Every charity that stores transmits or processes cardholder data must comply with PCI DSS standards.If your charity takes 6,000,000 + payment card transactions per year, you will be required to have the highest level of compliance, PCI DSS Level 1. We frequently hear the question ‘does our organisation have to comply?’ – If you take payment card transactions the answer to this is simple “Yes”. The consequences of not being compliant are great as failure to comply with the standard may result in substantial fines and in extreme circumstances the acquirers may withdraw card payment facilities from your organisation.
In addition to this, if you use third party organisations to handle elements of your business, such as a call centre for fundraising activities, if you are a PCI DSS Level 1 merchant you must use a service provider that offers you the same level of PCI DSS compliance, a Level 1 certified service. Some contact centres offer services whereby the call recording is paused, which simply does not cut the mustard and in isolation certainly does not make it compliant. In this situation, your agents are still handling the sensitive payment card details.
You should also think about the level of security that your outsourced contact centre is providing you. Any service provider that is not providing a Level 1 approved service is effectively ‘marking their own homework’ when it comes to PCI compliance. A level 1 offering is externally audited on an annual basis by independent security consultants, regulated by the PCI Security Standards Council. Why take the risk using a service provider who does not take data security seriously?
Ansaback offers a Level 1 compliant solution which is available now, by using a new and innovative product called PCI-PAL which has been developed by IPPLUS PLC, the parent company of Ansaback. It is therefore truly a solution developed by contact centre people FOR contact centre people. It allows us to de-scope the risk by preventing sensitive cardholder data from entering our network but allowing agents to take card payments over the phone through operationally sound methods.
PCI-PAL allows our agents to efficiently take credit card payments without exposure to payment card data, remaining in continuous conversation with the caller at all times. It removes the call centre PCI risk, with sensitive credit card data restricted from entering our premises, network, and even our agents’ headsets.
For those businesses and charities looking to ensure they are PCI compliant, it can be difficult to pick through what may seem like a minefield of potentially costly requirements; PCI-PAL offers a simple and economic solution that can be installed quickly and easily, with the immediate result of removing (‘de-scoping’) all sensitive information from their environment.
Head of Sales Toni Vincent-Panich said “Ansaback provide a wide range of services designed for the charity sector, from inbound and outbound fundraising services through to SMS and telecoms solutions. Many of these services require credit card transactions to be taken as part of the process, therefore, being able to provide a low-cost PCI DSS Level 1 compliant solution within our call centre is essential. Like all of the services we provide allows us to conform to best practices. PCI-PAL is incredibly easy for agents to use and it not only means that credit card data is protected, increasing customer confidence but it also safeguards the reputation of our client’sand their brands. Charities rely heavily on donations, what would happen to these charities if their supporter’s card data was compromised? It could be detrimental to their reputation and affect their ability to fundraise. Ansaback offers the facility for credit card transactions to be taken in a level 1 compliant fashion, giving our charity clients peace of mind that their donors’ data is handled in the most secure of environments. In addition to the benefits to our clients, being able to offer Level 1 compliance gives us a distinct advantage and real competitive edge as Ansaback is one of only a few other outsourced call centres that are able to offer this.”
For more information on PCI DSS compliance in the call centre, or to discuss using Ansaback contact centre for your inbound/outbound fundraising activities please contact: