PCI compliance in an age of flexible working: A conversation with Key IVR

By Laura Waterton

PCI compliance may be old news, but its implications for 'business as usual' are more important than ever.

First introduced 20 years ago, the goal of the Payment Card Industry Data Security Standard (PCI DSS) is to protect organizations and their customers from financial misconduct and fraud.

It’s long been relevant to the world of call recording because many businesses who record calls for quality, training and compliance purposes, also take payments over the phone.

Under PCI DSS, the details of those card payments can’t be captured in the recording. Nor should those card details be kept longer than necessary and ‘all reasonable steps’ should be made to stop that long number on the front, and three-digit code on the back, from wandering into the wrong hands.

Some companies go to huge lengths to meet PCI standards, investing in costly ‘clean rooms’ devoid of mobile phones, pens and paper.

Businesses like Oak build PCI options into our recording solutions, automating pause/resume recording that detects when a user is entering card details. For many companies it’s an effective solution, but in the wake of the pandemic and the migration to home and flexible working arrangements away from a supervisory eye, it’s no longer always enough.

Fresh challenges for 2022

Whether or not people will be returning to offices and how soon is up for debate. There are pros and cons to both home and office working, and a hybrid of both may end up being the new norm.

To survive, compliance tools need to more flexible, more resilient, more secure than ever to support and protect businesses wherever their people are based.

We also want to make sure the huge number of organizations using UC tools like Microsoft Teams remain PCI compliant when calls aren’t made over a traditional phone line.

This is why we’re partnering with industry experts, Key IVR, who’ve been providing a range of cloud-based payment solutions for years that remove transaction details entirely from the office (or home) environment.

Mark Kelly, Chief Commercial Officer at Key IVR, explains how they can help businesses respond to the pandemic with solutions that will take them beyond it.

Availability, security and service

“The top priorities for organizations right now are the same as they were last May: the need to maintain operations, the need to keep customers happy and service levels high, and the need to protect staff.

We know that remote working is possible, but there are concerns around the safety of sensitive information as it passes through unfamiliar channels. At home, people may be away from the corporate network, using their own internet, mobile phones and IT devices.

It’s really important that any payment systems remain secure across any environment, now and into the future. By adapting to rapidly changing laws and government guidance, it shouldn’t matter who is in the office on a day by day basis, or if there was a sudden increase in lockdown measures. The business should continue as usual, with no risks. Whether you need to take payments over the phone, on-site or allow your customers to self-serve 24/7, there should be nothing that stops your business from continuing to function.”

PCI compliance made easy, always

“A cloud-based secure payment solution doesn’t rely on specific technology or additional equipment to make payments. Your staff could be at home, in the office, in their garden or social distancing in a local café, your organization’s reputation is always protected. Data is always processed in the safest way possible – on a PCI-DSS Level 1 compliant payment platform hosted securely in the cloud.

No valuable information is seen or heard by the agent, even if they’re on the call to support the customer - and nothing reaches their laptop, desktop or tablet. So, why wait around for “normality”, when your payment systems can adapt with change?”

If you're an Oak reseller and would like to learn more about Key IVR and how it could add value to your product portfolio, we’re hosting a webinar with Key IVR at 10am on 26th May.

We’d love you to join us.


Book a webinar place


You can also reach us at keyivr@oakinnovate.com for more information or to arrange a meeting.

Back to Insights