How to Reduce PCI Scope in the Customer Service Center

Customer service centers don’t have much of an option when it comes to whether or not they handle financial transactions. Customers expect to be able to make a payment or complete a purchase when they call your company, and if they can’t, they’ll take their business elsewhere. The one thing customer service centers can do is minimize the risk and cost of compliance by reducing PCI scope.

The cost of PCI compliance

Unfortunately, as soon as a customer service representative accepts any kind of financial data from customers, your organization is required to comply with the Payment Card Industry Data Security Standard (PCI DSS). While the intent behind the PCI DSS is good – to protect cardholder data against theft and fraud – compliance comes with a hefty price tag. According to a 2011 study by the Ponemon Institute, the average total cost of compliance is more than $3.5 million. What’s worse, the cost of noncompliance is considerably higher at $9.4 million.

According to Gartner analyst Avivah Litan, PCI DSS 3.0 is about 27% larger than the previous version of the standard. This means more security controls and higher costs. But that’s just the cost of doing business, right? Wrong. Customer service centers can reduce the costs of compliance by reducing PCI scope.

Any technical or operational system that processes, stores or transmits cardholder data is in-scope for PCI compliance. That means those people and systems are subject to the Data Security Standard and must adhere to the PCI DSS requirements. When you reduce your PCI scope, you limit the number of people or systems that touch financial data and therefore reduce the cost of compliance and the risk of noncompliance.

The number one way to reduce PCI scope is to move financial transactions out of the customer service center entirely. This can be achieved with a PCI-compliant microsite.

Landing-Page-Thumbnail-SecurePay Download the SecurePay White Paper

The power of a microsite to reduce PCI scope

A PCI-compliant microsite serves as a safe payment transaction platform outside of the customer service center. It enables customers to submit their own financial data while removing the agent and your systems from the entire process, thereby eliminating the need to become PCI compliant.

It works like this: While assisting customers on the phone, the representative launches the microsite from within the desktop application. The microsite is pushed to the customer by text or email. Once the customer opens the site and enters his/her financial data, payment information is masked. The representative can see the status of the transaction but not the actual data, enabling the rep to assist as needed throughout the process. Finally, payment is securely transmitted to a nationwide network of the most prominent financial institutions, most likely including your existing processor.

A payment microsite enables customer service – and other organizations – to process financial transactions without the risk or the cost of PCI DSS compliance. Interested in learning more? Check out our secure payment platform Metaphor SecurePay, or give us a call at 770-729-1449.