What Is PCI Compliance And Why Is It Important?

You’ve probably heard the term “PCI” more than a few times, but what does it mean exactly?

PCI or the longer-term PCI DSS stands for Payment Card Industry Data Security Standard. It’s a set of security standards that ensure all businesses that accept, process, store or transmit credit card information maintain it securely. This standard applies to any organization that accepts credit cards.

Failure to be PCI compliant could result in monthly fines from $5000 to $500,000. If a breach occurs, the cost of a data breach which results in less than 100,000 records lost is $3.86 million – a 6.4 percent increase from 2017. The cost of a ‘mega-breach’ (1 million to 50 million records lost) is between $40 to $350 million and can result in the loss of credit card processing capability, crippling the business.

Here’s three reasons why PCI DSS is important:

1. Ensures Data Security

With the emergence of the digital economy, there is more emphasis than ever on data security. Businesses and consumers are sharing more and more data digitally through e-commerce purchases, website traffic data and especially credit card information. Without robust security standards, there is a risk of hacks or data breaches.

At LiveXchange, our PCI technology identifies, isolates and secures agents and their desktops as they access the work environment. Each agent is issued a physical “Secure OS Token”, which binds their identity to our server, bypasses their local OS, hardens their PC, encrypts their connection and assures compliance – all in less than 60 seconds.

2. Protects Consumer Privacy 

Privacy has been a big issue in recent years, especially with the attention towards the new European privacy laws. As a business, it’s important to have safe and clear processes in place for storing personal data. Gaining and maintaining customer trust is a long process, but a single breach can shatter everything. As digital transformation continues to evolve and progress, PCI standards will continue to be more advanced for security standards on digital networks.

3. Always Put Your Customers First

PCI DSS helps to address the most common cyber security concerns for call centers. Digital technology has allowed us to process our payments online more efficiently and faster than ever before, but ongoing concerns with security and ethics still exist.

Consequences Of Costly Data Breaches

If the latest trends from 2019 show us anything, it’s that data breaches are becoming more and more common. That’s why it’s more important than ever for consumers to safeguard their personal data, and for businesses to be diligent about PCI compliance. Data breaches can be costly for any business, but aside from money, corporations also stand to lose reputation, trust and loyalty. Below are some of the most costly breaches that have occurred over the past few years.

1. Data Breach at Home Depot Compromises 56 Million Credit Cards

In what went down in history as one of the worst retail data breaches of all time, malware infected Home Depot point-of-sale systems and stole millions of customer credit and debit cards. The Home Depot attack seems to be a case of relying on inadequate software solutions and policies for data breach prevention. Employees later said that the company used outdated antivirus software and failed to monitor the network for unusual behaviour.

PCI DSS standards require routine vulnerability scans, but according to employees, more than a dozen systems handling customer information were not assessed and were off limits to much of the security staff. In Home Depot’s case, investing in a security software with the ability to audit security infrastructure for PCI DSS compliance, may have been the difference between a $19.5 million data breach settlement, and business as usual.

2. Office of Personnel Management Data Breach Affects Millions

After hackers attacked the Office of Personnel Management (OPM)’s servers and stole the personnel files of 4.2 million former and current government employees, as well as the security clearance background investigation information of millions more, a congressional investigation uncovered the organization’s security shortcomings.

Among many other findings, the report took special issue with the department’s lack of two-factor authentication for employee access to sensitive data, claiming it was an oversight that could have prevented the security breach. This points to a key problem that PCI DSS compliance is meant to address. It’s not enough to encrypt and protect your files during transfer, you need to monitor internal actors as well. A robust security solution will authenticate users, give them only the access they need, and maintain a detailed log of each user’s actions.

3. Over 45 Million Credit Card Numbers Stolen in TJX Breach

TJX Companies, owner of popular home brands such as TJ Maxx, Marshalls, and HomeGoods, experienced a data breach in which more than 80GB of cardholder data was stolen over a period of 18 months. Before the company was able to detect and halt the breach, 45.6 million records had been stolen.

Documents filed in court after the breach claimed that TJX had failed to comply with nine out of the twelve PCI DSS requirements. Factors contributing to the incident included an improperly configured wireless network, a failure to segment networks carrying cardholder data from the rest of TJX’s network and the storage of prohibited data. Two members of the PCI DSS Standards Council later pointed to PCI DSS compliance as the clearest way to protect data against a TJX-style attack.

4. Capital One – Millions Affected in Data Breach

Capital One is facing a federal class action filed hours after it disclosed a massive data breach implicating the personal information of millions of customers.

The company announced July 29 that a hacker had gained access to the personal information of about 106 million credit card customers and applicants, including about 140,000 social security numbers, 1 million Canadian social insurance numbers, and 80,000 bank account numbers. Capital One stated the breach on July 19 resulted in the hacker gaining access to personal information related to credit card applications from 2005 to early 2019 for consumers, applicants and small businesses. Among the personal data exposed were names, addresses, dates of birth, credit scores, transaction data, social security numbers and linked bank account numbers.

Discover LiveXchange’s Client Services

PCI security is essential to your success, and we’re here to help. At LiveXchange, we have instituted PCI encryption software to provide trusted third party vetting of user identities. PCI arrangements enable users to be authenticated and to use information in identity certificates to encrypt and decrypt traveling messages. In this way, confidentiality, message integrity and user authentication can be established without having to exchange any secret information in advance.

Are you a call center or corporation interested in deploying home agents?

Connect with us to learn more about our PCI services for We Manage and You Manage clients. Book a discovery demo with us to learn more about our client services.

Tracy Carter

Tracy Carter has helped many companies deploy and optimize their workforce with thousands of home agents, providing top quality remote brand ambassadors across the United States and Canada for Rogers, Today’s Shopping Choice, Xperigo, L’Oreal, ClubLink, Pizza Hut, KFC and many more.

With over 12 years of experience at LiveXchange in business process outsourcing services and homesourcing SaaS technology solutions, Tracy’s approach is to provide collaborative solutions with measurable revenue growth and operating cost savings – helping you grow your business with superior customer experiences!

Connect with me on LinkedIn

About LiveXchange

A remote contact center solutions company helping you grow your business and deliver customer service excellence. Our PCI certified home agent model and workforce management systems provide top quality outsourcing services, or the technology and tools to successfully develop and operate your own remote workforce.

With a 150,000 strong agent workforce, we specialize in recruiting and managing robust talent. Our remote enabling technology can reduce operating costs by 25% while increasing productivity results.