Nearly 90% of contact centre operations do not understand PCI DSS requirements
Although 36.7% of contact centres judge themselves to be fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), the vast majority (89%) admitted to not understanding its requirements and penalties.
That is one of the findings in new research from UK-based business communications solutions provider Connected World.
The survey found that there is a high level of disarray in the market, with a third of all contact centre respondents (33%) claiming at best to be years away from full PCI DSS compliance, with a fifth (21%) stating that their processes will never be in full accordance with the standard’s stringent requirements.
The survey questioned more than 200 contact centre decision makers spanning a range of industries from retail and leisure to public service and finance.
More than a quarter of survey respondents (28%) said they had some safeguards in place to protect sensitive data but felt they would benefit from tighter security measures to better protect their customers.
However, the survey found that the overall PCI DSS message of compliance appears to be getting through, but only to a limited section of the market. Of those that were aware of the term, only 41% stated that compliance with the PCI DSS standard was crucial to the future of their business. The remaining 59% describing compliance with the standard as “not a top priority” or “something we need to find out about”.
“We’ve been amazed by the level of confusion in the market, especially given the fines that card issuers can impose if they find a vendor to be in breach of the standard’s requirements.” commented Jamie Price, director, Connected World. “Contact centres urgently need to attend to their processes, or they could be held accountable for security breaches and fraud that would otherwise by covered by the card issuer.”
On a wider level, the survey found a clear need to heighten awareness as well as adjust processes and tools in use in day to day operations. In order for PCI DSS compliance to be fully achieved in a contact centre, many levels within the organisation need to be engaged in the process, from staff training to telecoms security. Despite this, more than 74% of respondents admitted that the issues are not clearly understood across their organisation and just 11% respondents said they fully understood what the standard demands and the consequences of not conforming.
Nevertheless, the survey found that confidence in current data security measures is high. 68% respondents stated that they were confident that they were processing telephony payments securely despite not fully understanding the PCI DSS requirements, suggesting a level of indifference to the standard in the industry and a marked belief that contact centres are already doing enough to protect customer data.