Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

The Compliance Calendar: How to stay on top of your security year-round

PCI DSS compliance is one of the most beneficial things that a company can do to ensure it remains protected in the war against data breaches. Achieving compliance will also ensure that a company maintains better working relationships with its clients, offering them peace of mind, and encourages staff into safe and reliable habits.

Although this used to be a case of undergoing assessment once a year to ensure a business is compliant, it’s now an ongoing task, with the introduction of PCI DSS 3.2, which calls for ongoing proof that a business is compliant.

It’s no longer enough to show that you comply every year when your assessment comes up, and with such a big change to the way PCI DSS works, the question arises – how can businesses make sure they’re ready for the next round of the regulations?

Pause and resume

Pausing the call and then resuming after the transaction has been completed would seem a good alternative to storing customer data as it means no data is recorded and so isn’t available in the company’s systems.

However, this means there isn’t an audit trail that the transaction took place and you would no longer be able to provide the information if required by the Payment Card Industry Security Standards Council.

Additionally, manual pause and resume systems are not considered as PCI DSS compliant because they could potentially be open to abuse by employees. Automated systems can be difficult to implement, with a lot of groundwork needed to identify when to pause and resume.

This method only takes the call recording out of scope, not the entire process of storing data, which still needs to be audited.


The most effective way to ensure you aren’t chained to compliance is to descope entirely, meaning remaining compliant is no longer an issue.

Descoping from PCI DSS means removing all data from the contact centre, so there’s essentially nothing there for criminals to steal should they gain access to your network.

In a regular contact centre, whenever a customer offers their payment details, the contact centre operative is exposed to it, before the data is transferred via the voice network onto the computer of the employee, through the network onto virtual and physical servers.

All of this infrastructure is within the scope of PCI DSS and must therefore be protected as dictated as per PCI DSS.

However, take the entire process of customer verbally passing their payment details to the contact centre employee by using a system such as dual tone multi frequency (DTMF), where the details are never passed to people or stored within the company’s network and your business has a significantly reduced set of PCI DSS obligations.

What else can you do to ensure you remain compliant?

It’s critical that you to stay on top of any changes that might take place. You should acquaint yourself with the latest requirements and get them dialled in to your processes as soon as possible.

After all, the last thing you want to face is repercussions for failing to comply with new responsibilities when you’ve been diligently working to ensure that you comply with older ones.

Keeping on top of your antivirus and anti-intrusion software solutions should be a priority. Automating scans and penetration tests should also be high up on your list of priorities, given the fact that many malicious viruses and exploits enter networks from employee email activity.

You should also ensure that software updates are installed on a regular basis to plug holes and shore up vulnerabilities.

Making sure that you have staff with the latest knowledge and training you will be ensuring your continued PCI DSS compliance and, as a result, your ongoing success. After all, an estimated 60 per cent of all data breaches come by way of employees and corporate partners, so it is in your interest to make sure they understand their security responsibilities.

Tony Smith, Sales Director – EMEA, PCI Pal – www.pcipal.com