John Greenwood is Executive Director of Compliance3 and a contact centre, GDPR and PCI expert
The biggest challenge for contact centre managers is having a board champion to implement a holistic data security strategy that includes the security of payment card data. It's the lack of those strategic plans that makes life very challenging for the contact centre manager.
If a strategy is designed to reduce the overall time, cost and effort in maintaining PCI DSS compliance, then that strategy should be to avoid establishing a card data environment in the first place. If the call centre manager was given that strategy to deploy, then they might have more choices on how to keep card data secure.
Kevin Dowd is a cyber-security and payment security expert and Chairman of the CNS Group
My line on the PCI standard is really that it's a heavy hint to everyone from the card industry not to touch card data.
If you touch card data, then you're in scope for all the controls. If you don't touch card data and you just let your suppliers do that who are specialised to do that for a living, then almost none of it applies, you're just making sure that your suppliers are doing the right things and your direct compliance burden is much lower.
The key challenge really, whenever we sit down with someone, is determine how best to reduce their local scope, their actively managed inside their infrastructure scope, for PCI compliance to as little as possible and preferably none. If you can do that, then you're going to have a successful PCI compliance program. If you find yourself with an extensive PCI DSS scope, this likelihood is that you're going to hit problems all the way.
We have an active social media presence on Facebook, Twitter, LinkedIn, YouTube and Google+ so please connect with us for regular updates on product developments, events, research and industry developments.