InsureandGo Insurance Services in the UK, Republic of Ireland and Australia has successfully completed the implementation of a new cloud-based solution for handling its PCI compliance requirements, to deliver greater compliance rigour when handling Cardholder not Present payments.
A cloud-based payment security solution from PCI Pal has been implemented by InsureandGo’s long-standing telecoms partner iNet, to replace a ‘pause and resume’ system for improved compliance. Previously, InsureandGo’s system would automatically ‘start and stop’ call recordings when the customer was verbally providing their payment information to ensure payment data was not captured.
Now, via PCI Pal’s Agent Assist solution, the insurance provider is able to take payments in the contact centre using DTMF masking technology, which enables credit card information to be captured anonymously using the telephone keypad. It has been able to reduce the insurer’s PCI DSS scope, moving it from Level D SAQ to Level A PCI Self-Assessment Questionnaire (SAQ A), as well as providing a seamless and secure payment experience for customers.
With the solution implemented via the Cloud, it has also supported InsureandGo’s staff that have transitioned to homeworking during the pandemic.
John Forrow, Chief Security Officer for MAPFRE, which is the parent company of InsureandGo, said, “We operate a fairly complicated infrastructure and I was keen to reduce our PCI DSS scope and to move to SAQ A. Plus, a huge benefit that we didn’t foresee was that we can operate this solution remotely. With Covid-19 upon us, we have agents working from home, yet they are handling calls as securely as if they were in the contact centre.
“We have descoped and payment data is off our network, so the timing has been crucial, as this may not have been possible with our previous arrangement and would have presented us with a significant challenge.”
Adds Jason Hanshaw, IT Development Manager for MAPFRE: “It was really important to ensure the customer journey was not impacted by a change in compliance solution. What really impressed us with Agent Assist was that it was fully integrated within the iNet telephony solution so our customers can continue to communicate with agents throughout the call, even when providing card details. This is done via the telephone keypad; the solution anonymises the DTMF tones and no sensitive payment information is audible or enters our infrastructure. Customers can be assured of a seamless experience and of advanced security.”
Read the case study here.
Download a full version of the press release