The contact centre glossary covers many of the most common vocabulary, measurements and technologies related to call centre software and customer experience.
Payment Card Industry Data Security Standard
The Payment Card Industry Data Security Standard (PCI-DSS) is a proprietary standard designed by the Payment Card Industry Security Standards Council to control payment card data and reduce incidents of credit card theft. Sensitive data can include not just credit card numbers, but also expiration dates and CVV numbers, customer names and addresses, PIN codes, account numbers and other data related to financial transactions.
What Is PCI-DSS?
The PCI-DSS standard encompasses several types of protection for sensitive cardholder data.
A PCI-compliant hosting provider must protect stored cardholder data by encrypting its transmission across open networks, utilize a firewall, avoid vendor-supplied passwords, employ strong access-control protocols regarding physical and network access to stored data, and regularly test its networks. Many companies find that given the high cost of achieving compliance with these standards, it is more advantageous to find a hosting provider that has invested in PCI-DSS compliance, rather than building a PCI-compliant network on-premises and obtaining third-party certification.
Additionally, within a PCI-compliant hosting environment, developers must take precautions to ensure that the applications hosted in that environment are themselves secure. Learn more about PCI-compliant application development.