Thomas Rodseth, VP of Product & Marketing at Puzzel says ignoring PCI DSS is like leaving the house without locking the front door or closing the windows but some contact centres are doing just that by paying lip service to security. It’s time to safeguard customer data by improving processes around people, storage and infrastructure
According to the UK Cards Association, the number of purchases using debit and credit cards has more than doubled in the past ten years “with spending equivalent to a third of the UK’s GDP.”[i] People just love to pay by card, it’s quick and easy but how secure is it? If statistics from Financial Fraud Action UK are anything to go by, the answer is not as secure as it could be. Research indicates that security is a growing problem with fraud losses on UK-issued cards totalling £567.5 million in 2015, an increase for the fourth consecutive year.[ii] Perhaps even more worrying is, despite the introduction of official standards frameworks such as the Payment Card Industry Data Security Standard (PCI DSS), the threat of those gaining illegal access to sensitive customer card information looms large.
So just how can contact centres improve security for customers? Organisations are exploring numerous ways of making the card payment process and storage of customer data safer. Methods range from improved use of passwords, encrypting traditionally weak access points to the network such as corporate social media accounts, to setting up automatic SMS alerts to detect and flag up anomalies to agents. Some are even experimenting with new technologies such as phoneprinting and voice biometrics. But it doesn’t have to be that complicated. Firstly, acknowledge where the weaknesses are in your organisation then combine people, process and technology to create a watertight security framework.
Step one: Focus on the top three security danger spots
- People – the ability for dishonest or careless employees to access call recordings or write down card details should not be ignored
- Storage – contact centres understand the importance of protecting customer data from fraud and cybercrime but don’t always know how to store it correctly or even where it is stored
- Infrastructure – does the technology you use to take card payments and store card details pass the test? Are you confident it can aid organisational data security and drive compliance?
Step two: Blend people, processes and technology
Improve processes and agent training – the road to effective compliance management involves so much more than technology. Remember, threats don’t necessarily come from the outside. Particularly during busy times, agents might inadvertently write down credit card details or fall prey to phishing and mistakenly click on a rogue email. Automated processes backed up with a rigorous training programme that educates staff about the perils of mishandling sensitive or personal data are critical
Choose the right partner – one which practices what it preaches and has followed the due diligence process to achieve PCI DSS compliance. This will signal its dedication to security, quality and customer focus along with the knowledge and expertise to guide you through important security and PCI DSS audits.
The right partner will provide assistance by making its support staff, technicians and product managers available to discuss your specific needs, challenges and other issues. The company should also have a dedicated customer portal: providing secure access to log search, configuration, statistics and more. Round-the-clock accessibility and online support are great comfort factors that will ultimately build confidence and reassure customers that their data is protected at all times.
Technology – the deployment of a secure cloud-based solution is one way of increasing security levels. In particular, look out a supplier that offers:
- A complete portfolio of payment solutions and anti-fraud tools
- Flexibility, visibility and high levels of integration with other Payment Service Providers (PSPs) which means that agents can switch freely between applications without having to make changes to other payment integrations, saving time and boosting security levels
- Efficient reporting, statistics and settlement reporting for all payment channels
- Professional hosting environments that require minimal in-house technical expertise and take away the headache of managing all forms of card payment;
- Stable solutions, a 24/7 duty system and continuous monitoring 365 days a year.
Future-proof your contact centre using PCI DSS
Once introduced, the same PCI DSS principles can be applied to future-proof your contact centre and meet the challenges of legislation such as the General Data Protection Regulation (GDPR) coming into force on 25th May 2018. GDPR encompasses all personal customer data, not just payment cards. The good news is that contact centres which already focus on the security of card payments and ensure their customer card data is stored, transmitted or processed securely will be far ahead of the competition when it comes to compliance with new legislation.
There really is no time to lose. Take a fresh approach to data security and reap the rewards of significant time and cost savings, improved agent confidence and greater customer loyalty by making your contact centre as secure as possible with a modern, cloud-based integrated solution.