PCI DSS compliance in contact centres via DTMF hiding
Another high cost that was not mentioned before are the compliance costs, these translate mainly into auditing costs and administrative procedures of complex regulation. It is true that these costs do not affect all actors the same way as the level of compliance depends on the number of annual transactions, from level 1 (over 6 million per year) to level 4 (less than 20.000 transactions per year). Yet the costs Compliance validation that involves the confirmation that the security procedures have been implemented are still there and become higher when companies keep data inside their walls.
There are a few recommendations that can help companies in this situation lower their costs and comply in an easier way with the PCI mainly contact centres can use the following when designing their payment processing procedure:
- DTMF masking as a way of descoping and reducing breach risks: pause and resume might seem like a valid and cheap solution but the reality is that the agent still hears the financial information of the customer. This means that there is still one risk point in the chain as inside data breach; also, customers are usually reluctant to provide their banking details to some other person.
- Keep data outside your data centres when possible: the more data companies gather and store the higher risk of a large scope of data loss, this translates into higher requirements of compliance not only with PCI but also with other regulation such as GDPR in Europe.
