Contact center administrators have two masters to answer to when it comes to maintaining a secure credit card environment: the companies that issue the cards and customers who are rightly nervous about falling victim to credit card fraud or identity theft. Businesses who fail to maintain a secure environment for processing, storing, and transmitting credit card information face severe and lasting consequences. The issuing card companies can not only suspend their privilege to accept their cards, they can also levy monthly fines ranging from $50 to $90 for each card compromised. And since the fines are retroactive, the offending business is on the hook for all the months their customer data was endangered.
And then, of course, there is the inevitable bad press such infractions incur, resulting in the loss of current customers, and frightening away potential future ones. Just ask Target, the poster child for damaging customer experience. As for new startups, even the smallest slip in protecting customer privacy can shut them down.
In an effort to safeguard big and small businesses alike, as well as their customers, the credit card industry formulated a set of strict data security standards for contact centers that accept credit card payments.
Payment Card Industry Data Security Standards (PCI DSS)
Visa, MasterCard, American Express, Discover, and JCB International founded the PCI Standards Security Council in 2006. Their mission was to define and develop a cohesive set of standards for maintaining the payment security required of all business entities that process, transmit, or store card data. These guidelines also applied to software developers and manufacturers of devices and applications used to process payments. PCI standards apply to all types of payment transactions, but give special attention to contact centers that take collect card information over the phone since such call centers are often the target of sophisticated hackers.
Cause for Customer Concerns
While website and app transactions also fall prey to identity theft, many customers are especially hesitant to divulge information over the phone, fearing that doing so might enable an unscrupulous agent to access their banking information. And while this is definitely not true for the majority of contact center agents, neither is it in only in the realm of the paranoid. A data breach investigation undertaken by Verizon in 2015 found that in 55% of the incidents studied, “internal actors,” i.e., call center agents, had abused the trust of customers. A follow-up 2016 Data Breach Report named human error as the number one culprit. Examples included improper disposal of company information and mistaken routing of sensitive data to the wrong person.
PCI Secure Payment Options
Rather than risk losing any customers due to perceived credit card fraud vulnerabilities, forward thinking businesses and organizations are turning to PCI secure payment technologies that offer self-service options. By removing sensitive data from their apps and networks to a hosted infrastructure that makes use of interactive voice response (IVR), they are effectively taking their agents out of the process, thereby relieving customer anxieties. Different platforms offer their own options including:
- Direct to IVR: Customers are directly connected to an interactive voice response system to make secure payments. These payments are are then posted to system records, unseen by human eyes.
- Agent Transfer to IVR: The contact center agent transfers the caller to IVR via a payment gateway, and when the caller is through and the payment has been posted to the system, he or she is transferred back to the agent.
By adopting PCI secure platforms, contact centers effectively please their two masters. They satisfy major credit card companies by reducing risk. And by protecting card holder information, they improve customer experience, encouraging brand loyalty and return visits.
For further information on PCI in your contact center, Contact Us.