We have recently refreshed our branding across our offerings and changed the names of our pricing plans. If you have signed up before Aug 9, 2021, please click Previous plans to view your applicable plans.
We assure you that this change will not impact your product experience, and no action is required on your part.
Categorically, the answer is 'Not Applicable' as per PCI DSS v.3.2.1 - Clause 4.2 - Never send unprotected PANs by end-user messaging technologies (for example, e-mail, instant messaging, SMS, chat, etc.).
Freshchat and Freshcaller are PCI compliant as part of the Freshdesk Omnichannel suite. However, standalone Freshcaller and standalone Freshchat do not have PCI certification.
As per PCI DSS, cardholder data (CHD) is not recommended to be exchanged over end-user communication channels such as chat, emails, and calls. But, as part of the Freshdesk Omnichannel offering, we allow businesses to be PCI compliant through our Secure Vault that hosts and processes CHD.
Further, in the case of chat and emails, customers can sanitize their conversation through our Data Redaction app. Agents can invoke our secure form through interaction in the chat and provide their card information. Likewise, our Caller system can be invoked within the Support system and can be used by agents to provide any card-based transaction support.
Having said that, in both standalone Freshchat and standalone Freshcaller, the data stores are encrypted in transit and at rest. We have also implemented multi-tiered security controls that are also audited as part of SOC 2, ISO 27001, and Cyber Essentials Plus certifications.