Enterprise-grade contact center software requires high levels of security and compliance to protect all customer data. As an enterprise provider, Bright Pattern upholds the highest level of Payment Card Industry (PCI) compliance.
What Is PCI DSS 3.2?
PCI DSS 3.2 is an industry-standard baseline of security requirements mandated by the Payment Card Industry Security Standards Council to ensure compliance surrounding credit card transactions and cardholder data.
When customers make purchases using payment cards, they disclose sensitive credit card information, such as their credit card number, CVV codes, and expiration dates. Special security standards such as PCI DSS 3.2 are in place to prohibit contact center agents from viewing sensitive information, to protect customer information from outside sources, and to avoid saving cardholder data in the system.
PCI DSS 3.2 compliance means that your business agrees to:
- Build and maintain a secure network and systems
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Compliance for Contact Centers
PCI compliance should be a top priority for any contact center that accepts payment cards in customer service interactions. Although our software has been independently certified for compliance with PCI DSS 3.2, certification alone does not guarantee compliance by our customers.
A common misconception is that the compliance of a cloud provider automatically ensures the compliance of the contact center using it. The truth is that PCI compliance needs to happen at every level of infrastructure, from the cloud provider to the business to the agents to the paying customer.