PSI DSS Best Practices for your VoIP Phone System Contact Center

A growing number of businesses are choosing to establish or evolve their contact center to a VoIP phone system infrastructure, so they can dramatically reduce costs, improve customer service, take advantage of advanced features and continuous innovation, and drive their organization ahead. 

However, as noted by CIO.com, contact center compliance breaches are astonishingly frequent – and among the most common violations have to do with PSI DSS.

What is PSI DSS?

PCI DSS – which stands for “payment card industry data security standard” – is an information security standard for companies that process, store and/or transmit credit card data from major issuers, including Visa, MasterCard, American Express, and JCB. The goal of PSI DSS is to minimize payment card data loss (both accidental and caused by malicious breach).

Conforming to PSI DSS isn’t a legal requirement. However, violations can lead to fines, sanctions and in some cases, having card acceptance privileges terminated – which lead to significant revenue and customer loss, along with enduring and possibly permanent reputation damage.

PSI DSS Best Practices

It goes without saying that you need your organization to be PSI DSS compliant at all times. Here are a series of best practices to help achieve this goal:

• Enforce Authentication Controls: Each employee who has access to VoIP phone system call records must follow stringent authentication controls and rules. For example, employees must understand that they should never write down cardholder data, even if doing so “seems harmless.” 

• Establish Standards: All organizational policies and procedures should be in accordance with PSI DSS. For example, there must be no physical connection between external-facing networks (e.g. Internet) and computers used to store audio recordings made by on your VoIP phone system.

• Regularly Test: It’s not enough to establish standards and then assume that compliance is in effect. Regularly test the system to ensure that the technology is functional, security safeguards are in place, and employees are always following the rules.

• Mask PANs: PAN stands for “primary account number” on a payment card (credit or debit). It’s important to mask or truncate some numbers so that once stored, they’re unreadable.

• Use Strong Encryption: All data transmissions must be secured with strong encryption, and any media used to capture card data must be made unreadable. 

• Secure Endpoints: Devices and computers – including those used by remote workers/agents – must be secured with firewalls, and up-to-date virus/malware protection. Endpoints must also consistently be monitored to ensure that they have the latest patches.

Learn More 

To learn more about getting the most out of a VoIP phone system – and helping your contact center be efficient, productive, profitable and of course, compliant – contact the Votacall team today. Your consultation with us is free.

For more information about hosted VoIP phone systems and the truth behind common myths, download our FREE eBook: