The PCI Compliance Solution for Local Authorities

Blog
11 September 2020
Flowers in front of Waltham Forest City Council.

Any organisation that handles card payments over the phone needs to comply with the PCI DSS. This is a set of 12 binding requirements, designed to ensure complete data protection for organisations that handle payment cards over the phone.

Proper compliance includes ensuring no payment card information is stored. It also means having no manual intervention to capture card details verbally during a call.

This poses a significant challenge for many organisations that are required to record telephone calls for compliance purposes with regulatory bodies.

Local Authorities Are No Exception

For councils, handling thousands of financial transactions every month is an important task. Alongside payment methods that happen face to face or via postal cheques or direct debits, telephone-based payments continue to be a popular choice. Payment via phone is one method that councils need to offer to those living in their town, district, or borough.

The difficulty arises however when payment solutions need to not only be accessible, but compliant with telephone payment security guidelines. Compliance ensures payments are handled in the most secure way. With data breaches regularly reported in the media, local authorities would not want to be exposed by non-compliance or data breaches.

At present many local authorities are heavily reliant on customers paying through Interactive Voice Response (IVR) systems. These are automated systems that allow a computer to recognise and process both speech and DTMF telephone keypad tones.

While IVR systems protect data, they sometimes offer a less-than-perfect customer experience. Some customers struggle to navigate the automated process, resulting in high levels of call – and payment – dropouts.

When customers are paying a car parking fine or something similar, they may already be frustrated or reluctant to pay. Adding complicated automation at such a time is not helpful.

A more constructive solution is to simplify the process. This reduces dropped-call rates, garners more transactions, and leaves customers happier.

Searching for Efficient Call-Handling Solutions

Councils are looking at ways to make call handling as efficient as possible, while providing a quality experience to the person at the end of the line.

The use of external APTs is becoming less popular as people are often uncomfortable being transferred elsewhere to provide payment card details. They may also not understand how to provide their details using an automated system.

The preferred solution is taking payments while keeping the customer on the phone. However, historically there have been PCI  compliance issues with this approach. In that scenario, agents are exposed to customers’ sensitive card data, which creates a potential risk.

With customers from every walk of life – from young to older people, those who are familiar with technology and those who are not – councils need to identify a payment solution that is seamless.

They need one where their trained customer service team can fully assist for an improved service while ensuring payments are taken securely.

How PCI Pal Solves the PCI Compliance Issue

PCI Pal Agent Assist fills the gap for those local authorities who are looking for an answer to the ‘customer service / payment security’ conundrum. It enables Councils’ contact centre agents to take card payments securely, while maintaining an open dialogue with the customer.

It does this by using DTMF (dual-tone multi-frequency) masking technology, so customers simply enter the card number details using their telephone keypad. Information is then anonymously processed. The agent does not see or hear any card details, and the call does not need to be placed on hold or diverted.

This eliminates the need to transfer calls away from the council’s agents. Instead, they are able to stay on the line to support customers in completing the transaction.

It also means that councils can continue using call recording software, which may have required pausing if people were providing card payment details over the phone.

Agent Assist Advantages

In conclusion, PCI Pal Agent Assist offers local authorities two great advantages:

  1. The local authority is fully PCI compliant with the solution.
  2. Customers receive an excellent customer experience, as contact centre staff remain fully in communication through the payment process.

We have also seen contact centre agent morale receive an unexpected boost when using the solution. Customers find the payment process straightforward, so agents do not have to deal with unhappy customers who are trying to navigate automated payment systems without success.

When you bring it all together, it means fewer dropped calls, reduced call lengths, more payments being processed in a timely fashion and, overall, an improved customer experience.

View more Blogs Knowledge Centre

How can we help?

Get in touch today to discuss our technology and your requirements.

CONTACT US

Sign up for Knowledge Centre notifications

Never miss the latest blog, news, podcast or event. Sign up to be notified when we publish something new.

notify me

You may also be interested in

Pause and Resume
White paper
Pause and Resume Call Recording: Calculating the Risk
Pause and Resume Call Recording: Calculating the Risk
In this white paper, we establish and explain the threats posed by outdated call recording technology, including Pause and Resume call recording. Through it, you'll find an easier path to compliance with data security regulations, meaning less chance of being fined for a data breach.
Read more
Blog
Why Pause and Resume Call Recording Isn’t Enough
Why Pause and Resume Call Recording Isn’t Enough
While the Pause and Resume function seems like a simple solution for achieving PCI compliance, more is needed. Businesses that rely on call recording for their operations need to be aware of the risks of storing sensitive information, the limitations of manual controls and contact centre infrastructure, and the full scope of PCI compliance requirements.
Read more
Success story
Darlington Borough Council
Darlington Borough Council
PCI Pal was selected by Darlington Borough Council to manage the organisation's contact centre payment security and ensure the council adheres to PCI DSS standards.
Read more
Darlington Borough Council secures contact centre payments with PCI Pal®
News
Darlington Borough Council Secures Contact Centre Payments with PCI Pal®
Darlington Borough Council Secures Contact Centre Payments with PCI Pal®
Darlington Borough Council has selected PCI Pal® (LON: PCIP), the global SaaS provider of secure payment solutions for business communications, to manage its contact centre payment security and ensure it adheres to the compliance standards relating to card-based payment transactions.
Read more

More related content

Chat with us