Assessing the scope of PCI DSS in the contact centre

Contact centers are complex and dynamic environments with high levels of human involvement and interaction with systems - this can present a range of challenges when assessing compliance with PCI DSS when handling card-not-present (CNP) payment transactions.

It is widely recognized that taking payments in a supervised and managed contact center even with ‘clean room’ methods using spoken number ‘listen and transcribe’ is a high-risk activity. And, in today’s changing world post COVID, with the accelerating number of remote agent environments, it is inherently insecure.