Concerns surrounding the exposure of cardholder data in call centers has prompted the Payment Card Industry Security Standards Council to introduce a set of best practice guidelines.
The announcement comes at a time when fraud associated with card-not-present transactions is rising, Jeremy King, the council's European director for security, told the American Banker website.
"As fraudsters continue to target specific industries and channels, we have received a lot of questions about how call centers should handle card data exposed during telephone ordering processes," Mr King said.
The Protecting Telephone-Based Payment Card Data Information Supplement contains information pertaining to how sensitive card data typically enters a call center and step-by-step processes for handling, securing and storing such information.
According to the guidelines, merchants and service providers should take advantage of various security systems and technology that automatically truncates or masks account numbers cardholder data.
Call centers also should not retain such sensitive card data after transactions are authorized, the council advised.
The news comes after Forbes reported that a growing number of organizations are investing in their current call center platforms to improve the services that they offer.
Posted by Richard Jones