The holidays are almost here. Hooray! While people may forget to wash their hands after going to the bathroom or forget their anniversary was yesterday, there’s no doubt they’ll remember to call your store about that Hatchimal shipment, or to find out why their next-day-air package hasn’t arrived. Seriously, where is that package!?
Whether you operate an old fashioned brick and mortar business or you run an eCommerce shop, you need to start getting your communication channels in order ASAP so you can showcase your jaw dropping customer service come Black Friday. Outsourcing your calls to an answering service is a great way to shine while alleviating some of the pressure on you and your staff. However, if your answering service isn’t PCI compliant, your business is at risk! Worried? Don’t be. Sit back and hit that Egg Nog while we break down what PCI compliance is, when your answering service needs to have it, and what probing questions to ask to make sure they are certified.
The Payment Card Industry and the Data Security Standard, better known as PCI DDS, was founded in the early 2000’s to combat the increased rise in security data breaches. In order to be PCI compliant, a company needs to either complete a yearly self-assessment or pass a quarterly security scan. Plus they get a super cool certificate to show off.
It depends! If an answering service is processing payments on a customer’s behalf, then they are required to be PCI compliant. If they aren’t, they don’t need to be.
For starters, you can ask them for their Certificate of Compliance. This will show what assessment body they were certified by, what category their certification was, the conditions of issuing, the validation length, the signature of the qualified security assessor, and the certification date. Here’s a few of the more important conditions they would have had to meet to be certified:
If your answering service is accepting payments without being PCI compliant, that’s a major oopsie. According to the PCI Compliance Guide, payment brands “may fine an acquiring bank anywhere from $5,000 to $100,000 per month for PCI violations. The banks could pass this fine along until it reaches the merchant, and they may terminate their relationship or increase transaction fees.”
While these repercussions would only affect the answering service itself, your brand could still be at jeopardy. For example, if the answering service you’re using got hacked and leaked data, you would need to let your customers know what happened and how their personal information was affected. Basically, it’s not a good look.
Choosing the right service with respect to PCI compliance really depends on your needs and what you’re having the service do on your behalf.
Your answering service doesn’t need to be PCI compliant if:
Your answering service needs to be PCI compliant if: