PCI DSS Compliance: Don’t Put It Off, Put It Right.

The history of data breaches is full of people who were “working on it.” They were working on it when they were researching the market, or they were working on it when they couldn’t make up their minds which solution to deploy. They were working on it, but put it on the back burner when they decided to focus on something that seemed more important and pressing. And then one day, a breach occurred, and it was too late.

This is what can happen when businesses play the waiting game over protecting payment card data and other sensitive information. They lose – and they lose big. Research shows that the average cost of a breach is around $3.62 million, with some incidents in the U.S. leading to bills of more than $11 million. These figures take into account not only financial losses and customer compensation, but also costs of the reputational damage, legal fees, auditing services and more. In the end, it’s a huge price to pay for an organization that figured it would get around to protecting itself… eventually.

The consequences of delaying

Of course, the consequences of just one data breach go far beyond short-term costs, and the repercussions can be felt long after the fact. For example, customers – even those whose data was not impacted by the breach – may desert in droves for the sheer reason that they no longer trust the company with their information. In fact, a recent showed that 19% of consumers said they would stop shopping at a retailer that had been a victim of a cybersecurity hack, even if the company took the necessary steps to remediate the issue. At the same time, share prices may plummet. We saw this occur after Target’s high-profile breach, when stock prices dropped 46%.

Breaches also negatively impact individuals within the company. Imagine being the CSO or CISO who continuously claimed, “I’m working on it,” when establishing Payment Card Industry Data Security Standard (PCI DSS) compliance in their organization. When a breach occurs, guess who takes the blame? These executives may not only lose their jobs, but may also spend the next few decades explaining to future employers why they put their company at risk.

With such wide-ranging consequences for delaying efforts, security and compliance managers are left wondering why they didn’t act earlier. Some might cling to the belief that breaches can be repaired and smoothed over, but soon enough they must confront the grim reality that there’s no going back from a breach. And the harsh lesson that they finally learn is that they shouldn’t have put it off – they should have put it right.

So, how can they make it right – now?

For contact centers, solutions like Semafone’s keep payment card data and other Personally Identifiable Information (PII) out of the business infrastructure, completely. This also removes the contact center from the scope of the PCI DSS. With from Semafone, payment card data is input by a customer directly into their telephone keypad and transferred straight to the payment service provider (PSP). The agent remains on the call throughout the process but never has access to sensitive payment information. As a result, card data is protected and secure, and the customer experience is uncompromised. This reflects our philosophy than no one can hack data you don’t hold.

Final advice: “Working on it” isn’t an option

All our years of experience in securing and protecting payment data has taught us that prevention is better than cure. To put it another way: hindsight is a wonderful thing, but foresight is better. So why wait?

This is the message Semafone strives to communicate ­– that guarding against data breaches isn’t a task that will keep until next month, next week or even tomorrow. Anyone who thinks ensuring the complete security of customer data is a chore that can be left sitting near the bottom of a “to do” list is asking for trouble – and is very likely to get it. Data breaches can be damaging, and failure to protect your customers’ data has serious consequences: lost business, lost confidence, lost trust, lost jobs.

Remember, “working on it” isn’t an option. That’s the bottom line – and in the end, as every business knows, it’s the bottom line that counts!

Register for our AppFoundry webinar on how to descope your contact center for PCI DSS Compliance today – available now on demand! Learn more about Semafone on the Genesys AppFoundry.

This post was co-authored by Iain Regan – Iain has over 20 years’ experience leading international teams and executing strategic sales campaigns. As Semafone’s Global Sales Director Iain is leading the team responsible for revenue growth and market engagement worldwide. He joined Semafone from Firstsource, where he spent six years in international leadership roles, and has extensive experience in the outsourcing and consulting industry. His knowledge of the operational side of contact centres, in North America and Australia as well as Europe, provides him with an expert and first hand understanding of the requirements of Semafone’s customers. Iain holds a degree in Science from Kingston University.