December 3, 2019

Stop Putting Your Citizens at Risk With a Non-Compliant Call Center

If you immediately knock on wood after telling someone your government call center has never had a data breach, it’s time to learn about the importance of PCI compliance, the dangers of not complying, and the options available to your organization. Luck shouldn’t be the only thing standing between you and a serious security incident.

What is Payment Card Industry (PCI) Compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards developed to improve payment account security throughout the transaction process. The goal is to ensure that businesses and government entities handling cardholder data maintain a secure environment. 

Do We Need to Be PCI Compliant?

If you accept, transmit, or store cardholder data, regardless of the size or number of transactions, you need to be compliant.

We’ve Never Had a Problem, Why Should We Bother?

If cardholder data is compromised, you pay. Monetary penalties are just the tip of the iceberg. Below you’ll find a list of consequences of non-compliance.

  • Confidence is lost in your commitment and ability to protect your citizens’ personal information resulting in loss of credibility and damage to your reputation. 
  • Following a breach or theft, fines and penalties may be levied against you by credit card companies ranging from $5,000 to $100,000 per month. The amount depends on the number of clients and transactions affected as well as the level of compliance you should be meeting and the length of time you’ve failed to do so. PCI Compliance doesn’t guarantee you’ll never have a data breach, but in the event that you do, credit card companies often reduce penalties.
  • You’re on the hook for fraud losses from compromised cards.
  • Lawsuits lodged by citizens could leave you paying legal costs, settlements, and judgments. 
  • Credit card companies may terminate your ability to accept credit card payments.
  • Citizen compensation could include you paying for enhanced credit card monitoring and identity theft insurance for those you put at risk.

Relax, We’re Compliant Enough.

Sorry, it’s not a one-off, quick fix, we’re PCI compliant scenario. Maintaining compliance requires ongoing monitoring to ensure the processes and technology put in place to protect cardholder data are doing just that. Compliance practices need to be part of your daily operations, not just something you put into practice when you’re being audited. The tendency to drop your guard post-compliance puts you and your citizens at risk. If you don’t feel like your local government has the time or resources to fully commit to such an arduous task, you should consider partnering with a specialist who is dedicated to maintaining compliance rather than taking on the burden yourself. 

What Options are Out There?

Here’s a range of payment options available to local governments that manage call centers, from do-it-yourself to letting someone else do it all!

  • The Old-Fashioned Way: the least secure of the three options, this typically involves a citizen phoning a call center to make a payment. The customer service representative (CSR) takes down the credit card information over the phone and processes it manually. This places an immense amount of trust in the CSR to protect that information and not compromise the card.
  • CSR & Web: this option is a step-up security wise but the CSR is still responsible for gathering and entering customer payment details into an online payment portal. This allows the processing of secure payments digitally after collecting customer information over the phone, and still relies on the CSR to handle and enter sensitive payment information.
  • PCI-Compliant Biller Call Center: the most secure, compliant, and delightful option for customer data and payment collection. It takes local governments completely out of the PCI scope while maintaining the personal touch of speaking to a representative. This option conceals payment card details from the CSR by transferring citizens to a secure payment capture system when they are ready to provide their payment information. This ensures citizen engagement communication channels are well monitored via advanced software.

As an active member of the PCI Security Standards Council, KUBRA is dedicated to maintaining its PCI Level 1 solutions provider status. KUBRA provides superior data protection that abides by all standards, so there’s less worry about confidential information being stolen and keeps your citizens safe from all risks of a breach.

Miteva, Ani. MyMoid. PCI Non-Compliance: 7 negative consequences for businesses. PCI FAQs.