Card data breaches can severely damage your brand’s reputation.
Figures from UK Finance confirm that theft of personal and financial data through social scams and data breaches was a major contributor to fraud losses in 2018. The Information Commissioner’s Office (ICO) reports that during Q2 of 2018/19, there was over 4,000 data security incidents. Information stolen through a data breach can have on-going ramifications because the data can be used for months, or even years, after the theft.
PCI DSS in Contact Centres is a Challenge
Firms that suffer a data breach where customers’ card data is compromised that are not PCI DSS compliant can face punitive fines, and be liable for costs of fraud incurred by the victims. Yet, many contact centres still take chances with a piecemeal approach to managed card payments.
The problem is storing customers’ card details. Most organisations do not store customers’ card details, at least not intentionally. However, there is an issue with voice based calls and when it comes to making a payment. While consumers are generally happy to give their card details over the phone, this is a breach of best practice security. If the call is being recorded, the card details are being stored, and many people have access to call recordings. The alternative might be to ask the customer to visit a website to make a secure payment, but this means losing contact with the customer during this vital last step, and potentially losing sales as a result.
Reducing card fraud in Contact Centres
According to the UK Contact Centre Decision-Maker’s Guide (DMG) published by analyst firm ContactBabel, there are eleven different ways in which contact centres attempt to reduce card fraud. These range from using technology to physical methods such as clean rooms where pens, paper and mobiles are prohibited. The four main ways in which card payments are processed include:
- Stop-start recording, so that card details are not recorded. This relies heavily on the agent to remember, and is inherently unreliable.
- Dedicated payment teams working in clean rooms where nothing can be written down or photographed (with a phone for example). Not particularly popular with agents.
- Use of Interactive Voice Response systems to take the payment which cuts out the agent, but card data is still held within the organisation and is a less than optimal experience for the customer.
- Payments can be outsourced to a third party. This removes the issue completely, but then the contact centre again loses contact with the customer at the key moment, and is reliant on the security systems of a third party.
New ways to take card payments
However, there are now easier ways to take card payments in the contact centre that significantly improve the customer experience, while keeping that vital contact with the customer.
Cirrus’ new Link Pay+ solution, sends a secure link to the customer via any digital channel (email, web chat, WhatsApp, SMS, FB Messenger etc), while the agent is still talking to them. The customer can complete the transaction via the secure link, with the agent providing support as they can see the status throughout the payment process.
A much better experience for the customer, and no lost sale for the agent. Neither the contact centre nor the agent ever sees the customer’s card details, ensuring the transaction is PCI DSS compliant.