Security is one of the top concerns of enterprise businesses when they are looking to implement live chat onto their websites. At Comm100, we fully understand the importance of security to our users and we are striving to provide the most secure solution in the live chat industry. Being PCI DSS compliant adds an extra level of control and manageability for our already highly secure live chat solution.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB. Comm100 Live Chat is now eligible for PCI DSS compliance as a service provider.
The Secure Form offered in Comm100 Live Chat enables you to collect sensitive data such as credit card holder data (CHD), social security numbers and other personal identifiable information (PII) securely from your website visitors during a live chat. The sensitive data transmitted is only temporarily accessible to the authorized operator during the chat session. Once the chat session ends, the data will be removed from the chat transcript and is not accessible to anyone at any place.
This empowers you to be PCI DSS compliant while having the convenience to request sensitive data right in the live chat channel. This also makes things much easier for the visitors and customers as they can get immediate help while resting assured that their data is highly secure.
In addition to the Secure Form feature, we have also greatly enhanced the physical environment and all procedures and processes governing our software development, deployment and operation. All of these have passed the audit of a qualified security assessor (QSA). This means we are enforcing the industry leading security controls and our security management is fully repeatable, defined and consistent.
The PCI compliance further establishes Comm100 as the industry leader of enterprise live chat solution.
PCI DSS compliant businesses are required to make sure all their points of processing, storing or transmitting credit card information meet the security requirements of PCI DSS. If you want to receive credit card information over live chat while staying PCI compliant, you have to make sure the live chat service or software you are using also complies with PCI DSS. Otherwise, you need to include live chat in your own annual compliance audit, which greatly increases the scope and cost of your PCI compliance program.
The Secure Form feature creates an independent “secure channel” for you to request CHD, PII and other sensitive information (e.g., secret answers, PIN codes, etc.) during a live chat, right within the standard chat window. Together with the strengthened environment and procedures, this prevents breach of consumer data and privacy for every business, and boosts customer confidence and convenience.
If you are an enterprise business, you may need to go through a comprehensive security review process before you can decide to go with a live chat service provider. The PCI compliance will simplify your security review process thus reducing the cost involved and helping you get live chat up and running more quickly.
Standardized procedures and processes are in place to make sure the security of our live chat solution is fully repeatable and under control. You can have a peace of mind when using our service.
The PCI compliance audit covers hundreds of security requirements from physical security to policies and procedures. Below is an overview of what’s included:
When this option is enabled, Comm100 Live Chat will automatically detect and mask credit card numbers directly submitted through the chat window, showing only the last four digits.
Comm100 Live Chat offers a comprehensive list of security controls for you to protect your account from unauthorized access, including IP restriction, password policy, CAPTCHA Verification, etc.
The following highlights the fundamentals for your live chat to be PCI compliant.
For more details about the PCI DSS requirements, please refer to the PCI DSS v3.2 SAQ D Service Provider by which Comm100 Live Chat is attested for compliance.
Comm100’s MaximumOn technology provides data center level redundancy to ensure 100% uptime for your live chat. If the service goes down in one location, a redundant server in the backup location will automatically take over seamlessly. Your live chat remains intact.
Comm100 executes rigorous backup and disaster recovery plans. Your data is backed up to different servers to keep your data safe from natural disasters or any possible data loss events. We also encrypt and back up your data to another data center which is 1000+ miles away to further ensure your business continuity.
All network communications in Comm100 Live Chat are TLS encrypted.
Add authorized IPs/IP ranges to your Comm100 Live Chat account to grant login access to specific IPs/IP ranges only.
The audit logs feature in Comm100 Live Chat allows you to track all your operators’ activities as well as all changes to your live chat system. This provides accountability to each operation within the system and protects your account from mistaken changes.
With the Lightweight Directory Access Protocol (LDAP) authentication, operators can log in with a single user ID to gain access to Comm100 Live Chat and all working platforms, eliminating the need for various usernames and passwords.
At Comm100, security is a top priority and we will continue further implementation of PCI Compliance across the entire Comm100 Live Chat for Enterprise product. This means the development, deployment and operation of the entire product will be PCI compliant. In the future our users will no longer need to use the Secure Form to receive sensitive data. Instead, the sensitive data can be sent right in the standard chat window and will be stored in chat transcripts, all while staying PCI compliant.
Do you have questions about PCI compliance or live chat security? Request a callback from our security experts now!