What is PCI-DSS?

PCI-DSS stands for Payment Card Industry Data Security Standard

The Payment Card Industry Security Standards Council was incorporated 16th Sept 2006. It was established by the global payment card schemes, as a unified standard, to baseline the minimum data security requirements necessary to protect payment card data within any part of the merchant environment.

The changes outlined in 2018 meant that simply protecting stored call recordings from capturing card data was no longer key to compliance, this was only achieved by the removal of all card data from your infrastructure through one of the three approved solutions outlined below.




TYPES OF SOLUTION

Pause & Resume

Most Contact Centres use this technique as part of their compliance process. Whilst common in the UK this is no longer regarded as compliant by the PCI Council. We have the option to make Pause & Resume far more robust by adding speech analytics software, scanning all call recordings and highlighting any sensitive card data for removal.

With a range of technologies designed to support telephone based card payments, we ensure you choose the right solution to match both your own business requirements and your customers’ preferences to ensure you are compliant with the latest PCI guidelines.


Compliance via Voice Suppression

This is the easiest and simplest way of achieving compliance without changing your customer experience. By collecting card information directly through the customers’ own phone using its Dual Tone Multi-Frequency tones (DTMF) capability we take your agent out of scope for compliance as they are no longer presented with the sensitive card data. The agent remains connected with the customer during this process advising the customer at all times. The card data is sent automatically to your payment gateway and the agent is advised on the success or failure of the transaction.


Compliance via Telephone Based IVR

If  you, or your customer, do not want to  remain on the call while the payment is made then you can use this technique. IVR (Interactive Voice Response) technology allows your customers to make payments using their telephone keypad at a time (24/7) which suits them best.  There is no requirement to have an agent present on these calls.


Compliance via Digital Links

This technology easily converts a telephone based payment into a secure e-commerce transaction. It takes your agents completely out of scope for compliance, all while your agents remain on the call with the customer.

When payment is required the customer is sent a digital link directly to their smartphone, PC or tablet via email. Once this link is opened it automatically connects them to your payment gateway enabling them to complete the transaction electronically whilst on line. As with the IVR application this can be done when connected to the agent or at anytime 24/7 to suit the customer.



AVAILABLE FROM DAKTELA


All of these functions are available from Daktela and can easily be integrated into our system, please contact us for more information.

CONTACT US