Every contact centre that accepts credit and debit card payments over the telephone needs to be PCI DSS (Payment Card Industry Data Security Standard) compliant. However the process of becoming and staying compliant can be hugely expensive. The interpretation of the 258 controls often results in confusion and conflicting advice from PCI Qualified Security Assessors (QSAs).
Information about the "dos" and "don’ts" of PCI DSS and its cost and impact on every day business processes can often result in companies putting off the process or self-certifying unaware of the risks should they then suffer card data loss. For many once PCI DSS has been achieved the expense in time and resource leaves them with very little to show or to shout about.
The answer is to wise up on what compliance really means and what the responsibilities really are. PCI DSS covers a great many areas and touches almost every aspect of an organisation’s operations. Compliance in the contact centre should address risk and be achievable for a sensible and realistic cost. To understand the practices for each of the 258 boxes that should be ticked takes detailed knowledge; however, looking at the key vulnerabilities, namely staff and the choice of third party payments supplier, will result in large reductions in both PCI DSS scope and the price of securing your customers’ valuable information.
There is no such thing as a PCI DSS compliant solution
Solution providers can make the mistake of marketing their products as "PCI DSS Compliant" – there is no such thing. It is correct, however, to state that a given solution can help achieve compliance. Any third party payment service provider needs to be able to prove it is PCI DSS compliant. This is because the overall contractual obligation of compliance is always between the merchant and their merchant bank. So the third-party organisation which may include outsourced contact centres, payment service providers or collections companies will not get fined in the event of a breach that results in card data loss or fraud. The buck stops with the merchant.
Get smarter – chose the right payment solution for customer demographics
No one payment solution fits all. Different people prefer different methods of payment. A younger tech-savvy demographic may be happy with mobile payments while more mature customers may prefer to speak to an agent. Therefore think of customer demographics and select a payment solution to suit. This usually results in a requirement for multiple payment methods being implemented but has the overall benefit of reducing frustration felt by customers that would have otherwise been forced to use a payment service they’re not comfortable with.
Continuous authorised payments (also known as recurring payments) can help to reduce the scope and cost of PCI DSS compliance audits. Once an initial transaction is verified the card used becomes trusted and any repeat uses will not require details to be taken again. On average 40% of customers will opt to have their card details stored for future use. However, there may not always be funds available on the stored card and therefore payments can be declined. Some suppliers, such as Encoded, have a Tokenisation feature to enable card holders to validate and amend stored cards when something goes wrong; avoiding fines, fees and interest charges by self-managing the details held on file.
Tokenisation, recurring and stored card payment solutions mean that organisations with contact centres can vastly reduce the scope of their PCI DSS audits. Tokens can only be used through specific payment gateways and if they are stolen or written down then the Token is completely useless to anyone outside the payment environment. So take the time to wise up on PCI DSS and save money.
About Encoded Ltd.:
Encoded provides interactive voice response solutions and automated payment solutions. Encoded has invested in achieving the highest level of PCI DSS compliance. It has a Level 1 Attestation of Compliance (AOC) which applies to organisations that store, process and/or transmit more than 300,000 Visa transactions per year it also appears on the Visa Europe Merchant Agents List.
Published: Friday, February 20, 2015
6.) | Pointel Genesys Workforce Management WFM Voice Self-Service allows agents and supervisors to access and update workforce management information from any telephone. Leveraging the Genesys Voice Platform and its open standards-based techonologies such as VoiceXML, robust applications can be developed to provide "anytime, anywhere" access to WFM planning and scheduling and real-time fuctions. These valuable additions to the standard WFM solution can be tailored to meet the unique needs of the contact center. WFM Voice Self-Service can be deployed either in enterprise premises or hosted in a service provider's network. If the client is a Genesys Voice Platform customer, they can run WFM Voice Self-Service on the Genesys Voice... (read more) |
NEXTGEN-TV PROGRAMMING
NOW PLAYING
Starting on the hour every hour today
Coming up this Week
video flow is not smooth, but audio is smooth
I am checking out all the amazing and daily updated content on ContactCenterWorld.com and networking with professionals worldwide
Send To Friends Post On My Wall