Voices of CRM

Mar 2 2012   8:07PM GMT

Debating PCI DSS compliance in the contact center and the ‘police state’: Two perspectives

Barney Beal Barney Beal Profile: Barney Beal

Has the contact center entered a police state? That’s the question Lori Bocklund posed on a recent call center blog post after coming across some surprisingly stringent requirements during an audit for the Payment Card Industry Data Security Standard, the security standard for all companies accepting credit card data.

Diana Kelley

Diana Kelley

Raised cubicle walls, safe rooms for credit card data, different colored badges for different agents – it all seemed a bit draconian. Yet, many contact center managers are struggling with some of the stringent requirements for PCI DSS when they first run across them. It may not be a police state, but most contact center professionals need some help and advice. The security professionals often responsible for PCI DSS projects do not always understand the operations of the contact center, what’s important and what’s not. And the same goes for contact center managers dealing with PCI DSS auditors.

In an attempt to get the two sides together, SearchCRM.com News Director Barney Beal delved into some of these issues with Lori, president of Strategic Contact Inc., a call center

Lori Bocklund

Lori Bocklund

consultancy and Diana Kelley, a partner with Security Curve.

The roundtable discussion covers PCI DSS compliance across a multitude of topics in two parts. In the first part, Diana and Lori discuss the physical requirements for complying with PCI in the contact center, the importance of clear communication between contact center and IT/security professionals and what Lori’s recent experience revealed about some unexpected requirements.

Highlights of first podcast are listed below: 1:00 Lori’s experience with a recent PCI audit regarding physical facility specifications

  • 2:15 Are some of the physical requirements surprising people? (Maybe: Why are some of the physical requirements are surprising organizations?)
  • 5:05 The PCI Security council talks about “best practices” and “common sense” steps but why is it so confusing to contact center professionals?
  • 7:55 Has there been a shift in contact center responsibility for security? How so?
  • 9:52 Does Lori’s experience jive with what Diana has seen from security professionals? What are the areas of PCI compliance open to interpretation? How do you deal with contact center with software vendors? (reread last question, not sure what you’re trying to say)
  • 15:45 How can you address specific issues with an auditor?


There’s more information across SearchCRM.com, SearchSecurity.com and the web in general for contact center professionals interested in PCI DSS compliance.

SearchSecurity.com did a lengthy special report on PCI compliance featuring video of Diana Kelley and other PCI experts.

The PCI DSS standards body has offered some PCI compliance tips for contact centers.

Finally, the PCI standards body’s website is a valuable resource for organizations preparing for an audit.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: