If you take credit cards via inbound telemarketing, customer service or outbound telemarketing, you need a PCI compliant call center.
It’s in the news continuously – consumer credit card data is hacked and stolen. The credit card industry’s self-regulatory solution is called the Payment Card Industry (PCI) Data Security Standards (DSS). PCI DSS requires vendors and outsourcers to comply with the requirements in order to process credit cards and debit cards, or pay severe penalties or even lose their credit card processing arrangement.
What does PCI Level 1 mean?
There are four levels of PCI compliance. If your organization processes anywhere from 1-6 million credit card transactions per year (depending on the major credit card company you are working with), then your credit card processor will require you to be a PCI Level 1 Call Center.
What it takes to become a PCI Level 1 Call Center
When you select a telemarketing organization or PCI Level 1 Call Center with Third Party Certification, you can be assured that your credit card data is more secure from theft, breach, or general mishandling. This third party certification means that a Qualified Security Assessor, or QSA, has been engaged to do a third party evaluation of the data capture, data storage, and that the data transmissions are completely secure. They will conduct penetration tests and vulnerability scans on all company servers to ensure credit card data is kept secure at all times. In addition, the third party QSA evaluates the recordkeeping of training conducted with employees as well as all policies and procedures related to security. If a gap is identified, the QSA will require the gap to be remediated to their satisfaction before awarding the Attestation of Compliance.
Recertification is critical
To maintain credentials as a PCI Level 1 Call Center, continued monitoring of systems, operations, training, policies and procedures will be reviewed continually, even after being awarded the Attestation of Compliance. This formal recertification process is done once annually.
Here is Quality Contact Solutions’ Attestation of Compliance.
Self-Assessments just don’t carry the same weight
Some organizations choose to do what’s called a Self Assessment. Don’t be fooled. A self- assessment is a good first step, but it doesn’t carry the weight of the third-party QSA’s Attestation of Compliance.
Contact us today to learn how Quality Contact Solutions can help your organization with our outsourced call center and telemarketing solutions.