Card data breaches can severely damage your brand’s reputation.
Card data breaches are a major risk for businesses. According to the Federal Trade Commission, Consumer Sentinel Network, in 2018 credit card fraud topped the list for identity theft, reporting 157,688 cases – resulting in a total loss of $131M.
PCI DSS in Contact Centers is a Challenge
Firms that suffer a data breach where customers’ card data is compromised that are not PCI DSS compliant can face punitive fines, and be liable for costs of fraud incurred by the victims. Yet, many contact centers still take chances with a piecemeal approach to managed card payments.
The problem is storing customers’ card details. Most organizations do not store customers’ card details, at least not intentionally. However, there is an issue with voice based calls and when it comes to making a payment. While consumers are generally happy to give their card details over the phone, this is a breach of best practice security. If the call is being recorded, the card details are being stored, and many people have access to call recordings. The alternative might be to ask the customer to visit a website to make a secure payment, but this means losing contact with the customer during this vital last step, and potentially losing sales as a result.
Reducing card fraud in Contact Centers
According to the UK Contact Center Decision-Maker’s Guide (DMG) published by analyst firm ContactBabel, there are eleven different ways in which contact centers attempt to reduce card fraud. These range from using technology to physical methods such as clean rooms where pens, paper and mobiles are prohibited. The four main ways in which card payments are processed include:
- Stop-start recording, so that card details are not recorded. This relies heavily on the agent to remember, and is inherently unreliable.
- Dedicated payment teams working in clean rooms where nothing can be written down or photographed (with a phone for example). Not particularly popular with agents.
- Use of Interactive Voice Response systems to take the payment which cuts out the agent, but card data is still held within the organization and is a less than optimal experience for the customer.
- Payments can be outsourced to a third party. This removes the issue completely, but then the contact center again loses contact with the customer at the key moment, and is reliant on the security systems of a third party.
New ways to take card payments
However, there are now easier ways to take card payments in the contact center that significantly improve the customer experience, while keeping that vital contact with the customer.
Cirrus’ new Link Pay+ solution, sends a secure link to the customer via any digital channel (email, web chat, WhatsApp, SMS, FB Messenger etc), while the agent is still talking to them. The customer can complete the transaction via the secure link, with the agent providing support as they can see the status throughout the payment process.
A much better experience for the customer, and no lost sale for the agent. Neither the contact center nor the agent ever sees the customer’s card details, ensuring the transaction is PCI DSS compliant.