BLOG

PCI Compliance: Top Challenge of 2017?

Return To Blog »

SHARE
January 26, 2017
By: LiveVox

Contact Center Executives Indicate PCI as a Top Challenge of 2017

Facing Tougher Security Requirements, Contact Centers are Finding Ways to Offload Costs

In a Q4’2016 industry survey* of 2k+ contact center executives that manage inbound or blended operations, a growing majority indicate that PCI security is a top challenge in 2017 as shown in the diagram on the right.

Why is PCI such a prominent focus for contact centers this year?

Mounting PCI Audit Scrutiny Threatens PCI Re-Certification

Pressure of PCI audits and their focus points continue to mount and evolve each year with version 3.2 looking to be one of the toughest. For contact centers to confidently re-certify their PCI 3.2 accreditation, they are likely required to take on the equivalent of a major renovation of their infrastructure with a corresponding cost that can range from $100k’s at the very low end to millions at the high end. An effort many are ill-prepared to take on.

Let’s take a look at why, and more importantly, how to avoid it.

Mounting Scrutiny = Mounting Costs = Mounting PCI Risks

There is no doubt that a changing consumer base is putting pressure on regulatory bodies like the FTC to enforce stricter security standards. What once may have been given a pass may now result in a fail. The bar for encryption standards and intrusion detection programs are prime examples. Encryptions must now be ensured for both data in transit and at rest while intrusion detection programs must cover a much wider reach. Joe Gray, an enterprise security consultant, summarizes this trend in his summary of the evolution of PCI up to the latest version, 3.2.

“The PCI Council has resolved to continue to strengthen its controls as threats and technology change. Expect to see PCI grow in the following years as credit card data is still a lucrative target for attackers”

How much would it cost to keep up with these changes?

Be Prepared for the Sticker Shock….

To confidently meet both the basic and broad PCI requirements in the coming year, contact centers must examine and update every aspect of their ecosystem that may fall under the growing scrutiny of PCI – from storage system encryption, to in-transit encryption, to agent hardware controls.

This will require significant changes at both the hardware and software levels of a contact center’s complex and multi-layered application and database network – a project scope that easily and very quickly add up to a million dollar or more hurdle.

Facing such budget pitfalls, there is no doubt why the industry is concerned.

The Never Ending Rabbit Hole of Security……

Not to mention, these requirements must be updated for each contact center location – compounding the costs and risk of ensuring security.

But most challenging of all, like any regulatory requirement, if or when these updates are finally made across the network, it is more than likely required to change again during the next review cycle. SRTP, or in transit encryption protocols for example, are already set for changing in the coming year. Making security in today’s age a never ending rabbit hole of cost and time.

It is therefore no surprise that contact center executives view PCI as a top challenge in 2017.

Offloading the PCI Burden with Cloud

The inherent challenges presented by PCI certification is a prime driver behind the rapid decline in hardware investments – it simply costs too much to adapt.

As a result, it is no surprise that our recent Q4’2016 survey results mimic numerous other surveys that note the increasing adoption of cloud, which is especially prominent in inbound and blended segments as shown in the diagram on the right

In addition, another recent survey by SkyHigh** shows an increasing majority of IT leaders, 64.9% to be exact, believe cloud is as, or even more secure than on-premise solutions when it comes to managing key systems of record.

Introducing a Cloud Based, Plug-and-Play Approach to Security

LiveVox, a leading cloud contact solution provider at the forefront of the PCI effort, is significantly reducing the cost of security with a cloud plug-and-play PCI platform and cutting edge capabilities. With a plug-and-play approach, businesses can essentially offload a vast majority of the original costs into a simplified pay-per-use model.

In addition, LiveVox’s cloud innovation model provides quarterly releases that helps ensure the latest security standards are met with each revision.

LiveVox’s cloud platform is not only a Level 1-PCI certified platform that handles the latest encryption requirements, it takes security one step further with new features such as PCI-focused payment IVR, Secure Payment Capture. Secure Payment Capture automatically locks down the agent leg, both key audio and visual aspects of a payment interaction, closing a material gap in payment risk exposure.

With LiveVox’s cloud approach to PCI security:

  1. Key encryption requirements are handled via LiveVox’s PCI certified platform
  2. Call recording is paused during the payment transaction
  3. Agents cannot see key payment information
  4. Agents cannot hear payment information
  5. PCI security is automatically transferred across all locations

This approach reinforces the strategic advantage adoption of cloud presents for many contact centers. Innovative features such as Secure Payment Capture assist in reducing the cost of ensuring security. Instead of allocating resources and time chasing down the never ending security rabbit hole, learn more about how LiveVox’s cloud solutions can help offload the cost of securing your operation.

To learn about more ways to help address your concerns around the costs of managing security, speak with one of our technology experts today by clicking here.

*Q4016 survey participants were provided 10 choices of top challenges and were not limited to the number of choices entered.
**Skyhigh Survey of IT Leaders, “The Cloud Balancing Act for IT Between Promise and Peril”

SHARE