Eckoh Logo

Your contact centre is under attack.
Rethink your PCI DSS compliance strategy so it actually protects customer credit card data.

Connect with one of our experts.
Why you need CallGuard.
How CallGuard works.

The nine things you need to know.

Even if your contact centre is PCI DSS compliant, you are still at serious risk of a breach. There are nine reasons why your current PCI DSS strategy isn’t cutting it. Keep reading to understand the business challenges, where you may be exposed and which solution can mitigate your risk.

1. Compliance doesn’t equal security.

There’s a false sense of security that if you’re PCI DSS compliant, your contact centre isn’t at risk. Using multiple solutions can still lead to fraud. For example, pause and resume still allows your agents to see and hear card information, and isn’t always reliable. And clean rooms require calls to be transferred, resulting in a poor customer experience. Both are technically compliant, but are not completely secure.

2. PCI DSS is a moving target.

There’s no guarantee that today’s solutions will work in the future. Compliance regulations will just keep changing and security auditors will find new gaps and vulnerabilities, which means you’ll have to keep changing too. Also, even if you are compliant, you may still be at risk of a breach.

3. You’re wasting time and money trying to keep up with PCI DSS regulations.

You need to protect your company’s brand value, keep your customers’ personal data safe and secure card data in your contact centre. That’s a tall order. But with every regulation change, you have to constantly change processes, implement new technology, maintain those solutions and spend time training agents. The operational costs can get out of control.

4. Contact centre crime is a growing issue.

As point-of-sale transactions get more secure, criminals are now targeting the contact centre. According to a 2018 study, card-not-present fraud is now 81 percent more likely than point-of-sale fraud.** If credit card data is entering the contact centre environment at all—where agents can see or hear it, or if it’s being stored in your systems—it’s at risk of being stolen.

5. Pause and resume and other sticking plaster type fixes are not the answer.

Manual interventions are simply not reliable enough. Agents can still see and hear card details. Interrupting the call by transferring to an IVR or clean room environment is a less-than-ideal customer experience and these solutions have less than stellar success rates.

The average UK company uses 3 different solutions to maintain PCI DSS compliance, which is costly and time consuming.

6. Your PCI DSS solution is inhibiting your contact centre technology progress.

Once your contact centre environment—IVR, switch, payment service provider, network—is embedded into your compliance process, it becomes problematic to make a change when new regulations are introduced. You have to redo the plumbing and wiring again at great expense—in terms of time and money.

7. The cost of cyber insurance is climbing.

A 2017 Ponemon Institute survey found that, 87 percent of companies view cyber liability as one of their top ten business risks. The average cost of a cyber breach was £267, 000 for small companies and £4.59 million for larger organisations.

8. PCI DSS challenges prohibit you from benefiting from Work at Home Agent environments.

There are many advantages to having remote agents, but a multi-solution approach to PCI DSS compliance creates security and training challenges that are difficult to overcome, leaving fewer choices and less flexibility in staffing your contact centres.

9. Poor customer payment practices can lead to lower CSAT/NPS scores.

Customers expect their financial information will be kept safe and secure. Requiring customers to read data aloud over the phone is a risk and can lead to higher levels of dissatisfaction. Customers want to pay in their channel of choice. Shifting them to another channel such as a payment IVR or clean room environment can be very frustrating.

Download this page
as a pdf brochure.


Find out more and see who else we’ve helped with Secure Payments


Want to know more about PCI DSS compliance? Read our Definitive Guide to


Want to know more about PCI DSS compliance? Read our Guide to Card-Not-Present Crime.


See how Target secured valuable new business by becoming PCI DSS compliant and secure with Callguard.

Case Study

See how allpay and their housing association clients take secure payments over the phone.

Connect with an expert.

Find out what CallGuard could do for your company.

Why you should choose CallGuard from Eckoh.

Eckoh is a proven partner with over 20 years of experience helping companies across the U.S. and U.K. make their contact centres more personal, convenient and secure. We’re a PCI DSS Level 1 Service Provider you can depend on to provide innovative technology and expert guidance for your organisation.

Eckoh Logo

Eckoh © 2019 All Rights Reserved.      Legal Disclaimer      Privacy Policy

*iovation and Aite Group report, EMV: Issuance Trajectory and Impact on Account Takeover and CNP.
**2018 Identity Fraud Study, Javelin Strategy & Research

YouTube YouTube YouTube YouTube