Changes in consumer behaviour demand robust solutions for PCI compliance

06 September 2019

Changes in consumer behaviour demand robust solutions for PCI compliance

If your company handles customer payments, then you should be familiar with the Payment Card Industry Security standard, or PCI DSS.

This set of security standards ensures that companies that accept, process, store or transmit credit card data maintain a secure environment.

The penalty for non-compliance can range from a significant fine to loss of your merchant ID, rendering you unable to take card payments. Yet you still hear horror stories of data being written down on notepads or left on the hard drive of an old computer.

PCI DSS compliance does not allow for the digital recording or storage of sensitive payment card information such as the CVV2 security code or user PIN, even if the data is encrypted. That’s why it is essential to have a dynamic, automated solution that delivers a seamless customer experience where no sensitive data is recorded.

The need for a robust and flexible solution within your customer contact operation is becoming even more important as consumer habits change. Some customers still prefer to make payments over the phone whereas others are no longer content to read out their personal information because of the perceived risk of data fraud.

In order to ensure that data given over the phone is not recorded or stored by agents, solutions include dedicated non-recording handsets or automatic call silencing. Many companies use automated Interactive Voice Response (IVR) systems where customers can enter their own data via their handset, either assisted or unassisted by the call handler.

PCI de-scoping ensures that calls are transferred to an automated credit card payment system, using IVR or customers use their telephone keypads to enter the card data whilst on the telephone to an agent.

As technology evolves, consumers have more ways to interact with companies including email, web, video, instant messaging and social media and more ways to protect their identity including face and voice recognition.

Omni-channel contact centres are fast becoming the norm but operators must ensure all data received is subject to the same high levels of security – regardless of channel.

By Dean Harrop, director, NGC Networks