When moving from a premise-based-contact-center to a cloud hosted contact center, security is our customers’ biggest concern. Let’s shed some light on how security and PCI compliance within a cloud hosted contact center is obtained here at IVR.
Cloud Infrastructure Security
Security starts on the cloud infrastructure, where IVR’s Hosted Contact Centers are deployed. This infrastructure must manage a comprehensive controlled environment. Within this environment are the necessary policies, processes and controlled activities for reliable delivery within our Contact Centers. It is imperative that the cloud infrastructure is compliant with various certifications and third party requirements.
Certifications and Requirements:
- PCI DSS Level 1
- ISO 27001
Role-based Security is the careful application of security granted at every level of company involvement. Depending on the user, roles and authorities should be assigned, allowing access to features and data necessary for that person to complete a task. Access should be restricted at read, write, update, and delete levels. It should also be restricted at skills, teams, projects, and Contact Center levels. This level of control within your corporation keeps sensitive data safe and work areas applicable to your employee duties and responsibilities.
Telecom Security refers to license owners being able to restrict CSR’s from making unauthorized calls or texts to unauthorized calling areas. This security feature serves to avoid any internal calling charges for your Hosted Contact Center.
Password-based Authentication is a necessary level of security ensuring secure data is accessed only by authorized personel. Passwords stored in the database should be encrypted and cryptographic algorithms should be used to verify users.
Security for Servers in the Clouds means offering the industry standard of 256bit Secure Sockets Layer (SSL) for internet based access to the subscribed services. IVR secures data on secure servers accessible only by authorized personel. Built-in multi-location redundancy and reliability to cover any risk of failure is imperative. All communication between the servers in the cloud and users’ machines should be secured using SSL/TLS connections.
Third-Party CRM Access Security is the process by which data is fetched. When a live connection is made, a web-service call is made to the CRM and the associated customer information is taken and displayed as the call progresses. Inbound calls contact a web-service call will be made to the CRM and the associated customer information is grabbed and shown to the CSR. When companies make outbound calls, phone numbers and CRM IDs can be pre-stored in the Cloud.
PCI DSS Compliance refers to the standard defined and developed through requirements for security purposes. System components, within the context of PCI DSS, are defined as any network component, server, or application that is included in or connected to the cardholder data environment. Network components include firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Server types include web, application, database, authentication, mail, proxy, NetworkTime Protocol (NTP), and Domain Name Server (DNS).
IVR’s cloud-based Hosted Conter provides a secure online platform so our customers can best conduct their business and service customers. Our features are easy to use and do not risk the privacy and secrecy of the data entrusted with the provider. Transactions conducted over the platform are secure and adhere to the industry’s highest standards of cryptography.