Are you worried that storing customer card data will make you a target for criminals? If so, you're not alone. Most merchants feel the same way. But there is an answer.
Most of us would feel on-edge if we walked around with £50,000 in crisp banknotes stuffed into our pockets. So it's no surprise that the majority of merchants feel the same about the precious customer card data they're holding onto in their contact centres — especially as it places them within scope for PCI DSS compliance.
Recent research from American Express shows that 55% of merchants store customer profiles and card payment details for future purchases — and another 22% plan to do the same in the next 12 months*. However, 73% of merchants feel that storing customer credit cards on file is a security concern for their business. And 76% would prefer not to store customer credit card details at all. Some are bothered about the costs involved too.
But it seems that the need to offer simple payment options and deliver great customer experiences — to stay competitive — may have pushed merchants into this uncomfortable position. So what's the answer?
Where is card data hiding?
Before looking at solutions, it's worth exploring where customer card details are stored within a typical contact centre. It can be unnerving to discover where pockets of precious data end up:
PCI DSS non compliance isn't an option
Any merchant that wants to process, store or transmit credit card data needs to be compliant with PCI DSS industry standards. Navigating PCI DSS involves checking PCI merchant levels, investigating the best way to provide PCI DSS compliant payments and completing a PCI assessment.
But attempting to handle each of these areas yourself using an array of PCI DSS compliant solutions can be complex, costly, time-consuming — and never totally secure. Think about new equipment, integration, patching, training and trying to enforce strict policies. Even then, you're still vulnerable to human error, mischief-making or insider fraud
You'll still be a target too — for criminals that are getting increasingly sophisticated in their modes of attack. So what's the alternative to trying to sort your own contact centre compliance?
Lifting the burden from your business
Rolling back on customer convenience isn't the way to go. But it's possible to overcome the data security risks by using a solution that prevents data entering your systems in the first place – such as Eckoh CallGuard or ChatGuard.
For customers, the process is ultra smooth. They still speak or chat to your agents, use your familiar apps and your website as normal. What's more, with a PCI Level 1 partner such as Eckoh, you can add extra payment methods securely — such as Alternative Payments, Chat Payments or IVR payments.
Behind the scenes, CallGuard prevents any sensitive data from entering your contact centre systems. Instead, data passes through Eckoh’s secure platform to the Payment Service Provider (PSP) and transaction success is confirmed by return.
Inside your contact centre, the data is masked by Eckoh’s patented tokenisation technology which makes sure that the real card data is not exposed to your agents or systems.
So your entire contact centre environment is shielded from any trace of sensitive data. This means that even if criminals managed to get around your security, infiltrate your workforce or obtain information from systems — there's nothing sensitive to steal.
Entirely de-scoping your contact centre means that customer service directors, contact centre managers, chief security officers and heads of compliance can breathe a sigh of relief. While they cannot pass on the whole burden of PCI DSS compliance, it can ease the load, risk and the worry.
Call centre compliance made easy
De-scoping your contact centre can be quick and relatively pain-free. It doesn't require the wholesale removal of your technology, expensive investment, painful integration and months of disruption impacting staff and customers.
With a cloud-based platform, such as the Eckoh Experience Portal, you can quickly access all the engagement channels and payment solutions you need to truly transform customer engagement and protect customer data as well as achieving, and maintaining, PCI DSS compliance.
Publish Date: June 2, 2020 4:16 PM
Provide an unparalleled, engaging user experience for the creation of dynamic voice broadcasting campaigns. Its block-based interface enables you to develop easy to complex call flows aligned with given strategic business targets by simple drag and drop operations.
Mass Automated Telephone Surveys are based on a key-pad answering system that enables you to poll large audiences with your own custom questions. They are great for:
- Building Customer Loyalty
- Lead Generation
- Enhancement of Current Service Portfolios
Manage the platform with great ease and assess your results. Schedule your demo or request a quote today!
|Contact centre resilience – 5 lessons learned from COVID-19||June 16, 2020 5:26 PM|
|How to make remote working secure||June 2, 2020 4:26 PM|
|Self-Service - what's in it for me?||June 2, 2020 4:22 PM|
|How can I avoid storing card data when taking payments?||June 2, 2020 4:16 PM|
|Your PCI DSS compliance – can you see the hidden threats||June 2, 2020 4:13 PM|
|Are your callers trapped inside the IVR that time forgot?||August 9, 2016 5:00 AM|
|Fine Tuning Your IVR Can Win You Customers||July 28, 2016 5:00 AM|
|What to do — if your IVR behaves badly?||July 14, 2016 5:00 AM|
|Should we use Pause-and-resume call recording to meet PCI Compliance?||May 4, 2016 5:00 AM|
|It’s true- IVR Systems don’t have to be frustrating||March 30, 2016 5:00 AM|