Payment Card Industry Data Security Standards (PCI-DSS) Guide for Contact Center Managers

Credit and debit cards, which are referred to as payment cards, are the most common form of debt payment. According to the U.S. Federal Reserve Bank of Boston, more than 50% of all transactions are made with payment cards, and 63% of payment card transactions involve a retailer or other consumer-related organization. 73% of U.S. households have at least one payment card, and the average is three. (1)

National, state and local governments require companies to safeguard consumer information, including the information on payment cards. In response, the largest payment card brands established the Payment Card Security Council and the Payment Card Industry Data Security Standard (PCI-DSS). This standard is a set of voluntary requirements and provides common benchmarks for payment card issuers, processors and merchants with regard to payment card data security. PCI-DSS is an international standard accepted in markets throughout North America, Latin America, Europe, the Middle East, and Asia. It covers areas such as data center security, protection of data during transmission, and standard operating procedures. While the standard is widely accepted by the credit card companies, there is still significant confusion in many companies that handle credit card payments about what PCI compliance means and exactly how it applies to them.

The purpose of this guide is to explain PCI-DSS and its impact on contact centers. This document clarifies the circumstances when organizations are required to adhere to these guidelines, and provides the accepted approaches used by contact centers to be in compliance.