Encryption Technology: Is it Enough to Prevent a Breach?

A recent article in PaymentsSource caught our attention. The piece discussed how PCI compliance is not enough for breach prevention, but rather businesses should focus on chips and tokens as a best strategy.  The author’s argument is that “while PCI compliance is necessary and useful, it’s not always sufficient to be fully secure. To counter this, independent software vendors (ISVs) must adopt a layered security approach that uses EMV, encryption technology and tokenization in addition to keeping up with PCI compliance requirements.”

In general, we agree that encryption technology and tokenization are invaluable security tools. Not leaving data on your system waiting to be easily stolen is obviously a good idea. Even better if it’s tokenized, making it nearly impossible to use.

However, these solutions won’t be 100% effective in a contact center environment. The use of Point to Point Encryption Solutions in a contact center still exposes an organization to massive PCI compliance risks. While the data might not be stored in their system using this technology, there are holes when it comes to agent activity.  Agent conversations are recorded, leaving room for hackers to steal recordings. Additionally, this also still leaves internal employees the ability to steal information with the agent’s ability to see and hear a customer’s PII.

Think about the last time you said your credit card number or social security number out loud to an agent on the phone. It probably felt unsafe–and it is. But what’s the best way to solve for this issue?

On top of tokenization and encryption, contact centers need these calls to be descoped from PCI DSS. Using a solution like Agent Assist masks Dual Tone Multi Frequency aka touch tones, to provide companies with a solution to receive payments by phone without agents seeing or hearing the PII and without the recording software picking up the information and storing it.

With the most recent Verizon 2018 Data Breach investigation report finding that almost a third of breaches are executed by an internal employee, this is not a risk that companies should be taking. Even if they completely trust their workforce, it’s not worth it.

If you have any questions about Dual Tone Multi Frequency or how to better secure your contact center, get in touch with our secure payment specialists today. Visit PCI Pal on the AppFoundry marketplace to learn more about Agent Assist for PureEngage and PureConnect.

This post was co-authored by Dave Horchem, Senior Sales Engineer at PCI Pal. Dave is a valuable part of the PCI Pal technical team as Senior Sales Engineer for North America. With a degree from Brigham Young University, Dave Horchem launched his career in Call Center Operations, and Technical Support & Training at Vivint based in Provo, UT. Dave moved onto Hewlett-Packard working with the Partner Portal Support and Commercial Presales support teams developing employee training, coaching and career development. Dave also lead the Sales Engineer, Senior Manager effort at MarketStar on behalf of Hewlett Packard for over 6 years. Dave also has experience as a Sales Engineer in the Enterprise Cloud for Cloud Contact Center Solutions, and continues to serve our customers, partners, and prospects with excellence.