Maintaining Payment Security- is your Business PCI DSS Compliant?

Posted: 16 April 2021

PCI DSS Secure Payments for Contact Centres

The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards designed to protect the security of credit card holders. All businesses (no matter how big or small they are, or how the sales are generated – in person, online or over the telephone), that store process or transmit cardholder data are required to adhere to the PCI security standards.

Failure to comply with these standards can result in hefty fines and can damage your brand.

Yet despite this, many organisations have been slow to adopt these requirements (some haven’t even begun!)

Why is PCI compliance important?

Brand Protection

Trusted brands create loyal customers and generate better sales. A breach in this trust can taint your organisation for years, particularly if it becomes amplified by social media.

If you suffer a payment-related incident in your contact centre, the cost of associated fines might be survivable, however, the potential damage that it could do to your brand could be devastating.

Perhaps you consider this to be a low risk? However, given the potentially catastrophic consequences are you willing to continue taking this risk?

Implementing a certified PCI solution in your contact centre can entirely mitigate this risk by ensuring that contact centre staff have zero exposure to the sensitive credit card information.

The most appropriate solution for your business will be determined by the customer experience you are seeking to achieve.

Greater Customer Experience

Many customers are understandably nervous about providing sensitive information over the phone to a stranger.

There are two common methods for Australian Contact Centres to compliantly take Credit Card details – both involve the customer typing their details into the phone, and a technology solution managing this process.

  1. IVR – Customers are transferred into an IVR (Interactive Voice Recording) system that prompts them to enter their card number, expiry date and CVV. This can be efficient and cost-effective, however, if the customer becomes confused they could get frustrated and hang up.
  2. Agent Assisted – in this scenario the Agent talks the customer through the collection of the details, the agent is unable to see the information but is able to identify if there is a problem and assist the customer through to completion. No visible information or audible tones are presented to the agent. The agent can make the credit card transaction in real-time.

Ongoing payments are managed via “tokenisation” which means that instead of the actual credit card information being stored in your organisations CRM, a “token” is stored which can be used for continuous billing through a payment gateway.

Offering a PCI solution provides customers with the comfort that you are treating their information securely and they will not have to worry about fraudulent transactions. Ultimately customers who feel comfortable providing their details via a secure method will be more willing to transact over the phone.

How can you get your contact centre compliant ASAP?

Implementing a solution that enables your organisation to tick the PCI compliance boxes is not as complex as it may seem at first blush.

If you are an existing ipSCAPE client – this feature is available on our platform today – no implementation costs are involved.

If you are not currently a client please give us a call on 1300 477 227 to find out how we can assist – even if you would just like a referral for solutions that will work with your existing contact centre technology platform, we are more than happy to assist.

What are the Requirements?

PCI compliance

    ipSCAPE is a cloud customer experience technology that powers the communication for contact centres, sales and customer support. ipSCAPE is a feature-rich, scalable, multichannel solution that offers advanced integration capabilities. Want to learn more? Contact Us 1300 477 227