As the festive season approaches, it’s not just shoppers gearing up for the busiest time of the year—cybercriminals are too. With the release of PCI DSS 4.0, the stakes are higher than ever for businesses to safeguard payment information, especially in hybrid work environments where security risks can escalate. As digital payments become more complex and home working remains commonplace for contact centres, safeguarding sensitive data is no longer just a best practice—it’s a critical business requirement.
What is PCI DSS 4.0?
The Payment Card Industry Data Security Standard (PCI DSS) 4.0 introduces heightened requirements that make maintaining compliance more challenging than ever. From enhanced evidence requests during audits to the need for continuous compliance management, contact centres must evolve their approach to payment security.
But why now?
Quite simply, because the threats have become more sophisticated. Cybercriminals are finding new ways to exploit vulnerabilities, and outdated security protocols can no longer protect sensitive payment data.
Hybrid working and the new security landscape.
Hybrid and home-based working models are here to stay, but with this shift comes a new set of risks. Recent research shows that 53% of consumers are reluctant to share payment details with home-based agents, and 26% would not return to a company if they suspected lax security practices.
How Eckoh and allpay are responding.
At allpay, we understand that consumer trust is built on security. By partnering with Eckoh, we are delivering solutions such as call masking technology that ensure PCI DSS compliance and protect customer data, even in remote work environments. This allows organisations to safeguard payments without adding complexity to the audit process.
The future of contact centre payments is multi-channel, cloud-based, and above all, secure. By staying ahead of regulatory changes and adopting advanced payment security solutions, public sector organisations can not only meet compliance requirements but also build lasting customer trust – even during the busiest and most festive time of the year.
Your questions, answered.
During our recent webinar with Eckoh, we received several important questions from attendees about how to navigate PCI DSS 4.0, particularly in today’s hybrid work environments. Below, we address some of the key concerns raised by organisations like yours, focusing on compliance, security, and the implementation of advanced payment protection solutions such as call masking.
Whether you’re in the early stages of adapting to the new PCI DSS 4.0 standards or looking to refine your current security protocols, these answers provide valuable insights to help ensure your contact centre is prepared for the future.
What does the implementation look like for Call Masking?
When implementing Call Masking, you’ll be assigned a dedicated Client Development Manager as your primary point of contact. The process begins with allpay gathering key information about your call centre setup, including how many users take payments, and details about your telephony systems. This information is crucial for configuring the solution to fit your specific needs.
Once this onboarding process starts, you’ll transition to working with a Client Onboarding Specialist who will guide you through each step. While there is a standard implementation timeline of six to eight weeks, this can vary depending on the complexity of your requirements and the speed of information exchange. In some cases, the process may be completed faster.
Throughout the implementation, your Client Development Manager and Onboarding Specialist will provide you with the necessary documentation and support, ensuring a smooth integration and setup.
Can you integrate your Call Masking with other call centre solutions?
Yes, allpay’s Call Masking solution is designed to be platform-agnostic. It can integrate with a wide range of systems, from older on-premises telephone equipment to modern cloud-based contact centre solutions (such as CCaaS or UCaaS platforms).
From a technical perspective, the goal is to prevent card data from entering your environment. You can imagine it as drawing a circle around the parts of your system where you don’t want card data to flow. allpay’s Call Masking solution captures that data before it reaches those areas, ensuring compliance and minimising the compliance burden for your organisation.
The key requirement is that the call must route through allpay’s platform before it enters your contact centre. Once the call passes through our platform, the data is protected, and the payment processing is handled by allpay’s core payment platform. This setup ensures smooth integration regardless of the underlying telephony or contact centre platform you’re using.
Is pause and resume still a viable method for compliance?
In reality, no. Pause and resume is more of a workaround rather than a fully compliant solution, especially under the stricter requirements of PCI DSS 4.0. While it may seem better than doing nothing, it doesn’t provide complete security. Additionally, it introduces a layer of risk, as you need to implement processes and regular checks to ensure compliance.
We’ve seen instances where pause and resume systems fail unexpectedly, or agents forget to manually pause the call. This can lead to significant issues—companies believe they are compliant only to discover months later that the system hasn’t been functioning correctly, resulting in a lack of compliance. Often, these failures go unnoticed because audits or checks are infrequent.
To avoid these problems, it’s recommended to implement a more robust solution like call masking, which eliminates the need for manual intervention and ensures continuous compliance.
Take action today.
As we head into the festive season, ensuring your contact centre is fully prepared for PCI DSS 4.0 compliance should be a top priority. At allpay, we’re here to help you stay secure and compliant, no matter where your team is working from.
Get in touch with our experts today to discuss how our Call Masking solutions can safeguard your payments and secure your customer data in a hybrid world. Don’t wait until the new year—let’s ensure your payment security is ready now.
