Tag Archives: PCI Certified Level 1 Call Center

TCPA Risks in Outsourced Telemarketing

By Angela Garfinkel, President, Quality Contact Solutions

If you missed the PACE TCPA Washington Summit in Washington DC, September 27-29, you missed the opportunity to hear from the best legal minds in the call center and outsourced telemarketing industry.

While the summit was focused on the fallout of the Federal Communications Commissions’ Telephone Consumer Protection Act (TCPA) Declaratory Ruling, attendees also learned about other risks that some outsourced telemarketing organizations and clients may not be aware of.

Here is a high level recap of the PACE TCPA Summit: Continue reading

Quality Contact Solutions is a PCI Level 1 Call Center

If you take credit cards via inbound telemarketing, customer service or outbound telemarketing, you need a PCI compliant call center.

It’s in the news continuously – consumer credit card data is hacked and stolen.   The credit card industry’s self-regulatory solution is called the Payment Card Industry (PCI) Data Security Standards (DSS).   PCI DSS requires vendors and outsourcers to comply with the requirements in order to process credit cards and debit cards, or pay severe penalties or even lose their credit card processing arrangement. Continue reading

Quality Contact Solutions Achieves Level 1 PCI DSS Compliance

AURORA, NE & ATLANTA, GA –  Quality Contact Solutions, Inc. (QCS), a leading call center solutions and telemanagement provider, announced today that its operation is certified as Level 1 PCI DSS compliant. The organization recently underwent a stringent audit by CompliancePoint, an independent Quality Security Assessor (QSA) to ensure that it meets industry best practices and security controls required to keep credit card data and other sensitive information safe and secure during transmission, processing and storage.

The PCI Data Security Standard (PCI DSS) is the most rigorous industry-recognized payment-card security standard available globally. The PCI DSS Security Standard is designed to minimize the exposure of credit card data to risk of fraud or compromise. Although the PCI standard is more commonly associated with merchant activities, call centers that capture sensitive data must also follow stringent security protocols before their operations can be deemed safe for capturing consumer information.

“We’re excited to add PCI DSS compliance to our call center operations portfolio,” says Angela Garfinkel, QCS President. “Clients can count on our team to capture credit card information in a secure and efficient manner – in both our internal at-home call center and with our subcontracted call centers. We would like to acknowledge CompliancePoint’s guidance for helping our company achieve this milestone.”

“QCS’s achievement of v2.0 standard PCI DSS recognizes adherence to rigid standards of protecting consumer information and ensuring strict process and policy enforcement,” states Jerry Wyble, Vice President and General Manager of CompliancePoint’s Information Security practice group. “As a PossibleNOW company, CompliancePoint leverages extensive experience regarding the needs of the call center industry.”

About Quality Contact Solutions

Quality Contact Solutions (QCS) provides business to business Telemarketing and Call Center Solutions. QCS helps companies get more contacts and increase the quality of their contacts. QCS leverages telemanagement, consulting, regulatory guidance and technology solutions to help companies make the most of their contact center dollars.

QCS’s experience includes inbound, outbound, txt and email programs with a focus on increasing sales, increasing customer satisfaction and decreasing cost per contact. The QCS value-added approach ensures each customer contact is enhanced through higher quality and ultimately more productivity. Industry veterans Dean and Angela Garfinkel bring more than 50 years of experience to their clients.  

 About CompliancePoint

CompliancePoint, a PossibleNOW company, is headquartered in Duluth, Georgia. CompliancePoint’s Information Security Compliance practice group provides consulting, audit and training services on business privacy and data security issues including PCI Certification, HIPAA assessments, FISMA, ISO 27001, and third party information security risk assessments. Products include information Compliance Automation Portal, cloud compliance solutions, and information security training.

The CompliancePoint Information Security staff hold numerous IT & Security credentials including Certified Information Systems Security Professional (CISSP), Certified HIPAA Professional (CHP), PCI Qualified Security Assessor (QSA), Payment Application PCI Qualified Security Assessor (PA-QSA), Certified FISMA Compliance Practitioner (CFCP), Certified Information Security Manager (CISM), Certified Secure Software Lifecycle Professional, and certified TG-3 auditors.  Visit CompliancePoint’s website.

Contacts: 

Quality Contact Solutions                       CompliancePoint

Angela Garfinkel                                        Beverly Oscherwitz

(402) 210-2692, ext 201                             (770) 255-1034

[email protected]          [email protected]

Top 5 Compliance Mistakes

by:  Angela Morris

Staying on top of every facet of your telemarketing compliance program can be a daunting task. At Quality Contact Solutions, we recommend to our clients that they maintain a weekly compliance report that is submitted to senior management and the company’s compliance officer on a weekly basis.

Without a real-time, hands-on compliance monitoring program, it is easy to make a mistake by assuming that your systems and people processes are working as intended and as they were originally established.

There are five common compliance mistakes:

1) We often find that management is assuming that the outgoing Caller ID has a ring-back number that is being answered (either by voicemail or live person) and a Do Not Call request can be made by a consumer. In fact, many times, the ring-to number is not set up properly or perhaps has even been inadvertently disconnected. Other times, the ring-to number will ring to a group of call center agents and the wait times can be very lengthy which is not good service to those seeking answers about why you were calling and perhaps requesting to be put on your Do Not Call list.

2) Many companies do not calculate the abandoned call % correctly. Somewhere along the way, some companies began to utilize a calculation of abandoned calls divided by dials. This is not correct. Per the FTC and FCC, the correct calculation is abandoned calls divided by answered calls, which should not exceed 3%.

3) Speaking of abandoned calls, we often find companies that do not have a proper abandoned call message. The abandoned call message must state that the call is for telemarketing purposes and provide a phone number (could be toll free or a toll number) where the consumer can make a Do Not Call request. Some companies do not make it clear that the call is for telemarketing purposes. Check your outgoing abandoned call message and adjust it accordingly. And…. Be sure that the number you have in the message rings back to a voicemail box or a live person so that a Do Not Call request can be made. Again, we’ve found that many times this number was set up properly to begin with, but somewhere along the way, the number has gotten disconnected or the ring-to doesn’t work. Checking this type of thing weekly, by simply dialing the number contained in your abandoned call message can help detect a problem right away.

4) To rely on a safe-harbor defense, companies must be able to document a comprehensive training program related to Do Not Call and other telemarketing regulations. Many companies have a good training program in place, but fail to get signed training acknowledgment forms and fail to document the specific training that was conducted with each of their outbound telemarketing sales reps. We recommend that a brief test be administered (in writing) and at the bottom of that test is a signed acknowledgement that training was conducted.

5) Probably the riskiest compliance error occurs when a company relies on the contract with their vendor or client regarding responsibility for scrubbing or blocking applicable Do Not Call numbers from being called. Yes, the contract should clearly spell out who is responsible for which aspects doing a Do Not Call scrub or establishing a blocking solution. It is a mistake to overly rely on the contract because if there is an error, both companies (the call center and the client) will be held responsible for the applicable state, FTC or FCC. We recommend doing regular data audits (at least monthly) to check for potential errors. Test your processes to ensure they are working as they were originally intended. There is room for tremendous human error and interpretation mistakes. Don’t assume the other party is handling their responsibilities properly. You can’t afford to make this assumption.