Background: In the service industry, trust and security are essential. This is especially true for handling and protecting end user data. As a services solution provider, Helpshift plays an important role in helping you maintain your users trust and in protecting their data.
What is PCI? “PCI” is an acronym for Payment Card Industry. It consists of the credit card brands Visa, American Express, MasterCard, Discover, and JCB. These brands have formed the PCI Security Standards Council (SSC), which created a standard called the PCI Data Security Standard (DSS) which provides a framework for companies to secure payment card data, as well as methods to validate compliance with the standard.
Where do PCI standards apply? PCI is important to both the merchants (the companies that actually sell a product or service to users) and to any service providers that the merchant uses to store, process, or transmit cardholder data (credit or debit cards branded with one of the five card brands listed above). Basically, if you accept or deal with credit cards in any capacity, then the PCI standards apply.
“Cardholder data” normally refers to the unique digits found on a card, known as the Primary Account Number (PAN); This is sometimes included with the cardholder name, expiration date, and/or service code. For more information about PCI standards, including how these standards apply to you, at what level these standards apply, and how to become PCI certified, please refer to the official PCI standards.
How do the PCI standards apply to your support channel and use of Helpshift? If the PCI standards apply to you, then Helpshift as a support service provider will provide you with the tools and processes maintain your PCI certification as you interact with your end users.
- First, Helpshift is considered a support service provider, which provides a service platform for you to use to provide support to your users. User support channels, such as Helpshift, are not intended for collecting and processing credit cards and would not collect “Cardholder Data”. As such, normal use of Helpshift will not impact your PCI certification.
- Second, Helpshift provides a rich set of tools and processes to protect all end user data. This includes specific tools and processes to protect credit card information if needed for the following: During a normal support interaction, an end user inadvertently responds with credit card information directly in the support channel. During a normal support interaction, you want to allow the end user to be able to make a purchase. These tools and processes will ensure that you are protecting the end user’s “Cardholder Data” needed to maintain PCI compliance.
What tools does Helpshift provide to help me protect credit card data? Normally, credit card and financial data should not be transmitted via Helpshift. However, it is possible that during a support conversation, an end user may accidently enter their credit card or other financial details. In the event that credit card or financial details were entered accidently, we provide automation redaction tools that will remove the conversation, including all sensitive data from all services, logs, and devices to protect you and your users. To learn more about these automatic redaction tools, see How do I submit a redaction request for Issue or end user data?
What if I want to include a billing operation or collect credit cards as part of my support workflow? Helpshift should not be directly used to collect or process credit cards If you want to include credit card processing as part of your workflow, we provide a rich set of integration options (including automated Bots) so that credit card service providers can be used as needed (including your existing billing service) outside of your support channel with Helpshift.
To learn more about our integration options, see our Integrations FAQs. To get started with Bots, see our Bots FAQs.
To learn more about data privacy at Helpshift, including a full list of sub-processors and what tools we offer to help you adhere to GDPR and COPPA, review our full set of Data Privacy FAQs.