When contracting with an outsourced telemarketing service provider, make sure you ask if they are a PCI Level 1 Service Provider. This is particularly important if your telemarketing campaign involves making a sale or taking an order with a credit card.
Quality Contact Solutions is a PCI Level 1 Service Provider. There are very few inbound and outbound telemarketing companies that have earned this certification. Even fewer have their PCI Level 1 Attestation of Compliance (AOC) signed by a Qualified Security Assessor (QSA). Quality Contact Solutions has this (click here to request more information).
Beginning in 2013, Quality Contact Solutions contracted with CompliancePoint to be our PCI QSA to achieve PCI Level 1. A PCI QSA is an impartial third party organization subject to the PCI Data Security Standard to conduct PCI assessment or advise an organization on how to achieve PCI compliance. During the PCI assessment, the QSA determines whether the organization has met the 12 PCI requirements, either directly or through compensating controls. The QSA then completes a Report on Compliance (ROC) to verify the organization’s compliance. By the way, QCS completed the steps to become PCI Level 1 compliant in record time! (Less than 4 months)
If you store, process, or transmit credit card data, your business is subject to the Payment Card Industry Data Security Standards (PCI DSS), a set of security rules designed to curb costly breaches and thefts across the industry. And if you outsource your telemarketing, order taking, or customer service, and if that outsourced call center (or telemarketing services provider) captures credit card information for your organization, then make sure the outsourced vendor is also compliant with PCI Level 1 requirements (including the AOC signed by a QSA).