What is PCI-DSS?

PCI-DSS stands for Payment Card Industry Data Security Standard

The Payment Card Industry Security Standards Council was incorporated 16th Sept 2006. It was established by the global payment card schemes, as a unified standard, to baseline the minimum data security requirements necessary to protect payment card data within any part of the merchant environment.

The changes outlined in 2018 mean that simply protecting stored call recordings from capturing card data is no longer sufficient for compliance. It is only achieved by the removal of all card data from your infrastructure through one of the three approved solutions outlined below.




TYPES OF SOLUTION

Pause & Resume

Most Contact Centres use this technique as part of their compliance process. Whilst common in the UK this is no longer regarded as compliant by the PCI Council. We have the option to make Pause & Resume far more robust by adding speech analytics software, scanning all call recordings and highlighting any sensitive card data for removal.

With a range of technologies designed to support telephone based card payments, we ensure you choose the right solution to match both your own business requirements and your customers’ preferences to ensure you are compliant with the latest PCI guidelines.


Compliance via Voice Suppression

This is the easiest and simplest way of achieving compliance without changing your customer experience. By collecting card information directly through the customers’ own phone using its Dual Tone Multi-Frequency tones (DTMF) capability we take your agent out of scope for compliance as they are no longer presented with the sensitive card data. The agent remains connected with the customer during this process, advising the customer at all times. The card data is sent automatically to your payment gateway and the agent is advised on the success or failure of the transaction.


Compliance via Telephone Based IVR

If you or your customer do not want to remain on the call while the payment is being made, you can use this method. IVR (Interactive Voice Response) technology allows your customers to make payments using their telephone keypad at a time (24/7) which suits them best. There is no requirement to have an agent present on these calls.


Compliance via Digital Links

This technology easily converts a telephone based payment into a secure e-commerce transaction. It takes your agents completely out of scope for compliance, all while your agents remain on the call with the customer.

When payment is required, the customer is sent a digital link directly to their smartphone, PC or tablet via email. Once this link is opened, it automatically connects them to your payment gateway, enabling them to complete the transaction electronically whilst online. As with the IVR application, this can be done when connected to the agent or at any time that suits the customer, 24/7.



AVAILABLE FROM DAKTELA


All of these functions are available from Daktela and can easily be integrated into our system. Please contact us for more information.

CONTACT US