contact us | site map

Beware third party payment processing services for your contact centre - useful insights from Ultracomms

Beware third party payment processing services for your contact centre - useful insights from Ultracomms

Contact centres need to pay close attention to the guidance from the PCI Security Council as MOTO (mail order telephone order) transactions become a target for fraud. Choosing a payment processing solution carefully is more important than ever as merchants are ultimately liable for any breach of their account.

A common solution is to outsource the payment processing function to a compliant third party, to remove card holder data from the contact centre environment altogether, either by intercepting calls outside of the network or transferring calls at the point of payment. Job done? It can be – however, there are some gotchas that may in fact bring your organisation into scope of PCI DSS compliance and therefore in the firing line if the worst happens….

Here are some checks that will help you make the right choices and protect your organisation from the devastating consequences of being responsible for the loss of your customers’ payment information:

Review your call flow and identify the mechanism by which calls are routed via your third party supplier. If this is within your infrastructure or under your control, it is within scope of the PCI DSS and must be secured accordingly to achieve compliance. This may be your phone system, a desktop application or some third party equipment installed on your premises. If anything or anyone, within your organisation, can effect the call flow in any way then it is your responsibility if that facility becomes compromised and your business is in scope of PCI DSS and must therefore meet the standard to avoid liability.

Review your contracts to ensure that your supplier is accepting responsibility for the security of card holder data, and that you are aware of your responsibilities for system components within your infrastructure or under your control.

Regularly check that the solution is working as expected by reviewing call recordings, call flows and business processes. Especially important when onboarding new campaigns, moving premises or deploying new software – bake this into your processes!

Finally, ensure that your backup and disaster recovery processes are fully compliant in the event that your supplier becomes unavailable.

For more information, click here and here.

3rd July 2019

< Return to news index

Previous monthSeptember 2019Next month
Sun Mon Tue Wed Thu Fri Sat
15161718 192021
22232425 262728
Partner Event - Restaurant & Bar Tech Live
View all events
Contact Us | Privacy Policy & Disclaimer | All contents copyright 2003-2019 Vendorcom Ltd All rights reserved.   |   Site designed by Lockon