A PCI Certified Level 1 Call Center will better protect your customer’s data

by Rich Hamilton,  Director of Marketing & Product Development

Technolgy with securityYou’ve made the decision. Your organization is seeking an outsourced call center to work on your behalf. Outsourced call centers are often referred to as Service Agencies, Telemarketing Vendors, or Business Process Outsourcing (BPO). Regardless of what they are called, many factors will need to be considered, including call center size, location(s), management, technology capabilities and experience with different types of calls such as helpdesk, customer service or sales. One factor that should not be overlooked is Information Security. How secure will your customer data be with a potential call center? Let’s look at how a PCI Certified Level 1 Call Center will be able to best protect your customer data as opposed to a call center that is not PCI Certified Level 1.

No Brainer for Credit Card Processing

If your outsourced call center will be processing credit cards, then the decision is a no brainer. A PCI Certified Call Center will have to be used. What is PCI? PCI DSS stands for Payment Card Industry Data Security Standard and is an information security standard for organizations that handle credit cards from the major card providers including Visa, MasterCard, American Express, Discover, etc. .

There are 4 PCI certification levels available. Levels 2-4 only require a Self Assessment in order to receive certification. Level 1 is more rigorous and requires a 3rd party to audit corporate governance (policies and procedures), the operations/processes being used and all technology involved. Through this thorough review along with penetration tests the 3rd party Qualified Security Assessor (QSA) is able to determine if all systems and processes are secure with the proper protocols and encryptions. Obviously becoming PCI Certified Level 1 involves more time with a higher cost; but having a 3rd party review all aspects of your organization definitely ensures that your customer data will be very secure.

If your organization’s outsourced call center will handle credit card data or other sensitive Personally Identifiable Information (PII), you really don’t want to take your chances. Depending on the volume of credit cards transactions that you process with your merchant account provider, being PCI DSS compliant will be a requirement at either a low level or at the Level 1 extreme. In addition, there are also other negative consequences that can result from a data breach of your customer data, including financial penalties, bad publicity, and possibly losing credit card transaction processing privileges. Taking the proper steps to become PCI certified will help protect both your customer data and your organization’s well-being for the long term.

What about call centers not processing credit cards?

You are probably thinking, if my third party outsourced call center does not need to process credit card transactions, why would I require the organization to be PCI Certified? Keep in mind that since the standards for becoming PCI certified are so high, your customer data will definitely be more secure. Take a look at this table that breaks out a few differences between a PCI Certified Level 1 Call Center and a Call Center that is not PCI Certified.

 Non-PCI Certified Call Center  PCI Certified Level 1 Call Center
 Detailed policies including password policies, physical security policies, acceptable use policies and information handling policies.  Maybe  Required
 Processes to support the detailed policies.  Maybe  Required
 Secure Firewalls – protecting customer data from cyber attacks.  Maybe  Required
 Proper encryption while customer data is at rest and in transit.  Maybe  Required
 Yearly Security Awareness Training for all employees  Probably Not  Required
 Quarterly and Yearly Penetration Scans to ensure customer data is secure.  Probably Not  Required

Based on the table above, which call center do you think would be able to more securely handle your customer data? Clearly, a 3rd party outsourced call center or teleservices agency that is PCI Certified Level 1 is the best choice. They have committed the additional time and money needed to ensure that the proper policies, processes and technologies are in place (with a rigorous 3rd party audit) to handle customer data in a 100% secure manner.

Rich Hamilton is the Director of Marketing & Product Development for Quality Contact Solutions, a leading outsourced telemarketing organization. Rich works tirelessly to bring new products to the teleservices and call center market. Rich is also the creative powerhouse behind executing on a wide spectrum of marketing initiatives for the organization. In addition, Rich is a telemarketing compliance guru with a Customer Engagement Compliance Professional (CECP) certification to back it up . Rich can be reached at [email protected] or 516-656-5105.