14th July 2020: As millions of pounds are lost to Coronavirus scams, the Payment Card Industry Data Security Standard (PCI DSS) is enjoying a well-earned revival. Rob Crutchington shows how to drive compliance and build customer confidence using Agent Assisted Payments…
According to UK Finance, card payments accounted for half (51%) of all payments in the UK in 2019 while consumer use of credit cards rose by 7% to 3.3 billion payments over the same period[i].
Fortunately, these trends in payment habits have proved invaluable during lockdown when record numbers of consumers rely on debit or credit cards to pay for essential shopping.
Unfortunately, the COVID-19 health crisis has also highlighted the darker side of human nature with credit card fraud surging 35%[ii] and reports that £4.6 million has already been lost to coronavirus-related scams since lockdown started.[iii]
If these alarming statistics are anything to go by, widespread consumer fears about the vulnerability of sensitive card data are fell-founded. Contact centres should take charge now, reassuring customers that it’s safe to make card payments by getting back to basics and embracing the functionality of secure Agent Assisted Payment solutions.
Back to basics with PCI DSS
Even though the first version of PCI DSS was introduced a long time ago (December 2004) the international standards framework still matters for three simple reasons:
• Worldwide weapon against a global threat – the ultimate aim of PCI DSS of reducing the incidence of card fraud and promoting best-practice in information security is now more important than ever before.
• Strict rules, punitive actions – it’s a violation of PCI DSS to record or store any CAV2, CVC2, CVV2 or CID codes after authorisation even if that data is encrypted. Failure to comply means hefty penalties and we all know there’s no greater incentive to follow the rules than a severe dent in the pocket.
• Trust across the entire payment ecosystem – PCI DSS affects everyone from the contact centres offering card payments to their partners, suppliers and customers. The simple truth is organisations that have successfully achieved PCI DSS compliance are more likely to choose their third-party service providers carefully, conducting proper due diligence and risk analysis to establish whether they have the right skills and experience to deliver secure automated card payments. This triggers a snowball effect to raise standards all round.
Introduce clever technology behind the scenes
Once re-acquainted with the importance of PCI DSS, why not introduce technology that enables PCI DSS compliance? The latest Agent Assisted Payments allow contact centre agents to process card payments without being exposed to sensitive card data. After the customer has used their telephone’s touch-tone keypad to tap in their card details, all an agent sees on their screen is whether the payment has been approved or declined.
Look for a partner who is Level 1 PCI DSS accredited, which means you and your customers can rely on their technology with absolute confidence. They should offer Agent Assisted Payment solutions that are carrier, phone and CRM system agnostic so they integrate seamlessly with your existing contact centre infrastructure to enable real-time reconciliation of payments, maintain ‘business as usual’ contact centre operations, even when working remotely and deliver a joined up and exceptional customer experience (CX).
Three ways to use Agent Assisted Payments:
1) De-scope your contact centre – for PCI DSS compliance purposes. Implementing Agent Assisted Payments significantly reduces the time, cost and resource required to complete PCI DSS Self-Assessment Questionnaires (SAQs) for a company to become PCI compliant. In fact, of the controls covered in version 3.2.1 of the standard, Agent Assisted Payments places 51% completely out of scope and 30% of the remaining controls are heavily reduced.
2) Offer Tokenisation – for multiple payments, recurring payments or returning customers, Agent Assisted Payments linked to tokenisation enhance CX. Tokenisation is the innovative process that allows contact centres to be outside PCI DSS scope, as no real cardholder data enters the environment and makes it a less attractive target for data hacking and stealing data. Meanwhile, returning customers are not required to enter card details over and over again.
3) Educate customers about the value of PCI DSS – the chances are that most customers will have heard about Verified by Visa, 3D Secure or MasterCard SecureCode but draw a blank at PCI DSS. The beauty of Agent Assisted Payments is that contact centre agents can continue to talk to the card holder throughout the entire payment process. This gives them the opportunity to talk about the important steps their organisation is taking to keep customers’ card details safe. They can also introduce new ‘accessible for all’ technologies such as virtual terminal payments specifically designed for disabled or elderly customers who may feel embarrassed when they cannot use traditional automated payment systems and prefer the human touch.
Now is the time to renew your acquaintance with PCI DSS and use Agent Assisted Payments to drive all-round compliance. Learn how to bridge the gap between providing personalised CX and enhanced security, while significantly reducing the time, cost and resource required to comply with stringent PCI DSS rules.
Rob Crutchington is Managing Director of Encoded