04 Aug 2015 - Securing Card Payments in the Contact Centre

The contact centre is a real challenge when it comes to protecting sensitive customer data. It is also a potential focal point for payment fraud in general. With many contact centres being constantly under cost pressures, this gives rise to high staff turnover which presents lots of challenges when it comes to the matter of trust. There is also the need to handle lots of very sensitive customer identity and payment card data in quite a pressured environment. Customer calls and sessions are mostly recorded, which gives rise to challenges when it comes to keeping the data secure and also to maintain compliance for PCI-DSS purposes.

The best scenario for any contact centre agent is to be able to perform the task being requested, such as processing a bill payment, without ever having to come in contact with any sensitive data of any kind. If this could be achieved it would eliminate a lot of data security problems, reduce trust pressures from the work environment and reduce the cost of PCI compliance. Each, in its own right, would be a very desirable objective. If these goals can’t be achieved it makes for an expensive environment to run and maintain compliance in. Your staff also need to be constantly on their toes when it comes to awareness of data security issues. This can lead to making employees feel untrusted and under suspicion if something negative happens.

So how can a safe environment like this be achieved? The key is the elimination of the need to touch sensitive data unless you absolutely need to. Our company, Sedicii, has developed a technology that will allow a payment to be processed by the agent with a single click on the CRM which triggers a request for a secure, remote payment authorisation from the customer. In this process the agent never hears, sees or touches any card information of any kind. The Sedicii solution is provided as a service running as a cloud based solution. This means that the call centre has no PCI DSS obligations that they have to implement at all. This minimises risk enormously as call centre staff never have to access card data, ever.

There are some hurdles that need to be cleared however. It requires a customer to have a smartphone, to have registered with an approved service provider that has deployed the Sedicii solution in their app and to have registered their credit or debit card for use with an approved payments service. The customer experience is easier, safer and more convenient. These benefits, when combined with evidence that shows that customers actually feel safer not exposing their card data over the phone, will lead to increased adoption. There will always be exceptions where the customer simply cannot use the solution because they don’t have a smartphone. It is definitely easier to put in place a small exceptions handling process that is compliant rather than having to validate an entire call centre.

As more contact centres become omni-channel customer service processors (web chat, SMS, email, social media as well as voice), any solutions that are considered for implementation need to support all these engagement paths. It is clear that the overriding trend in contact centre payments will be towards moving the payment, and the associated risk, out of the contact centre by assigning the problem to a specialist processor. The big message to takeaway here is that unless you specifically need the card data, don’t take it!

Tags: authentication, compliance, mobile, omni-channel, PCI, PCI DSS, secure payments, security, smartphone