorization.
If various measuring and tracking call recording and monitoring tools exist within a call center platform that potentially can query a variety of digital recordings involving cardholder data, if the technology exists in a platform to prevent recording of these data elements, it must be enabled.
ABT is a leader in the Call Center industry in building software platforms that provide strict adherence to the requirements of PCI DSS 2.0. We build and maintain secured call recording platform that comply with PCI DSS best practices standards that protects cardholder data. Our software implements PCIDSS 2.0 controls that limit access to cardholder systems and data, and institutes monitoring for unauthorized access and suspicious behavior for voice and screen capture.
Do you have the most up to date and appropriate measures to protect your call center systems that store, process and transmit cardholder information? Are you in true compliance with PCI DSS 2.0?
Fines for breaches in credit card privacy and data protocols can be significant-as well as lose you business and impact your bottom line!
ABT offers call recording and quality monitoring solutions that bring a call center best practices PCIDSS 2.0 compliance that allows users to configure and operate data recording and protection and call monitoring solutions specified by PCI DSS 2.0 standards and other industry standards.
Isn’t it time for you to contact ABT for a consultation to review your PCI DSS 2.0 practices and controls?
Call me today at 561-282-6318 or email me at rmorriss@appliedcorp.com and let’s get started today!
