From a contact center perspective, the greatest number of inquiries we receive today is about how to remove the Contact Center Agent Desktop out of scope for PCI compliance. The problem that exists today with the desktop setup the contact center agents are using is that these desktops introduce a tremendous amount of overhead due to technical and process controls driven by PCI compliance. For example, a Contact Center Agent Desktop that is used for taking payment card data must be: patched regularly, log and report numerous activities, have activity timeouts enabled – and the list goes on and on the technology side. Additionally, now processes must be put into place to ensure the people using these desktops to take payments are in place to ensure they are not taking the payment card numbers and using them for their own good. Simply put, managing one to ten of these desktops is probably not that big of a deal; however, when you introduce more than 10 desktops, and possibly hundreds, the burden of managing a contact center environment with this many desktops becomes problematic.
How It Works
Fortunately, through engaging TokenEx, we can provide any number of different strategies for handling the contact center desktop. The most widely used solution we implement today for our customers leverages pin-pad devices that support Point-to-Point Encryption (P2PE). These pin-pad devices, (think Magtek, Ingenico, Verifone, ID Tech, or other), connect to the USB port on a desktop and have a keypad for entering payment card data. As the payment card data is entered into the device, it is encrypted using public key cryptography before entering the contact center desktop rendering it unreadable by anyone except TokenEx. Once the pin-pad submits the encrypted data through the desktop it is sent to TokenEx where it will be tokenized, vaulted, and secured. TokenEx will return the token to be used within the form fields the contact center agent is using so the desktop now only deals with tokens – taking it completely out of scope for PCI compliance.