PCI DSS for Contact Centers: Perils & Pitfalls of Pause & Resume Call Recording

Contact centers are the beating heart of organizations, serving as the frontline for customer communications and processing mountains of consumer data. However, with the passing of the California Consumer Privacy Act, new scrutiny will be placed onto the data security procedures of organizations processing the data of California citizens, presenting difficulties, as well as opportunities, for contact centers.

Is your contact center prepared to comply with the CCPA? In this webinar, Semafone will be joined by data privacy expert, Thomas Chisena from Foley & Lardner LLP, where we’ll lay out a blueprint for contact centers to lead their organization’s compliance efforts, based on best practices for existing privacy legislation such as the GDPR and PCI DSS.

We’ll cover the following:

•The main provisions in the CCPA, what they mean, and how they apply to your company
•Proposed amendments to the legislation that you need to pay attention to
•An action plan of data security best practices to help your contact center comply

Presenters
Thomas Chisena, Associate, Foley & Lardner LLP
Thomas Chisena is an associate with Foley & Lardner LLP, where he advises on all matters involving intellectual property and technology transactions, including licensing, procurement, outsourcing, and other technology law issues affecting companies of all sizes. He also advises on cybersecurity and privacy issues affecting all industries, including state, federal, and international laws and regulations. Prior to joining Foley, Mr. Chisena was an associate at an AmLaw 100 Boston-based law firm, where he focused his practice in the areas of intellectual property litigation, technology, and cybersecurity.

Aaron Lumnah, Senior Manager, Demand Generation

Aaron is a member of the Semafone marketing team, where he regularly contributes to the Semafone blog and authors many types of content around payment security, PCI DSS, and GDPR compliance.

For any healthcare organization, the contact center is a major hub for patient communications, whether it’s processing a great deal of Protected Health Information or collecting payments for billing purposes. With healthcare organizations suffering the most data breaches of any industry, it’s never been more important to take the proper precautions to protect the contact center and prevent fraudsters from stealing this sensitive information.

While there isn’t a cure-all solution just yet, there are a number of steps healthcare organizations can take to secure their contact center and cut down the risk of a data breach. Join Semafone and InstaMed for an insightful webinar where we’ll offer a prescription to cure the data breach epidemic and better protect healthcare contact centers. We’ll cover:

- Common insider threats found within healthcare contact centers
- Prevalent vulnerabilities unique to healthcare organizations
- Innovative solutions to secure payments within your contact center

Register now to reserve your space!

Over the last seven years, the technologies used by call and contact centers to communicate with customers and complete card transactions have changed drastically. Networking methodologies like VoIP have since become widely adopted, while the number of applications organizations employ to process customer information has risen dramatically. For this reason, the PCI SSC recently released their highly anticipated updated “Guidance for Protecting Telephone-Based Card Payments” for the first time since 2011, offering several much-needed clarifications for organizations looking to achieve PCI DSS compliance inside their contact centers.

Join Semafone and Sec-1 Ltd. for this insightful webinar into the most pertinent changes, featuring two of the members of the PCI SSC’s Special Interest Group – Ben Rafferty, Chief Innovation Officer at Semafone, and Wayne Murphy, Senior Security Consultant at Sec-1 Ltd. We’ll cover the following:

• How to avoid scope-creep inside the contact center during PCI DSS compliance
• How Pause and Resume call recording solutions create more problems than they solve
• How most 3rd party services are now in scope for PCI DSS compliance
• How devices that control SIP Redirection are now also in scope

With the recent release of the PCI SSC's updated guidelines for protecting telephone-based card payments, it has never been clearer that attaining PCI DSS compliance inside the contact center is a complex and onerous task for any organization. For the first time in seven years, the Council has clarified many previously misinterpreted controls required for in PCI DSS compliance, resulting in increased scope (and all its associated risks) for many contact centers

One major clarification the guidance makes is targeting pause-and-resume call recording solutions and the potential for cardholder data to make its way onto recordings, thus breaching compliance.

Join Semafone and BT for an insightful webinar where we’ll cover the following:

- The deficiencies of Pause-and-Resume call recording solutions for PCI DSS compliance
- The additional onerous controls QSAs will mandate for organizations using this technology
- A better way to secure your contact center and keep cardholder data off call recordings

Register now to reserve your space!

Over the last seven years, the technologies used by call and contact centers to communicate with customers and complete card transactions have changed drastically. Networking methodologies like VoIP have since become widely adopted, while the number of applications organizations employ to process customer information has risen dramatically. For this reason, the PCI SSC recently released their highly anticipated updated “Guidance for Protecting Telephone-Based Card Payments” for the first time since 2011, offering several much-needed clarifications for organizations looking to achieve PCI DSS compliance inside their contact centers.

Join Semafone and Sec-1 Ltd. for this insightful webinar into the most pertinent changes, featuring two of the members of the PCI SSC’s Special Interest Group – Ben Rafferty, Chief Innovation Officer at Semafone, and Wayne Murphy, Senior Security Consultant at Sec-1 Ltd. We’ll cover the following:

• How to avoid scope-creep inside the contact center during PCI DSS compliance
• How Pause and Resume call recording solutions create more problems than they solve
• How most 3rd party services are now in scope for PCI DSS compliance
• How devices that control SIP Redirection are now also in scope

With the Holiday Shopping Season now upon us, consumers are opening their wallets in earnest, with some estimates putting spending at over $1 trillion in the US alone. Brands everywhere can expect to see a huge spike in sales, and along with it, an increase in payment fraud. Not only does the influx of transactions make it harder to detect fraudulent activity, but swarms of temporary seasonal workers can become insider threats that compromise an organization’s security procedures.

Join Semafone and PayJunction for an insightful webinar where you’ll learn the following:

- Why payment fraud spikes during the Holiday Season
- Ways to train and properly vet seasonal workers to ensure security
- How to implement technology solutions to help cut down on fraud rates during this holiday season

Make sure to reserve your seat by registering now!

Healthcare call and contact centers face some tough challenges when it comes to data security. In fact, healthcare data breaches are reported at a rate of more than one per day in the US alone, exposing patients’ personally identifiable information (PII)—from medical records to payment card data and beyond—to the wrong people.

Earlier this year, IBM published their 2018 Cost of a Data Breach Report, which stated that, for the 8th year in a row, healthcare organizations had the highest costs associated with data breaches—$408 per lost or stolen record. That’s nearly three times higher than the cross-industry average of $148.

These challenges are not unique to the healthcare sector. All call and contact centers face similar obstacles and need to consider if their Payment Card Industry Data Security Standard (PCI DSS) compliance strategy is sound.

Join Genesys, Semafone and Sutter Physician Services (SPS) in this webinar to learn how SPS:

• Overcame IVR frustration, improved customer service and reduced abandoned call rates
• Increased customer data security—no need to verbalize card data
• De-scoped for PCI DSS

Reserve your space now.

On May 25, 2018, the European Union's General Data Protection Regulation (GDPR) went into effect, becoming the world's strictest and most comprehensive data protection legislation. Companies around the world, regardless of whether they are physically located within EU borders, had to meet compliance requirements if they process the data of EU citizens, creating a huge headache for any organization running a call or contact center.

For contact centers that have troves of sensitive customer information, GDPR compliance can easily become a massive undertaking. However, using preexisting tried-and-true frameworks like the PCI DSS, companies can relieve the burden of meeting compliance obligations.

Join Semafone and NCC for this informative session, where you'll learn:
- How to achieve GDPR compliance in your call or contact center
- How to use existing data security frameworks like the PCI DSS to simplify compliance efforts
- How to improve data security inside your contact center while enabling a more seamless customer experience

Additionally, registrants will receive a free copy of Semafone's GDPR Guide for Contact Centers.

Reserve your space now!

About Jay Trinckes:

John ‘Jay’ Trinckes, Jr., CISSP, CISM, CRISC, HITRUST CSF Practitioner leads NCC Group’s healthcare practice by assisting clients in managing their IT risk to ensure they are not subject to cyber-attack along with helping them validate their compliance with IT regulations such as HIPAA. Jay is the author of three books, “How Healthcare Data Privacy Is Almost Dead…and What Can Be Done to Revive It! (2017), "The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules" (2012), and "The Executive MBA in Information Security" (2009), and has a wide range of experience in computer networks, vulnerability and penetration testing, security, compliance, and risk assessment.

In this session, we cover the newest payment methods organizations are using, and we'll discuss how executives plan the move to more secure and convenient ways to receive consumer payments. We'll also include exclusive research from Ovum!

Key Takeaways:

- Learn about the top ten new ways to pay
- Steps executives are taking to increase security
- New payment method that could reduce the number of PCI controls in your call center by up to 90%

PCI DSS compliance and data security is a perennial challenge for any organization, especially for those operating contact centers. With potentially hundreds of PCI controls to keep track of, it's easy for things to get lost in the mix.

When tackling compliance and cybersecurity issues, it's a common mistake to only focus on the organization's IT infrastructure, and neglect to examine the people and underlying processes handling sensitive customer and payment card data.

Join us in the webinar and you'll learn how to:
- Take a more holistic approach to PCI DSS compliance inside the contact center
- Understand the flow of information through your contact center & how people and processes touch payment card and sensitive customer data
- Create an action plan to reduce risk and achieve PCI DSS compliance once & for all

Any company that takes payments over the phone must comply with the requirements of the Payment Card Industry Data Security Standards (PCI DSS), and all the costs and headaches that come with it.

Learn about how to achieve PCI DSS compliance for your entire contact centre, and how to reduce the amount of applicable PCI DSS controls in your business infrastructure.

Make no mistake—it isn't a question of if your company will be breached, but when.

However, with such high rates of security incidents occurring, many organizations choose to put off implementing the right data security measures until it's too late.

Watch this informative on-demand webinar featuring some of the leading experts in the IT and payments security spaces where we'll cover:

- The various risk factors that threaten organizations—from both outside and within
- What happens to companies after a data breach
- How you can avoid a data breach of your own by complying with security frameworks like the PCI DSS

Additionally, you'll learn how to increase customer service and satisfaction, while reducing the associated security costs.

Companies today must navigate a minefield of compliance and regulatory challenges, especially in highly regulated industries where call recording in contact centers is standard, if not a mandated requirement. At the same time, standards like the PCI DSS uphold that no Sensitive Authentication Data (SAD) from payment cards may be recorded at any time, creating a conundrum for companies trying to maintain full call recordings.

Although Pause & Resume call recording methods have become a widely used contact center practice, it does not necessarily deliver guaranteed or robust PCI DSS compliance. In fact, these solutions often cause more problems than they solve – and these flaws can result in systemic governance failures.

Watch this informative webinar featuring some of the leading experts in the financial services and payments security spaces where we'll cover:

- How to juggle multiple industry and payment security regulations
- Why techniques like Pause & Resume call recording don't fully meet compliance standards
- Alternative solutions to keep payment data completely out of the contact center

Additionally, you'll learn how to increase customer service and satisfaction, while reducing reducing the associated costs of PCI DSS compliance.

With cyberattacks happening with greater frequency every year, and the average cost of a data breach at $4 million in 2016 according to the Ponemon Institute, it has never been more important to ensure your organization is following security best practices to prevent a breach of its own.

View now for an informative webinar featuring some of the leading experts in the PCI compliance and call center payments spaces where we'll cover:

- The main components of PCI DSS and how they affect the call center
- Ways to reduce the time and cost of achieving PCI compliance
- How to protect your organization against payment fraud and the associated reputational risk

Additionally, you'll learn how to eliminate the need for customer cardholder data to be handled by your contact center agents or held in your contact center infrastructure, while improving customer service and satisfaction.