PCI Compliance
Brands and BPOs who deliver customer service are required to support a variety of standards that protect data from intruders. The most common standard (outside of HIPAA for health related data) is defined by the Payment Card Industry (PCI). PCI defines a comprehensive set of standards that lays out a roadmap from physical security to digital security to proper business processes.
Although STC is not meant to handle PCI data, it does set on the CSR desktop where PCI data is being recorded and transmitted. We recommend that users be trained to avoid using PCI data in chats, e-mails, and text messages. In those cases where an employee does attempt to transmit PCI data, STC will "blur out" any numerical data that should be kept sensitive. This could include credit card numbers, SSNs, and phone numbers.
STC has taken a leadership position on security, allowing us to check all of the boxes on a PCI requirements list. Our features include:
Although STC is not meant to handle PCI data, it does set on the CSR desktop where PCI data is being recorded and transmitted. We recommend that users be trained to avoid using PCI data in chats, e-mails, and text messages. In those cases where an employee does attempt to transmit PCI data, STC will "blur out" any numerical data that should be kept sensitive. This could include credit card numbers, SSNs, and phone numbers.
STC has taken a leadership position on security, allowing us to check all of the boxes on a PCI requirements list. Our features include:
- Enterprise clients are maintained in a private cloud
- All data is encrypted from the time of capture through to the back end storage of the data
- Audit trails are retained, maintained, and secured
- Highly secure physical and network(firewalls) environment
- Anti-virus controls in place
- Breech alerts notify key personnel
- Passwords and logins adhere to PCI requirements