Portal Login Follow Us Interact with Us How Can I Buy?
 
Skip navigation links
Product Solutions
Services
Partner Programs
Interactive Resource Center
Events
About Us
Careers
Blogs
 
 

Overview

Archives

Tags

Payment Card Industry 

Posted on 28 Apr 2009 by Peter Nees
Interactive Intelligence
Peter Nees
Does anyone carry cash anymore?  Do you think we'll see ATMs fall away like public pay phones?  Regardless of how you feel about carrying cash it will not help you pay your bill over the phone. 

If you are operating a contact center and taking credit cards over the phone, you have likely been impacted by the Payment Card Industry's Data Security Standards (PCI DSS).  The trick to PCI compliance
isn't in the application, but in the policy used to adhere to the guidelines.  In my role I see many questions about PCI compliance.  What's important to note is that a application cannot be PCI certified.  It is the organization that is responsible for becoming certified compliant.  With that said, I will add that certain applications can sure make policy adherence easier and less costly.  There are three main stages to PCI DSS compliance: Collecting and Storing, Reporting, and Monitoring and Alerting.  Non-compliance can be costly.

PCI Security Standards website
https://www.pcisecuritystandards.org/

Take a look at this link.  You'll find a great overview list of PCI DSS Do's and Don'ts
https://www.pcisecuritystandards.org/education/fact_sheets.shtml

Here's an idea... what about using something like RSA SecureID with a revolving token to replace credit cards?  You know, the same technology used by some organizations to control VPN access. Think that could ever happen or even work?  What do you think will happen to how we make payment transactions in the future?  What regulatory standards impact you? 


Peter "Cashless" Nees
 
 
Enterprise-wide communication applications in an OCS world

Watch demo
Using your communications system to automate core business processes

Download whitepaper
Third party study outlines successful migration strategies

Download report
Tags: Best Practices
Share this post:

Comments


Sean Jaggernauth commented on Wednesday, 20-May-2009
 
Revolving tokens might be a viable replacement for credit cards but I think it might be a high cost solution. Since PCI affects organizations of all sizes who use payment cards, we need an fast and low cost answers to PCI compliance. There are many applications, some even end to end solutions, that can make becoming compliant easier and less costly and they are listed in the PCI SSC website. It is important to also note that liability for PCI compliance extends to third parties involved in an organizations process flow, so they must be compliant also.

Peter Nees commented on Wednesday, 27-May-2009
 
The PCI standards recommend setting up a legal contract when exchanging sensitive information with a third party. The contract is recommended in a effort to absolve the first party from any legal action if the information exchanged to the third party is compromised. I agree that the revolving token idea is a much longer term solution. I think it could be eventually a low cost solution if the credit card companies get behind it and extend the capabilities of their chips built into their cards.

Submit Comment

* - Denotes Required Field
Name: *
URL:
Email:
Comments:
CAPTCHA: *
 
     
Portal  |  Interact  |  Buy  |  Privacy Policy  |  Legal
 
© 2008 Interactive Intelligence | 7601 Interactive Way, Indianapolis, IN 46278
+1 317.872.3000 voice and fax | Sitemap