Contact Centre Environments
Contact centres, (often referred to as call centres) frequently capture card data
by telephone. Traditionally this may have been through analogue and digital phone
systems, however more recently this is also through IP telephony and hosted IP telephony
systems.
|
In most contact centre environments, merchants will be required to complete Self-Assessment
Questionnaire D. This is largely because the contact centre operator is deemed to
be processing card data, (captures by phone and enters in to an application).
Many organisations feel uncomfortable about this concept and perceive themselves
to fall in to SAQ C. Although this may be possible for very small contact centres,
SAQ C explicitly states that “the payment application system/Internet device must
not be connected to any other system within the merchant environment”. The moment
there is more than 1 device used in the Contact centre it becomes impossible to
answer yes to the prequalification questions under SAQ C.
Many Contact centres inadvertently store card data due to the use of call recorders.
There are many tried and tested solutions that can militate against this storage.
Techniques such as divert to DTMF, or Pause & Resume can significantly reduce a
merchants requirements for PCI DSS compliance.
|
|
No two contact centre environments are ever the same. As a consequence, any organisation
that operates a contact centre should get expert advice before completing either
SAQ C or SAQ D. Nettitude offer a PCI DSS support desk that is designed to offer
pragmatic advice and guidance for all organisations tackling PCI DSS compliance.
To gain access to this free of charge service, please complete our contact form
and a consultant will respond to your enquiry.
|
