If you are operating a contact center and taking credit cards over the phone, you have likely been impacted by the Payment Card Industry’s Data Security Standards (PCI DSS). The trick to PCI compliance
isn’t in the application, but in the policy used to adhere to the guidelines. In my role I see many questions about PCI compliance. What’s important to note is that a application cannot be PCI certified. It is the organization that is responsible for becoming certified compliant. With that said, I will add that certain applications can sure make policy adherence easier and less costly. There are three main stages to PCI DSS compliance: Collecting and Storing, Reporting, and Monitoring and Alerting. Non-compliance can be costly.
PCI Security Standards website
Take a look at this link. You’ll find a great overview list of PCI DSS Do’s and Don’ts
Here’s an idea… what about using something like RSA SecureID with a revolving token to replace credit cards? You know, the same technology used by some organizations to control VPN access. Think that could ever happen or even work? What do you think will happen to how we make payment transactions in the future? What regulatory standards impact you?
Peter "Cashless" Nees