Is your PCI DSS compliance up to scratch?

1. Awareness & understanding

1.1 - Does your organization and contact centre have a mandate to be PCI DSS compliant?

1.2 - Do you know which payment card data is deemed sensitive and falls under the remit of PCI DSS compliance and requires extra security controls?

1.3 - Do you fully understand the data flow of card payment information across your organization/contact centre?

2. People & contact center agents

2.1 - Have your contact centre agents received PCI DSS compliance training?

2.2 - Do your contact center agents see or hear any sensitive payment card information?

2.3 - At any point, do your agents enter or possibly write down sensitive payment card information?

2.4 - Do any of your contact centre agents work from home, and are they exposed to sensitive payment card information?

3. Data storage

3.1 - Are you holding sensitive payment card information in systems or data storage?

3.2 - Do you encrypt or anonymize sensitive payment card data?

3.3 - Do you have a policy to securely delete payment card data that is not required to be kept?

4. Systems & applications

4.1 - Do you know all systems that capture and/or store sensitive card information?

4.2 - Are these systems audited for PCI DSS compliance?

4.3 - Do you record interactions or agent screens and does this include card payment transactions?

5. Data security

5.1 - Do you have audited security measures in place for any voice or data network that sensitive card information could pass over?

5.2 - Is all data transmitted over voice and data networks encrypted to an appropriate level?

5.3 - Do you have stringent access controls in place for all networks and systems where sensitive payment information could reside or pass through?