As a company, if you accept or process payment cards, the PCI Data Security Standards apply to you. If you take credit cards via inbound telemarketing, customer service or outbound telemarketing, you will need a PCI compliant call center, preferably a PCI Certified Level 1 call center.
It’s in the news continuously – consumer credit card data is hacked and stolen. In an effort to combat these threats, Visa, MasterCard, American Express, Discover and JCB created a set of standards known as the Payment Card Industry Data Security Standards (PCI DSS). PCI DSS is required for all entities that store, process, or transmit cardholder data, including call center vendors and outsourcers. These standards include technical and operational requirements for organizations accepting or processing payment transactions. PCI DSS helps a company to avoid potential severe penalties/fines or even lose their credit card processing arrangement if a breach were to occur.
Other potential liabilities:
- Loss of customer confidence
- Diminished Sales
- Fraud Loss
- Higher subsequent costs of compliance
- Go out of business
What does PCI Level 1 mean?
There are four levels of PCI compliance. If your organization processes more than 6 million credit card transactions per year (depending on the major credit card company you are working with), then your credit card processor will require you to take the necessary steps to become PCI Level 1. This level requirement will also apply to any vendors or 3rd party companies you use to store, process, or transmit cardholder data. So if you are required to be PCI Level 1, then you will need to make sure all your vendors including any outsourced telemarketing firms are considered a PCI Certified Level 1 Call Center.
What it takes to become a PCI Certified Level 1 Call Center
Companies that want to be PCI Level 1 must have a yearly review done by a Qualified Security Assessor (QSA) company. The QSA completes a third party evaluation of the data capture, data storage, and that the data transmissions meet the PCI DSS standards set by the PCI Security Standards Council. The QSA will conduct penetration tests and vulnerability scans on all company servers to ensure credit card data is kept secure at all times. In addition, the third party QSA evaluates the recordkeeping of training conducted with employees as well as all policies and procedures related to security. If a gap is identified, the QSA will require the gap to be remediated to their satisfaction before awarding the Attestation of Compliance.
Recertification is critical
To maintain credentials as a PCI Certified Level 1 Call Center, continued monitoring of systems, operations, training, policies and procedures will be reviewed continually, even after being awarded the Attestation of Compliance. This formal recertification process is done once annually.
Here is Quality Contact Solutions’ Attestation of Compliance.
Self-Assessments just don’t carry the same weight
Some organizations choose to do what’s called a Self Assessment. Don’t be fooled. A self- assessment is a good first step, but it doesn’t carry the weight of the third-party QSA’s Attestation of Compliance.
While PCI Levels 2-4 only require self evaluation known as a Self-Assessment Questionnaire (SAQ), PCI Level 1 goes a step further to ensure proper security precautions are being taken by requiring a qualified QSA to complete a 3rd party assessment on all technical and operational system components included in or connected to cardholder data.
Cardholder data security is a serious business
Quality Contact Solutions has been a PCI Certified Level 1 Call Center since May 2013. Over the years, the PCI Security Standards Council continues to add requirements and controls to make cardholder data more secure. Even though these requirements, and therefore the recertification process, becomes more difficult to obtain, Quality Contact Solutions has successfully made the adjustments necessary to continue to be PCI Level 1 certified.
We exist because the world is driven by sales and our goal is to provide quality call center solutions that achieve sales results. While there is always a focus on sales performance, we feel it is just as important to focus on continued customer confidence through secure credit card transactions.
Contact us today to learn how Quality Contact Solutions can help your organization with your outsourced call center and telemarketing solutions.