Compliance and Technology: how they work together in logistics
Compliance and Technology is having a profound effect on the logistics sector. Advanced tracking tech allows shipments to have their every move recorded. Automated transportation is undergoing extensive trials to create more efficiency and, even behind the scenes, business analytics are ensuring that logistics firms are operating in the most profitable way possible.
But there are additional considerations firms need to take into account when embracing technology and one of those is data compliance.
With analytics systems collecting real-time data about how a business is operating, how goods are being shipped and how customer’s data can make services more efficient, that’s a lot of information entering and remaining in your business infrastructure that could be accidentally exposed to staff, partners or, more worryingly, hackers.
As such, adherence to data protection rules is vital.
If you have business clients making payments for services over the phone, or even customers booking a courier on a much smaller scale, you need to ensure your payment practices are sufficiently protecting that customer data.
Traditionally, protecting data in contact centres consisted of user training, awareness and monitoring and deploying ‘compensating control’ technologies that manage access to data. Conclusions from a study conducted by Verizon found that 60 percent of organisations are still leveraging outdated pause-and-resume technologies, as just one example, to avoid storing sensitive payment data on call recordings. This requires users to be paused while collecting payment information, disrupting the flow of business and causing issues from an audit trail and complaint resolution perspective.
Compensating controls are not intended to fix gaps in PCI compliance. At best they should be considered a sticking-plaster until the company is able to completely overcome the issue. At worst, they are a quick route to a potentially sizeable fine, and should not be considered a permanent solution.
Instead, being fully compliant with PCI DSS is vital for businesses, from both a reputation and financial perspective. Although, compensating controls can be tempting to implement, they are have the potential to hurt businesses in the long run.
A key recommendation is to eliminate the risk of data breaches at the contact centre level by preventing payment data from entering the environment in the first place. This means replacing pause-and-resume systems with modern Dual Tone Multi Frequency (DTMF) masking technology.
By doing so, you can de-scope telephone-based payment processing from the requirements of PCI DSS, allowing payment card information to be provided without your contact centre agents having access or sight of the data.
This helps to reduce the risk of associated frauds by eliminating sensitive card data from the conversation – ensuring that, in the event of a data breach, there is simply no payment data in your company’s systems to be compromised.
You can also take heart from the fact that your telephone-based payments are being handled in the most appropriate and secure way, and your business is PCI compliant.
By Dominic Newman, Channel Sales Director , PCI Pal