PCI Pal and Verizon White Paper Examines PCI Security Compliance in Contact Centre Environments

PCI-Pal PLC, a secure payments provider to contact centres released a white paper with Verizon to examine and address the challenges in achieving Payment Card Industry Security Standards Council (PCI SSC) compliance in contact centre environments.

Contact Centre CLUB

The use of contact centres continues to grow for operations and sales support, generating over $300 billion in revenue each year according to JLL Research. Given the sustained usage of contact centers, and the large amounts of sensitive data circulating through them, security – including insider threats – is a major concern for organizations leveraging contact centres.

Traditionally, protecting data in the contact centre consisted of user training, awareness and monitoring and deploying compensating control technologies that manage access to data. Conclusions from the study found that 60 percent of organizations are still leveraging outdated pause-and-resume technologies to avoid storing sensitive data on call recordings. This requires users to be paused while collecting payment information, disrupting the flow of business and causing issues from an audit trail and complaint resolution perspective.

A key recommendation for businesses is to eliminate data breaches at the contact center level by preventing payment data from entering the environment. This means businesses must replace pause-and-resume systems with modern Dual Tone Multi Frequency (DTMF) masking technology. By doing so, organizations are able to de-scope contact centre payment processing from PCI DSS requirements, allowing payment card information to be entered into the application without computer and/or agent access to the data. This helps to reduce fraud loss by eliminating sensitive card data from the conversation – ensuring that, in the event of a breach, data will not be compromised.

“Contact centres must focus mainly on six of the twelve requirements of PCI DSS when in-scope. There is also the need to validate the PCI requirements of the supporting IT security and operational systems. Not only is this a lot of effort, when compared to other industries, contact centres are notorious for high employee turnover rates, resulting in more opportunities for sensitive data to be mismanaged by insiders,“ said James Barham, CEO, PCI Pal. “With 72 percent of contact centres accepting card payments over the phone, organizations must strike a balance between providing positive customer experiences by streamlining processes and ensuring compliance standards are met.”

For background, in 2017, Verizon Professional Services Security Assurance practice and PCI Pal established a business relationship – a collaborative partnership on payment card industry (PCI) opportunities.

Download the white paper here.


PCI Pal is a specialist provider of secure payment solutions for contact centres and businesses taking Cardholder Not Present (CNP) payments. PCI Pal’s globally accessible cloud platform empowers organisations to take payments securely without bringing their environments into scope of PCI DSS and other relevant data security rules and regulations.

With the entire product portfolio served from PCI Pal’s cloud environment, integrations with existing telephony, payment, and desktop environments is simple and light-touch, ensuring no degradation of service while achieving security and compliance.

With extensive operations and technical experience of the contact centre sector, PCI Pal is uniquely qualified to deliver operationally efficient cloud-based payment security solutions to organisations operating on a global scale.

PCI Pal has offices in London, Ipswich (UK) and Charlotte NC (USA). For more information visit www.pcipal.com