4 Steps to Secure Contact Centre Payments
According to IBM’s 2022 report, the average cost of a data breach is a staggering 4.35 million USD. As security threats continue to increase in sophistication and frequency, and data privacy regulations develop, organisations need to manage the ever-present threats when protecting sensitive customer data. This can be a particular challenge for contact centres taking payments. Here are some ways in which organisations can secure contact centre payments and ensure regulatory compliance without compromising on CX.
1. Secure Phone Payments
According to data from a 2022 Hiya report — surveying 12,000 consumers across the US, UK, Canada, Germany, France and Spain — 32% of people prefer phone calls over all other communication methods when interacting with brands.
For many contact centres, over-the-phone payments are a key component of operations. A good over-the-phone secure payments solution can completely prevent customers’ sensitive payment data from entering the contact centre environment while simultaneously improving CX by allowing the agent and customer to stay in conversation throughout the secure transaction.
Agent-assisted payments involve solutions that integrate with the call flow. At the point of payment, customers are prompted to either speak their numeric card details or enter them using their telephone keypad. The sensitive financial data is captured and then replaced with asterisks utilizing Speech Recognition and DTMF (Dual Tone Multi Frequency) Masking technology. While the agent doesn’t hear or see the card data, they are able to maintain a conversation throughout the process without being exposed to sensitive payment data including the PAN and the CSV, drastically reducing the scope of PCI compliance.
By ensuring payment data does not enter nor is stored in the contact centre’s systems, the risk of data breaches is significantly reduced. It also provides companies with a secure way of handling CNP (card not present) payments by phone without bringing their environments in scope of PCI DSS. And because agents and customers can stay connected throughout the transaction process, providing an optimized secure payment experience for both customers and agents is easier than ever.
2. Provide & Protect Digital Payments
Digital payments have become an integral part of the modern world and have made it easier and more convenient for consumers to make transactions via multiple channels, regardless of location. This is particularly important in contact centres where the ability to quickly and securely process payments can be a significant competitive advantage.
Digital payments allow customers to make payments quickly, from anywhere, at any time and agents can deliver a more efficient customer journey and serve more customers. Digital payments are also one of the most secure options when processing payments. Measures such as MFA (Multi-factor authentication) and biometric identification take data security one step further and ultimately provide organisations with a way to simplify regulatory compliance and enhance the payment experience.
3. Leverage IVR Payments
Interactive Voice Response (IVR) systems are widely used in contact centres to handle payments. Contact centres can use a secure IVR system to route payment information directly to the payment gateway. This process protects cardholder data by ensuring financial data is not stored in the contact centre’s systems and reduces the risk of data breaches.
4. Achieve PCI Compliance
Payment Card Industry Data Security Standard (PCI-DSS) is a global security standard for businesses handling major credit cards aimed at reducing fraud. It sets a minimum level of security organisations must meet when handling, processing, and storing credit card information.
Descoping your infrastructure from the requirements of PCI DSS continues to be the simplest and most cost-effective option for businesses. In the context of the PCI DSS, this translates to keeping customers’ card data out of company systems and minimizing contact areas where data is processed or stored. This can be done by outsourcing payment processes to a compliant third party.
Secure Contact Centre Payments with PCI Pal
PCI Pal solutions such as Agent Assist, IVR and Digital Payments allow businesses to ‘descope’, ensuring sensitive data never enters the business environment. They create an environment for taking payments by phone or any digital channel from customers without sensitive credit card data being seen, heard or stored. This prevents fines for non-compliance, safeguards the organisation’s reputation with customers, and improves CX.
Connect with one of our experts to see how PCI Pal’s innovative secure payment solutions can be seamlessly integrated with your contact centre operations to ensure compliance without compromising the customer experience.