Why not to trust call centres with your Credit Card. And why PCI fails in the real world.

CallCentre1 is PCI compliant. They do not store any credit card data in their databases. When a customer makes a payment with their details, it goes straight through their systems over a secured channel to a payment gateway.

Staff at CallCentre1 also get basic ‘PCI compliance’ training which outlines the relevant section to their daily duties. “Don’t tell a customer their Credit Card details for confirmation, get them to tell you” and the like.

So let’s say a hacker were to infiltrate CallCentre1. If the company were PCI compliant there shouldn’t be any sensitive CC data laying around which the hackers could take, right?
Continue reading