With Christmas fast approaching, contact centres are preparing for an escalation in calls and transactions that the festive season brings. However with payment card fraud continuing to rise and data theft constantly in the news, just look at the recent cyber attack on the Talk Talk consumer website, non-PCI DSS compliant contact centres could be risking more than just a fine.
1) News Travels Fast
Survey findings from the Contact Babel, The UK Contact Centre Decision-Maker's Guide 2015, worryingly revealed that almost a third of medium sized organisations have no compliance programme in place. With several versions of the standard now available via SAQ (Self Assessment Questionnaire) there is little argument as to why a programme shouldn’t be at least road mapped.
In the age of social media, where good news travels fast and bad news even faster can a brand afford for clients’ card data to be lost with the resulting PR backlash?
Referring to the downloadable PDF of the VISA Merchant Agents List to engage with a trusted advisor is a useful first step to vetting vendors and avoiding fines and lawsuits, in the event of the unthinkable happening and customer card data being stolen.
2) The Buck Stops With The Merchant
Delivering a good customer experience is about more than swift call response times. Paying for goods and services remotely is the norm for consumers and they expect their personal card account information to be kept safe. Every contact centre that accepts credit and debit card payments over the telephone is responsible for safeguarding their customer’s information and can be held liable for security compromises.
The Payment Card Industry Data Security Standard (PCI DSS) is intended to protect cardholder data wherever it resides and failure to comply with PCI DSS can result in hefty fines, not to mention the damage to reputation and lost sales. By complying with PCI DSS, merchants and service providers meet their obligations to the payment eco-system and build a culture of security that benefits everyone.
3) PCI DSS Compliance Is Not A One Off Exercise
PCI DSS is a change in mind-set, a change in attitude towards the handling of card data. It’s not like other industry accreditations where organisations can prepare the night before an audit and scrape a pass. It is the implementation of security procedures that will underpin the company’s behaviour when dealing with payments as well as how networks are designed, plus how access is granted and logged.
PCI DSS compliance must be revisited every year and that takes time and resource, it is effectively a full time job. Employing a compliance officer, who has the complete support of the contact centre management and the authority to update the status quo, ensures the required changes are driven through.
4) Awareness Is Increasing
The Payment Card Industry Data Security Standard (PCI DSS) was originally the brainchild of the world’s five largest payment card providers VISA, MasterCard, American Express, Discover and JCB International. Today, it is a global framework that provides guidance on how to process, store and transmit information about payment cards and their owners, with the aim of reducing the incidence of card fraud and promoting best practice in information security.
In the event of a loss of data or cards being used fraudulently, fines are passed down the chain from VISA and MasterCard at the top to the merchant/retailer at the bottom. The consumer doesn’t suffer financially as measures are in place and assurances given to prevent this happening.
However, if something goes wrong, consumer brand loyalty can quickly fade.Customers transact with an organisation because they feel confident that their payment cards will not be compromised, their personal details are secure and their identities cannot be stolen.
In the event of a security breach individuals will be inconvenienced and could suffer emotional distress at the thought of their details being stolen and used fraudulently. This could lead to a reduction in customer confidence in both the method of payment and the retailer who caused the problem. Reactive contact centres could find themselves quickly playing catch up as their customers vote with their feet.
5) Becoming And Remaining PCI DSS Compliant
Every contact centre that accepts credit and debit card payments over the telephone needs to be PCI DSS compliant. However, what many contact centres don’t realise is that PCI DSS covers the entire trading environment, meaning all third-party partners and vendors that handle card data on their behalf or supply services where card data is transmitted, must also comply before full PCI DSS compliance is achieved.
The latest version of PCI DSS introduced a new requirement compelling service providers to supply a "Responsibility Matrix" which defines who is responsible for each of the 300+ PCI controls; namely the client, the supplier or both. It is worth stating at this point that PCI is not intended to trip up organisations or waste time; it is intended to secure cardholder data. Achieving PCI DSS compliance increases trust between an organisation and its partners and suppliers and boosts customer confidence.
The best way to minimise future costs as the standard evolves is to take good advice in the first place. Minimise exposure to the primary risk areas such as staff and infrastructure. Invest in training and education on the PCI DSS standard in order to have the talent in house and work with payment organisations that are themselves Level 1 PCI DSS compliant. Remember there is no such thing as a compliant software solution.
The moral of the story is - put a checklist in place, work with the right payment solution provider, get a compliance programme underway and have a safe, secure and profitable Christmas.
About Encoded Ltd.:
Encoded provides interactive voice response solutions and automated payment solutions. Encoded has invested in achieving the highest level of PCI DSS compliance. It has a Level 1 Attestation of Compliance (AOC) which applies to organisations that store, process and/or transmit more than 300,000 Visa transactions per year it also appears on the Visa Europe Merchant Agents List.
Published: Wednesday, November 25, 2015
ASC Recording Insights and neo
ASC Recording Insights guarantees legally compliant recording and analysis of all communication channels in Microsoft Teams - including audio calls (internal and external calls), chat conversations and video meetings.
neo Recording, QM & Analytics address all enterprises with recording needs, especially contact centers. The content of communication becomes accessible and critical information and trends are revealed, providing real-time business intelligence for immediate management action.
|2.)||Call Center Studio|
Call Center Studio
Call Center Studio is the world’s first call center built on Google and is one of the most secure and stable systems with some of the industry’s best reporting. It is one of the most full-featured enterprise grade systems (with the most calling features, one of the best call distribution, outbound dialing features and integrations—including IVR, AI Speech Recognition, blended inbound/outbound calling and includes Google’s new Dialogflow and Speech API. Call Center Studio is the absolute easiest to use (with a 10 minute setup), and is the price performance leader with lower equipment cost and less setup time.
Microsoft Teams Cloud Recording Service
Geomant offers a fully managed recording service for those organisations who need to address compliance or quality management while working on Teams. The Service utilises Verint’s market leading recording technology and is hosted by Geomant in Microsoft Azure. Our managed service approach is unique in that it allows organisations to benefit from advanced recording features, all while being free from any technical infrastructure or maintenance requirements that come with a traditional on-premises set up.
|4.)||Lieber & Associates|
Recording System Consulting
L&A provides vendor-independent consulting services to select, contract for, test, and implement contact center recording systems. The firm's consultants specialize in contact center I.T. and have several decades of experience each with all major and many smaller makers of phone and call recording systems.
Numonix's IXCloud is one of the first fully managed compliance recording solutions for Microsoft Teams. IXCloud securely records, stores and analyzes interactions in the cloud without physical or virtual servers. As a fully managed Azure-based, Software-as-a-Service cloud interaction recording solution, IXCloud takes interaction capture into the future. It enables instant and elastic scalability to support business growth and provides the necessary tools to enhance business performance while maintaining compliance. IXCloud redefines versatility with its OpenAPI framework that enables application development. Companies and third-party developers benefit from IXCloud native capture technology, whether it be integrating with internal systems or building a third-party application.
Enterprise recording management for storage, retrieval, playback, and monitoring communications throughout your contact center.
Record screen activity and calls across agent workstations, measure and monitor quality levels across all campaigns and analyze recordings to capture first-hand customer data and requirements.
Easly access all recordings and critical information to provide improved customer experience, sales, and productivity!
Oreka TR total recorder includes all of the call recording capabilities you will need, at about half the cost of competing for call recorder solutions, including screen recording, mobile phone recording, live monitoring, on-demand recording, multi-tenancy, multi-site recording, audit trail, call exporting, retention management, auto-tagging (for speech analytics and phrase spotting) and so much more.
Call recording solution fully integrate to all main pbx solutions.
|9.)||Teckinfo Solutions Pvt. Ltd.|
InterDialog UCCS enables organizations to adhere to all compliances with its inbuilt call recording software and also has an option for screen recording. With centralized repository of all voice logs, its easy to maintain & retrieve all voice files and have a central control in case of multiple branches set up.