The UK Contact Centre Decision-Makers’ Guide (DMG) revealed several surprises in terms of PCI compliance and card fraud reduction in its 15th edition. This report studying the performance, operations, technology and HR aspects of UK contact centre operations is produced annually by analyst ContactBabel. Taking a random sample of the industry, 218 contact centre managers and directors answered a detailed structured questionnaire during the summer of 2017.
In the PCI DSS Compliance and card fraud reduction section of the report there were three main surprises highlighted by the research:
* Pause and resume or "stop-start" recording which aims to prevent sensitive authentication data and other confidential information from entering the call recording environment remains consistently the most popular method of compliance with 60 percent of respondents using this method.
* The number of respondents using DTMF tone suppression, the often promoted alternative to pause and resume, fell from 22 percent last year to 14 percent this year.
* The cost of compliance is causing organisations to rethink how payments are taken in contact centres, with 7 percent of respondents no longer accepting payments in this way.
....NOTE - content continues below this message
INVITATIONWe invite you and your colleagues to join us LIVE as we take the highest rated industry conference back on the road in 2022 - join us and the elite in the industry at the 17th annual NEXT GENERATION Contact Center & Customer Engagement Best Practices Conferences!
>>>>> FIND OUT MORE: HERE
What do these surprises mean?
Increasingly at Encoded, we are seeing that the requirements and costs associated with payment technology, processes and training outweigh the benefits of taking payments by phone in contact centres. However, there are ways to reduce these costs and the complication often associated with PCI DSS compliance.
For almost three-quarters of survey respondents software and/or payment technology is the single largest cost associated with compliance (particularly in small and medium-sized operations). While in the largest contact centres, training staff in card fraud prevention techniques and processes is the greatest cost in 36 percent of cases.
Ringing the changes for how card payments are taken
It would appear the cost of compliance is therefore causing many organisations to rethink how they take card payments. We find an agent processing card details is still the preferred method and offers the best customer service, but there is confusion around the need for tone suppression (whereby DTMF tones are captured and altered making them unidentifiable), and this in particular is pushing up the cost of technology to support card payments.
However, one of the other surprises of the report was that the use of DTMF tone suppression was down this year from 22 percent to 14 percent. While price and reliability may be contributing factors to this decline, there is the added problem of discrimination and a potential legal and social media backlash. By restricting the contact centre to only accept card data via DTMF tones could mean that some people are effectively being discriminated against by not being able to make a payment or have increased difficulty to do so, particularly if they are either elderly or disabled in anyway.
Therefore, it was good to see "pause and resume" still performing well. Despite some commentators claiming pause and resume is dead, ContactBabel’s Report shows that it remains consistently the most popular method of compliance and used by over 60 percent of respondents. It is typically far cheaper to implement than almost any other option and offers the highest level of customer service.
Other less expensive options for compliance.
It was also good to see other less expensive options for maintaining PCI DSS compliance mentioned in the report for example:
Improving agent processes and training – according to the report, this is the second-most widely used method by contact centres. The relatively low cost of training and education of the risks can go a long way in making staff vigilant to safeguarding data. Regular training including the perils of phishing emails, often a far bigger risk than a rogue staff member writing the odd card number down, can prove vital to securing data.
IVR Payments – although used by only a few, especially large contact centres, automated IVR process to take card details from the customer cuts the agent risk out of the loop entirely.
Third-Party Cloud-Based Payment Solution - no cardholder data is passed into the contact centre environment, whether infrastructure, agents or storage. As such, this can de-scope the entire contact centre from PCI compliance, but does rely on the security processes and operational effectiveness of the service provider.
Before implementing any new technologies or processes relating to achieving compliance, it’s important to consider the level of risk, the time and effort required to complete self-assessment questionnaires (SAQs), the cost of technology and the effect on customer experience.
Whatever solution a contact centre employs, if compliance is being achieved at the expense of customer service, then maybe it’s time to think again.
Posted by Veronica Silva Cusi, news correspondent
About Contact Babel:
ContactBabel, a contact center and CRM analyst firm, was set up in 2000 by Steve Morrell, a leading expert on the contact center industry.
Published: Tuesday, January 16, 2018
Branch Employer Payments Platform - Earned Wage Access
Give employees instant access to a portion of their earned wages before payday! Branch helps businesses modernize their payment methods to empower working Americans. Earned wage access—with no-fee banking and access to a digital wallet and free debit card—are just some of the tools in our fast, free, and flexible platform. With Branch, businesses streamline existing payroll processes, save money, and provide faster payments and free digital banking to their employees—no pre-funding or capital required.
Securing payments for on-premise or remote agents for telephone, IVR, web, mobile, Chat and Chatbot.
A patented technology that is flexible way to take secure, PCI DSS compliant payments via live agents over the telephone, web, Chat, Chatbot, or IVR. No sensitive data enters the contact centre environment so, agents do not see, hear, store or record any card or personal details.
CallGuard can be deployed in various ways to fit the way your contact centre works. The solution can de-scope all, or parts, of your contact centre from the scope of PCI DSS compliance and works just as well for on-premise or home/remote working agents.
ChatGuard makes payments in Chat PCI DSS compliant and...
Award-winning PCI compliance phone and multi-channel payment application.
PayGuard® is easy to deploy, very easy for agent to use from the office/contact centre or from home and is affordable.