PCI DSS Compliance and the Storage of Data

I recently wrote about our new ContactWorld PCI mid call IVR product and the advantages it gives by removing the exposure of cardholder data to your call centre agents.

That's important, but it's not the complete story. There is also the difficult issue about what you do when you store cardholder information. Once you store cardholder information it can be potentially accessible by your back office and IT staff. To store it properly you need to encrypt the data and the most difficult part of that is how you manage the encryption keys. That is not easy.

Don't forget that there is certain information, such as the CVV, that you can't store at all.

Again the easiest way to solve this problem is not to store this information at all and let someone else manage that for you.

Remember to check that the service provider you are using is compliant themselves, they really do need to be a level 1 validated service provider as that means that they have been externally audited rather than self certified. Do you really want to trust your customers card details with someone that has marked their own homework?

Fortunately there is an easy way to check compliance on the Visa Europe web site.

Ashley Unitt
Ashley Unitt

Ashley founded NewVoiceMedia to exploit the obvious benefits of putting an enterprise-class contact centre in the cloud, and now serves as Chief Scientist, leading the architecture and research teams. Prior to NewVoiceMedia he spent ten years at Teamphone.com Ltd developing innovative CTI software solutions including voicemail systems, hot-desking products and an open source gate keeper. Ashley's blog will focus on security, PCI-DSS and general cloud computing issues. Outside of work he spends most of his time running around after his two young children. You can follow Ashley on Twitter at http://twitter.com/aunitt.

Deskphone with Vonage logo

Talk to an expert.

UK free phone number: 0330 808 9348