In an effort to meet consumers where and how they demand to transact, omnichannel commerce efforts that include call centers as a significant card-not-present sales channel continue to flourish. Last week, the PCI Security Standards Council updated the guidance merchants must comply with to protect payment card data used to make phone-based payments. The PCI Council had not addressed this area of payments since 2011.
The new guidance discusses how technology has affected the risks associated with taking card payments over the phone and what strategies merchants can use to reduce the scope of compliance with the PCI Data Security Standard.
"The tech landscape has evolved significantly since 2011, which is when the last version of the guidance came out, and data loss and fraud rates have continued to increase. Rapid change in contact center technology, including the virtualization of phone systems, mass adoption of VoIP and the migration to cloud infrastructure across multiple platforms has also further complicated an already complex environment," said James Barham, CEO of PCI Pal, one of several solution providers in the space that applauded the PCI Council on its update. "As a result, it's more important than ever to standardize payment processes and secure sensitive payment data shared over voice channels. The new guidance from the PCI SSC gives practical advice on how to best tackle the 'compliance nightmare' that credit card handling brings."