Experts Compliance3 highlight the technologies and processes continuously overlooked by contact centres which ensure card payment security
By SLS Marketing – 22 Oct 15
London, 15th January 2015: Compliance3, a company that helps contact centres achieve and maintain PCI DSS compliance, has highlighted the technologies and processes contact centres should implement in 2015 to reduce the increasing risk of breaches, reputational damage and revenue loss.
Ensuring card data is not ‘captured’: allowing card data to enter the business environment when exchanging data with trusting customers for payments, renders the merchant liable to extensive, expensive PCI DSS compliance obligations. Ideally, card data needn’t enter the business environment. Legacy recordings: using pause/ resume technologies to pause call recordings at the point of payment will allow card details to be provided to the advisor by the customer but they should prevent their storage, however many of these technologies are dependent on the advisor and are notoriously unreliable, meaning that many merchants may be storing card data unnecessarily.
Implementing payment technologies such as DTMF or IVR: DTMF(Dual Tone Multi Frequency) uses the frequencies from handset keypad tones to determine which numbers have been entered, and IVR (Interactive Voice Response) is a voice-response technology that achieves the same purpose. Both solutions eradicate the risk of allowing the agent to capture card details.
Applying the full PCI DSS programme: version 3.0 became mandatory from January 2015 and enables a business to be fully compliant with all card scheme requirements.
Contact centres from small, niche operations to those representing major high street brands, despite a steep increase in “card not present” fraud, still need to embrace the different payment methods and consultative help available to safeguard their businesses.
“The contact centre industry is overwhelmed with technology providers and systems and solutions, which unfortunately confuse those in a position to change payment processes.” Glenn Hurley, CEO of Compliance3 said. “What we have done is highlighted the most efficient and secure methods businesses should consider for 2015. It is not all down to technology either – a mix of assessment, consultation and specific technology will be the solution to the escalating fraud and breach risks merchants face. It shouldn’t be a stressful transformation – it should be a step forward to protect the customer and business.”
A recent study found that although measures have been taken, not enough contact centres have implemented payment solutions that remove personal and financial data from the databases and agents. For example, only nine per cent of contact centres use a cloud solution, which de-scopes sensitive data from the contact centre environment altogether.
Using such methods means call centres remove the data completely, and therefore remove the danger of card fraud and data breaches. With data fraud becoming more sophisticated and intricate, it poses a very significant threat to the customer and merchant.