Are you worried that storing customer card data will make you a target for criminals? If so, you're not alone. Most merchants feel the same way. But there is an answer.
Most of us would feel on-edge if we walked around with £50,000 in crisp banknotes stuffed into our pockets. So it's no surprise that the majority of merchants feel the same about the precious customer card data they're holding onto in their contact centres — especially as it places them within scope for PCI DSS compliance.
Recent research from American Express shows that 55% of merchants store customer profiles and card payment details for future purchases — and another 22% plan to do the same in the next 12 months*. However, 73% of merchants feel that storing customer credit cards on file is a security concern for their business. And 76% would prefer not to store customer credit card details at all. Some are bothered about the costs involved too.
But it seems that the need to offer simple payment options and deliver great customer experiences — to stay competitive — may have pushed merchants into this uncomfortable position. So what's the answer?
Where is card data hiding?
Before looking at solutions, it's worth exploring where customer card details are stored within a typical contact centre. It can be unnerving to discover where pockets of precious data end up:
PCI DSS non compliance isn't an option
Any merchant that wants to process, store or transmit credit card data needs to be compliant with PCI DSS industry standards. Navigating PCI DSS involves checking PCI merchant levels, investigating the best way to provide PCI DSS compliant payments and completing a PCI assessment.
But attempting to handle each of these areas yourself using an array of PCI DSS compliant solutions can be complex, costly, time-consuming — and never totally secure. Think about new equipment, integration, patching, training and trying to enforce strict policies. Even then, you're still vulnerable to human error, mischief-making or insider fraud
You'll still be a target too — for criminals that are getting increasingly sophisticated in their modes of attack. So what's the alternative to trying to sort your own contact centre compliance?
Lifting the burden from your business
Rolling back on customer convenience isn't the way to go. But it's possible to overcome the data security risks by using a solution that prevents data entering your systems in the first place – such as Eckoh CallGuard or ChatGuard.
For customers, the process is ultra smooth. They still speak or chat to your agents, use your familiar apps and your website as normal. What's more, with a PCI Level 1 partner such as Eckoh, you can add extra payment methods securely — such as Alternative Payments, Chat Payments or IVR payments.
Behind the scenes, CallGuard prevents any sensitive data from entering your contact centre systems. Instead, data passes through Eckoh’s secure platform to the Payment Service Provider (PSP) and transaction success is confirmed by return.
Inside your contact centre, the data is masked by Eckoh’s patented tokenisation technology which makes sure that the real card data is not exposed to your agents or systems.
So your entire contact centre environment is shielded from any trace of sensitive data. This means that even if criminals managed to get around your security, infiltrate your workforce or obtain information from systems — there's nothing sensitive to steal.
Entirely de-scoping your contact centre means that customer service directors, contact centre managers, chief security officers and heads of compliance can breathe a sigh of relief. While they cannot pass on the whole burden of PCI DSS compliance, it can ease the load, risk and the worry.
Call centre compliance made easy
De-scoping your contact centre can be quick and relatively pain-free. It doesn't require the wholesale removal of your technology, expensive investment, painful integration and months of disruption impacting staff and customers.
With a cloud-based platform, such as the Eckoh Experience Portal, you can quickly access all the engagement channels and payment solutions you need to truly transform customer engagement and protect customer data as well as achieving, and maintaining, PCI DSS compliance.
Publish Date: June 2, 2020 4:16 PM
Zoho CRM Suite
Zoho CRM is a world leading cloud based customer relationship management suite covering all CRM functionalities a modern company needs :
- Multi Channel Lead Management
- Sales Force Automation
- Quotation & Order Management
- Full 'Lead to Order' process
- After Sales Services
- Social Media Management
- Mass E-mailing & Marketing Automation
& several other capabilities
eGain Solve™ is the industry’s leading cloud solution for omnichannel customer service and engagement. As the industry’s only unified customer engagement and knowledge management software suite, eGain Solve helps businesses design and deliver smart, connected customer journeys across social, mobile, web, and contact centers. The suite consists of modular, best-of-breed applications built on a unique customer engagement hub platform, eGain CEH™ Platform, that combines 360-degree customer context, intelligent process guidance, and actionable knowledge to enhance every customer interaction. The web-services-based architecture of the platform enables rapid innovation and extension of customer engagement capabilities.
Creatio(formerly bpm'online) Process-driven unified CRM
Unified Marketing, Sales, Service CRM built on a business process management (BPM) platform. Award winning CRM .Recognised by Gartner, Forrester, OVUM, Nucleus research as leading marketing automation, sales automation, customer engagement, business process automation and dynamic case management software.
A new process-driven CRM and not the traditional CRM type.
Trendzact’s CRM case management platform specializes in contact engagement centers with complex workflows or integrations. Our features, full customization, scalability, native on-demand AI and flat-fee pricing sets us apart from the competition.
|Contact centre resilience – 5 lessons learned from COVID-19||June 16, 2020 5:26 PM|
|How to make remote working secure||June 2, 2020 4:26 PM|
|Self-Service - what's in it for me?||June 2, 2020 4:22 PM|
|How can I avoid storing card data when taking payments?||June 2, 2020 4:16 PM|
|Your PCI DSS compliance – can you see the hidden threats||June 2, 2020 4:13 PM|
|Are your callers trapped inside the IVR that time forgot?||August 9, 2016 5:00 AM|
|Fine Tuning Your IVR Can Win You Customers||July 28, 2016 5:00 AM|
|What to do — if your IVR behaves badly?||July 14, 2016 5:00 AM|
|Should we use Pause-and-resume call recording to meet PCI Compliance?||May 4, 2016 5:00 AM|
|It’s true- IVR Systems don’t have to be frustrating||March 30, 2016 5:00 AM|