JOIN US AND HEAR BEST PRACTICES
At the 2019 NEXT GENERATION Contact Center & Customer Engagement events - Click here to book now
Industry Research : PCI DSS: 3 Surprises from Latest Contact Centre Report
The UK Contact Centre Decision-Makers’ Guide (DMG) revealed several surprises in terms of PCI compliance and card fraud reduction in its 15th edition. This report studying the performance, operations, technology and HR aspects of UK contact centre operations is produced annually by analyst ContactBabel. Taking a random sample of the industry, 218 contact centre managers and directors answered a detailed structured questionnaire during the summer of 2017.
In the PCI DSS Compliance and card fraud reduction section of the report there were three main surprises highlighted by the research:
* Pause and resume or "stop-start" recording which aims to prevent sensitive authentication data and other confidential information from entering the call recording environment remains consistently the most popular method of compliance with 60 percent of respondents using this method.
* The number of respondents using DTMF tone suppression, the often promoted alternative to pause and resume, fell from 22 percent last year to 14 percent this year.
* The cost of compliance is causing organisations to rethink how payments are taken in contact centres, with 7 percent of respondents no longer accepting payments in this way.
Sponsor message - content continues below this message
2019 '14th annual' Global Contact Center World Awards NOW OPEN!
Enter your Center, Strategy, Technology Innovation, People and more into the ONLY TRULY GLOBAL awards program - regarded by many as being like the Olympics for the Contact Center World! Join the best from over 50 nations and compete for the most prestigious awards out there!
Content continues ….
What do these surprises mean?
Increasingly at Encoded, we are seeing that the requirements and costs associated with payment technology, processes and training outweigh the benefits of taking payments by phone in contact centres. However, there are ways to reduce these costs and the complication often associated with PCI DSS compliance.
For almost three-quarters of survey respondents software and/or payment technology is the single largest cost associated with compliance (particularly in small and medium-sized operations). While in the largest contact centres, training staff in card fraud prevention techniques and processes is the greatest cost in 36 percent of cases.
Ringing the changes for how card payments are taken
It would appear the cost of compliance is therefore causing many organisations to rethink how they take card payments. We find an agent processing card details is still the preferred method and offers the best customer service, but there is confusion around the need for tone suppression (whereby DTMF tones are captured and altered making them unidentifiable), and this in particular is pushing up the cost of technology to support card payments.
However, one of the other surprises of the report was that the use of DTMF tone suppression was down this year from 22 percent to 14 percent. While price and reliability may be contributing factors to this decline, there is the added problem of discrimination and a potential legal and social media backlash. By restricting the contact centre to only accept card data via DTMF tones could mean that some people are effectively being discriminated against by not being able to make a payment or have increased difficulty to do so, particularly if they are either elderly or disabled in anyway.
Therefore, it was good to see "pause and resume" still performing well. Despite some commentators claiming pause and resume is dead, ContactBabel’s Report shows that it remains consistently the most popular method of compliance and used by over 60 percent of respondents. It is typically far cheaper to implement than almost any other option and offers the highest level of customer service.
Other less expensive options for compliance.
It was also good to see other less expensive options for maintaining PCI DSS compliance mentioned in the report for example:
Improving agent processes and training – according to the report, this is the second-most widely used method by contact centres. The relatively low cost of training and education of the risks can go a long way in making staff vigilant to safeguarding data. Regular training including the perils of phishing emails, often a far bigger risk than a rogue staff member writing the odd card number down, can prove vital to securing data.
IVR Payments – although used by only a few, especially large contact centres, automated IVR process to take card details from the customer cuts the agent risk out of the loop entirely.
Third-Party Cloud-Based Payment Solution - no cardholder data is passed into the contact centre environment, whether infrastructure, agents or storage. As such, this can de-scope the entire contact centre from PCI compliance, but does rely on the security processes and operational effectiveness of the service provider.
Before implementing any new technologies or processes relating to achieving compliance, it’s important to consider the level of risk, the time and effort required to complete self-assessment questionnaires (SAQs), the cost of technology and the effect on customer experience.
Whatever solution a contact centre employs, if compliance is being achieved at the expense of customer service, then maybe it’s time to think again.
Posted by Veronica Silva Cusi, news correspondent
Today's Tip of the Day - Multilingual IVR
More Editorial From Contact Babel
About Contact Babel:
ContactBabel, a contact center and CRM analyst firm, was set up in 2000 by Steve Morrell, a leading expert on the contact center industry.
Published: Tuesday, January 16, 2018
With more than 40 years of experience, Bircom has been providing communication solutions to companies of all sizes and companies from all sectors and has been the distributor of companies which are al...
Teleperformance is a global provider of customer experience management in terms of revenue and global scale. We are the industry leader in security and our management has over 30 years of experience w...
Accenture is a global management consulting, technology services and outsourcing company. Accenture collaborates with its clients to help them become high-performance businesses and governments. With ...
Zappix transforms the user journey during contact center interactions. The cloud-based Zappix Visual IVR On-Demand platform provides a full visual experience for customers, increasing self-service ...