PCI COMPLIANT CALL CENTERS FOR ENTERPRISES
Enterprise-grade contact center software requires high levels of security and compliance to protect all customer data. As a provider of enterprise-grade contact center software, Bright Pattern upholds the highest level of Payment Card Industry (PCI) compliance.
Bright Pattern call center software infrastructure and features have been third-party certified by CompliancePoint for compliance with the Payment Card Industry Data Security Standard (PCI DSS 3.2).
WHAT IS PCI COMPLIANCE?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies and merchants that accept, process, store, or transmit credit card information maintain a secure environment. PCI Data Security Standard is required for vendors and merchants to accept card payment from customers.
The Payment Card Industry Security Standards Council (PCI SSC) was founded in 2006 by the major payment card brands (Visa, MasterCard, American Express, Discover, etc.) to manage the evolution of Payment Card Industry (PCI) security standards and PCI DSS compliance. PCI DSS compliance applies to any organization, regardless of size or number of transactions, that accepts, transmits, or stores any cardholder data. The PCI Security Standards Council’s official documentation of current PCI DSS regulations can be found here.
WHAT YOUR CALL CENTER NEEDS FOR PCI DSS 3.2
PCI DSS 3.2 is an industry-standard baseline of security requirements mandated by the Payment Card to ensure compliance by companies and merchants surrounding credit card transactions and cardholder data.
When customers make purchases through merchants using payment cards (e.g., credit cards, debit cards, etc.), they disclose sensitive information, such as credit card numbers, CVV codes, and expiration dates. Special security standards such as PCI DSS 3.2 are in place to prohibit contact center agents from viewing sensitive information, protect customer information from outside sources, and avoid saving cardholder data in the system.
For PCI DSS 3.2 compliance, your business needs to:
- Build and maintain secure networks and systems
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
PCI COMPLIANT CALL CENTERS WITH BRIGHT PATTERN
PCI Compliance should be a top priority for any contact center and merchant that accepts payment cards in customer service interactions. Bright Pattern software has advanced security features and is independently certified for compliance with PCI DSS 3.2.
Here are features Bright Pattern provides to ensure enterprises and merchants are maintaining PCI compliance when using Bright Pattern’s contact center software.
PROACTIVE MONITORING AND TESTING FOR PCI COMPLIANCE
Bright Pattern acts in the capacity of a service provider, as defined by PCI SSC, and proactively monitors it’s security infrastructure in order to detect failures to its security control systems. Bright Pattern monitors systems including firewalls, Intrusion Detection/Prevention Systems (IDS/IPS), File Integrity Monitoring (FIM) applications, antivirus/antimalware systems, logical access controls, audit logging mechanisms, and segmentation controls. Proactive monitoring ensures our security infrastructure is up-to-date, PCI compliant, and protective of sensitive customer information.
Bright Pattern requires regular evaluation of the network through the following methods
- Internal vulnerability assessments using internal scans performed by qualified personnel or a third-party recognized as an ASV by PCI SSC
- External vulnerability (e.g., from the public Internet) assessments
- Using scans performed by a third-party ASV
- Rescanning of high-risk vulnerabilities (i.e., any rated higher than 4.0 by the Common Vulnerability Scoring System (CVSS))
- Penetration testing at least annually, with a testing method implemented according to an industry-accepted penetration testing approach (e.g., NIST SP 800-115)
This ensures that Bright Pattern is secure and properly implemented, allowing sensitive customer data to be secure and Bright Pattern’s contact center software to be PCI compliant.
COMPREHENSIVE ENCRYPTION AND ENCRYPTION KEY MANAGEMENT FOR PCI COMPLIANCE
When merchants interact with customers, sensitive information like credit card information is often being passed back and forth to complete a purchase. Encryption plays a versatile role in Bright Pattern’s data security during interactions and transactions. Bright Pattern contact center software ensures the encryption of the following: remote access, mobile devices, email, messaging, backups, authentication, site-to-site VPNs, confidential data, firewalls, and network hardware.
Key management is critical to successfully implementing encryption technology. Bright Pattern ensures that data is available for decryption when needed. For confidential data, Bright Pattern requires that keys are hidden, are never transmitted in clear text, are never shared, are never stored on the same medium as the encrypted information, and are stored in as few locations as possible.
Bright Pattern requires keys to be encrypted. They are required to be stored separately from encrypted data and within a secure cryptographic device, and must be at least two full-length key components or shares.
BRIGHT PATTERN — SECURE, OMNICHANNEL, PCI COMPLIANT CALL CENTER SOFTWARE
Ensure your client’s sensitive data is protected and encrypted during any interaction on any channel in your call center. Call centers handle thousands of interactions a day, with many of them being transactions that involve credit card, debit card, or payment information. Bright Pattern’s contact center software ensures that this data is securely passed and stored in accordance with PCI DSS standards while providing a seamless, effortless customer experience for every interaction on every channel.
The Bright Pattern omnichannel contact center solution provides seamless communication with clients on any channel (e.g., voice, IVR, SMS, chat, messaging, video, etc.). Bright Pattern’s omnichannel capabilities means clients can switch effortlessly between all of these channels while agents maintain context and relevant information across all channels. Bright Pattern also integrates with any major CRMs, including Microsoft Dynamics 365, Salesforce, Oracle, ServiceNow, and Zendesk. All of this, while maintaining PCI compliance through comprehensive, modern security features.