Call Center Tokenization

Call Centers

Call Centers

TokenEx Solutions

In our current day of omni-channel payment solutions, call centers continue to be a preferred payment platform for customers who want to talk to a live agent when making complex travel plans, buying tickets for events or making a self-service payments when and how they want. In order to provide excellent service, call centers collect significant PCI (payment card data) to complete the transactions. Call centers continue to evolve in how they serve their customers, but most importantly in how they secure PCI when ingesting that data into their environment. As call center solutions continue to offer greater flexibility, they also continue to expand your attack surface in light of the ever-present data breach. Enter cloud tokenization that secures all of the data sets, and reduces your scope/compliance burden with PCI. With cloud tokenization, the data never hits your environment, so you can achieve true risk avoidance.


If you are leveraging a call center environment, one of the best strategies you can employ to achieve PCI compliance is network segmentation. The reason this strategy is very sound from a call center standpoint is because of all of the resources. Call Agent Desktops can use a standard image for OS/Software deployment.  What this does is reduce the overall time required for assessing this segment of your environment from a PCI standpoint. While all controls within the DSS are applicable within this segment, only a subset of these controls will actually be required to achieve compliance in this network segment because only certain controls are applicable to a desktop environment. Additionally, by segmenting your Call Center environment, you take the remainder of your Corporate network out of scope for PCI compliance assuming cardholder data is not being stored, processed, or transmitted anywhere else.

Now, what this also means is that your Call Center Software, Interactive Voice Recognition or Dual-Tone Multi-Frequency will be in scope for PCI as well as calls will be routed through these solutions to reduce overhead and increase sales.  Most Call Center Software packages now have PCI compliant modules or plugins that aid in achieving and maintaining PCI compliance, but for the ones that do not TokenEx suggests segmenting these environments as well so they do not bring the Corporate environment into PCI scope.  In fact, a strategy that we have seen used by a number of our organizations is simply putting the Call Center Software environment into the PCI Cardholder Data Environment (CDE).

For more information or guidance on PCI Compliance in the Contact Center, please contact TokenEx.