PCI Compliance: An Overview of PCI Standards


Are You Listening? Yes I Am. Great, Now Act on What You Heard from Me!

Did you know that your marketing organization has invested significant dollars in brand awareness and developing a strong business reputation? Do you know that BUZZ scores (whether people have heard anything positive or negative about the brand in the media or through word of mouth) can drop as much as 35 points after a breach announcement? It’s time to get on the bandwagon, fix the problem and protect your reputation!

Businesses today are inundated with regulations that mandate recording for compliance and risk management. As the amount of personal data entering the organization through the contact center increases, it is necessary that organizations provide a way to keep it secure.

Leading payment brands formed the Payment Card Industry (PCI) Data Security Standards in September of 2006 to protect personal and financial data that customers share with retailers, banks, service providers and credit card companies. With so many credit card transactions and verifications taking place over the phone, businesses that record calls require a much higher level of security to protect this data. Non-compliance can result in fines or restrictions AND it can damage the relationships businesses have established with their partners and customers. What’s more, non-compliance leaves sensitive data an easy target for unauthorized persons both in and outside of the organization.

Companies are continually concerned with the level of security provided through their call and desktop recording products. You should be familiar with the following list of PCI standards:

  1. Install and maintain a firewall configuration to protect data.
  2. Do not use vendor-supplied defaults for system passwords and other security parameters.
  3. Protect stored data.
  4. Encrypt transmission of cardholder data and sensitive information across public networks.
  5. Use and regularly update anti-virus software.
  6. Develop and maintain secure systems and applications; implement strong access control measures.
  7. Restrict access to data by business need-to-know.
  8. Assign a unique ID to each person with computer access.
  9. Restrict physical access to cardholder data.
  10. Track and monitor all access to network resources and cardholder data.
  11. Regularly test security systems and processes.
  12. Maintain a policy that addresses information security.

With regulations frequently changing, most articles you find are based more in generalities of the topic. This is a very serious topic—it should be discussed with more depth and more detail. That’s why we have written Tackling Compliance in the Contact Center to show you how to address PCI along with HIPAA, GDPR, PHI and PII concerns.

Download the complimentary whitepaper today.


ROGER LEE, aka Dr. WFO, is the Solutions Marketing Director of Customer Experience Management (CEM) Growth Initiatives at OpenText. He has over 20 years of experience in contact center operations, information management systems and quality. Roger believes that finding ways to improve the customer experience is essential—and that the responsibility for improvement spans the entire enterprise.