call center ComplianceBusiness is often all about taking risks and reaping the rewards. However, there are some areas where taking a risk can be detrimental or even dangerous for the business. For example – when managing a contact center, a company must not take the chance of avoiding regulatory compliance as failing to comply with the industry norms and call center regulations can only result in incurring hefty fines and litigations.

With most companies outsourcing their customer service, marketing, and telesales departments to third-party call centers, adhering to the norms and regulations becomes all the more important. In that case, adhering to your industry norms yourself is not enough; your outsourced call center also needs to be compliant with your industry norms. Otherwise, you may find yourselves lost is various compliance and regulatory mandates.

So, what compliance acts should a quality call center must adhere to? Here is a comprehensive list:

1. PCI DSS – Call Centers Can’t Record the CVV2 Number on Credit Cards

As per the Payment Card Industry Data Security Standard (PCI-DSS), every call center is forbidden from recording CVV2 numbers as well as other sensitive data such as full magnetic stripe data as well as PINs.

When a call center records customer calls, it runs the risk of storing this highly sensitive information in recorded, written, or other forms of communications. To stop this from happening, call centers must use some API fix, which can automatically stop the recording when the agent enters the credit card information and resumes recording when they’re finished.

2. Call Centers Must Have Consent from Both Agents and Customers to Record Their Conversations

In most states in America require a call center needs consent from both parties (i.e. customer and agent to record communications between them. You need to be aware of your state’s laws before creating and implementing policies regarding asking for consent before engaging in any conversation with your customers in both inbound and outbound communications.

Call centers must also provide them the chance to opt-out of the call before they start recording should a customer refuse to be recorded.

3. Track All Agents in the Call Center with Access to Sensitive Information – PCI DSS 

All agents working on a call center must be assigned a unique ID so that in case of a leak, stealth, or tampering of information, the specific employee or anyone else with the access ID can be traced. A quality call center like Ameridial always used 2-factor authentication. It is an essential step most leading call centers use while allowing remote agents to access their network.

4. All Agents Should Be Trained Annually to Remain Compliant

Training agents once and expecting them to remember their compliance training forever is not practical. The agents need fresh and updated knowledge of the policies and procedures.

Therefore, every year, call centers must conduct agent training on the regulations issued by HIPAA, TCPA, PCI DSS, and other industry-specific organizations. Such training helps call center agents to remember their knowledge, and that knowledge, in turn, keeps the company out of trouble and keeps the customer’s interest safe and secured.

5. Agents Can’t Threaten Customers to Pay Their Bills

Section 806 of the Fair Debt Collection Practices Act (FDCPA) states:

A debt collector may not engage in any conduct the natural consequence of which is to harass, oppress, or abuse any person in connection with the collection of a debt.”

Every call center with a debt collection campaign must ensure that their agents know how to deal with a non-paying customer. Under no circumstances should an agent use violent language or unethical behavior to recover the money.

6. Call Centers Can’t Share Customers’ Health Information

The Healthcare Insurance Portability and Accountability Act (HIPAA) was enacted for safeguarding the security and privacy of patient health information such as:

  • Social Security numbers
  • IP addresses
  • Full face or any comparable photographic images
  • Geographical identifiers
  • Account numbers
  • And more

An experienced healthcare call center like Ameridial ensures that all its agents have proper training on HIPAA regulations every year to safeguard, their, their client’s and the clients’ customers’ interest.

7. TCPA Regulations

The Telephone Consumer Protection Act or TCPA restricts solicitations through phone (telemarketing) as well as the use of automated phone equipment.

Under TCPA regulations:

  • A telemarketing call center cannot use automatic dialers to contact wireless phones and/or leave messages on them without prior and expressed consent from their customers.
  • The customers being called can withdraw consent at any time for any reason.
  • Reassigned phone numbers lose all consents. Therefore, you can’t call the new person using previous consent.
  • Callers retain consent in case the same person, using the same number, moves that number from the landline to a mobile device.

Basic TCPA compliance guidelines that call centers must follow include:

  • You must honor the Do-Not-Call registry for five years.
  • Agents must tell the people they call who they are and who they are calling for.
  • AI telemarketers and prerecorded calls are prohibited.

Every quality call center must adhere to these compliance acts and hold regular training to keep the agent’s knowledge up-to-date.

While looking for a call center partner, you must ensure that the call center service provider adheres to all your industry compliances as well as the state regulations. Not doing this may lead you to trouble in the future.

At Ameridial, we have a strict compliance adherence policy. We hold regular compliance adherence training for our agents to keep them updated and to safeguard the interest of our clients and their customers.

Are you looking for a call center partner? Contact Ameridial today to know more about our compliance adherence, service offering, and experience in your field.