The US PCI Pal team attended Enterprise Connect 2018 in Orlando, FL along with thousands of attendees from around the globe for four days of presentations and products from analysts, consultants, vendors, and customers showcasing cutting-edge solutions.
Walking around the event, we met with partners and industry analysts and saw hot button tech topics featured such as AI and chat technologies. Of the show agenda’s nine tracks, our team put a special focus on the contact center / customer experience track. This track aimed to provide attendees insight into the state of today’s contact center market, and on adoption of cloud-based systems, as well as detailed analysis of multichannel capabilities, and analytics to give agents new tools for providing a great customer experience.
But of course with the news around the lawsuit facing Facebook and political consulting firm Cambridge Analytica for obtaining users’ information without permission and the Equifax hack last year, consumer data privacy was also top of mind for most people we spoke with at the show. And for good reason – in almost all payment card data breaches recorded by Verizon’s PCI DSS Compliance Report, the businesses hit were not PCI DSS compliant at the time of attack. Businesses who don’t get their houses in order to meet new regulations and mitigate breaches are risking massive consumer backlash.
It was unsurprising then that we heard so many potential customers asking us whether what they had in place was good enough. The answer in almost every case was, “No.”
Many people would say, “Oh, we became compliant years ago.” However, the solutions or compensating controls from years ago are not enough to meet more recent regulations, and organizations will need a solution that brings them up to date and takes them into the future.
Some of the most common inquiries received were:
- “We have a solution in place, we pause and resume.”
- “I don’t understand what the new regulations mean for our contact center.”
- “How do we meet new regulations while keeping it an easy process for our agents?”
Now, option 1 is not a solution per se, it’s a short-term band aid at best. Compensating controls like this still leaves businesses at risk. But these concerns can be easily addressed through the right technology.
Technologies that circumvent the need to speak sensitive details out loud, instead allowing the customer to key in their credit card number, expiration date, and CVV on their phone keypad instead, immediately reduce the risk for both the agent and the customer. Our approach is to then route the information to our PCI DSS Level 1 Certified Platform, descoping the customer’s environment from PCI DSS and removing the need to store any sensitive data in the network environment. By integrating with the call flow at the point of payment, this approach ensures that the agent is never exposed to sensitive card data. This allows the agent to receive the payment and approval all while the customer and the agent continue to speak throughout the entire process.
As we watch global tech giant Facebook lose billions after this breach of trust and consumer data and the clock ticks down to the GDPR deadline, it’s more important than ever to make sure businesses are safe from breaches. Adopting approaches like this that minimize the risk for users and employees alike. While collaborative and more traditional connective solutions have dominated the industry debates in recent years, the buzz around security and prevention at this year’s show was much louder than in previous years. Good news as we approach some significant regulation deadlines!
If you were at Enterprise Connect and missed us or/and have any questions about how to keep payments secured, get in touch with our secure payment specialists.