A recent poll revealed a staggering 75% of UK credit and debit cardholders are likely to avoid retailers that have been affected by a data breach.

Seeing as a data breach can happen overnight, what would you do if 75% of your customers disappeared overnight too?

The Scale of the Problem

Hackers are working tirelessly to circumnavigate any data security measures you might already have in place, and according to Verizon, only 11% of retailers were fully compliant with PCI DSS requirements in 2013, and many of those that were compliant only remained compliant for a short period of time.

It seems many businesses treat compliance as an annual event (usually when the PCI audit comes around!), rather than a continuous project 24 hours a day, 365 days a year.

Taking Cybersecurity More Seriously

Disappointingly, an increasing number of companies and contact centers are opting for half measures, such as pause-and-resume call recording systems. This is better than no PCI solution at all, but it still leaves companies vulnerable to a breach, and pause-and-resume alone does not make you PCI compliant. Payment details can still be intercepted by the agent or from company networks.

A lot of businesses are also looking into implementing an Interaction Voice Response (IVR) system, which is an automated telephony system that interacts with callers, routes the calls and gathers information.

This has its disadvantages, however. The majority of people would rather speak to a live agent rather than a machine, so the risk of losing a sale is increased.

Is There an Answer?

It seems the only way to effectively implement PCI compliance in the contact center is to run a very harsh ‘clean room’ environment, where agents are searched before their shift, with no access to external influences like email and internet, and definitely no pens or paper on their desks!

Clearly, there’s a fundamental flaw here…

It’s highly likely these draconian measures would have a negative impact on customer service and agent morale, resulting in a huge jump in staff turnover.

So, What’s the Real Solution?

What if we told you there’s an easier way? The answer is…


With a PCI Pal’s secure telephone payment solution, Agent Assist, your normal scripting during the call will stay the same. The only change for your agents will come at the point of payment.

The customer will type in their card details using the telephone keypad. Asterisks will appear on screen instead of card numbers and DTMF tones will be masked so that the agent only hears monotone beeps. The customer stays in contact with the agent at all times, which ensures any issues can be dealt with promptly and effectively.

If an error is made the agent simply clicks on the card stage to refresh and the customer will re-type. Once the card details have been successfully collected, the agent will simply press ‘process card’. This will either be accepted or rejected by the bank. If rejected, it’s recommended you try one more time just in case of a typing error. If the card is rejected again, you should advise the customer to contact their bank.

If accepted, we send the collected data via our PCI DSS Level 1 secure network onto your payment gateway.

Your customer’s data never reaches the contact center, your agent’s headset or even your call recording systems.

To find out more about Agent Assist, and the other smart solutions in our PCI compliance suite, please contact our payment security advisers today.