Payment card data processes may not be safe

By Ian Hook, Chief Operating Officer, Cognia Cloud Ltd.

Companies make significant investments in infrastructure to ensure payment card data is safe. PCI compliance sets stringent guidelines for protecting card data, however, fraud, theft and multiple breaches demonstrate that major weaknesses still exist. Cognia cloud-compliance solutions de-scope call centres by 92 per cent and keep sensitive card data out of the workflow.  There’s a better way to mitigate risk.

Credit and debit cards have increasingly become the preferred method of payment for consumers. Card breaches, however, are rising at an alarming rate. As a result, merchants are under pressure to ensure that payment channels are secure.

Increasing threats demand that security professionals shift their mindset from a check-box mentality to viewing security as an integrated part of business.  A common point of vulnerability is the exploitation of remote access to implant malware on systems that store, process, or transmit cardholder data.

The Payment Card Industry Data Security Standard (PCI DSS) organisation was created by major credit card companies to establish processes for card data security, and many contact centres purchased expensive on-premise compliance systems.  Controls have centered security responsibility on the agent-caller interaction and problems with “pause and resume” quickly became apparent:

  • Some agents can pause recording during a call, thus can have unmonitored and unrecorded conversations with callers and their sensitive data without anyone knowing.
  • If the recording process is automated, agents can still see or hear payment card details that can be copied or captured.

PCI DSS 3.1 raises the bar for cardholder security, but doesn’t fix the issue, and still requires more than 900 compliance processes to implement and maintain.

Cognia, a world leader in cloud-compliance solutions, mitigates the risk associated with on-premise systems by preventing payment card details from entering the call centre.  Sensitive data is kept securely away from agents, no matter where they are, yet allows them to remain continuously on the recorded call.

Cognia was the world’s first cloud service provider to achieve PCI DSS Level 1 compliance on the Amazon Web Services platform. Our payment processing solutions de-scope the centre by 92 per cent, and easily integrate. CIO Review recently chose Cognia as one of 20 Most Promising Contact Centre Technology Solution Providers for 2015.

  • Cognia remove sensitive data out of the call centre work flow
  • Help reduce your PCI DSS compliance scope by 92%

To find out more, click here.

Comments are closed here.