Robert Crutchington at Encoded takes a closer look at contact centre payments.
In the PCI DSS* Compliance and card fraud reduction section of the report there were 3 main surprises highlighted by the research:
- Pause and resume or “stop-start” recording which aims to prevent sensitive authentication data and other confidential information from entering the call recording environment remains consistently the most popular method of compliance with 60% of respondents using this method.
- The number of respondents using DTMF tone suppression, the often promoted alternative to pause and resume, fell from 22% last year to 14% this year.
- The cost of compliance is causing organisations to rethink how payments are taken in contact centres, with 7% of respondents no longer accepting payments in this way.
What do these surprises mean?
For almost three-quarters of survey respondents software and/or payment technology is the single largest cost associated with compliance (particularly in small and medium-sized operations). While in the largest contact centres, training staff in card fraud prevention techniques and processes is the greatest cost in 36% of cases.
Ringing the changes for how card payments are taken
However, one of the other surprises of the report was that the use of DTMF tone suppression was down this year from 22% to 14%. While price and reliability may be contributing factors to this decline, there is the added problem of discrimination and a potential legal and social media backlash. By restricting the contact centre to only accept card data via DTMF tones could mean that some people are effectively being discriminated against by not being able to make a payment or have increased difficulty to do so, particularly if they are either elderly or disabled in anyway.
Therefore, it was good to see “pause and resume” still performing well. Despite some commentators claiming pause and resume is dead, ContactBabel’s Report shows that it remains consistently the most popular method of compliance and used by over 60% of respondents. It is typically far cheaper to implement than almost any other option and offers the highest level of customer service.
Other less expensive options for compliance
Improving agent processes and training
According to the report, this is the second-most widely used method by contact centres. The relatively low cost of training and education of the risks can go a long way in making staff vigilant to safeguarding data. Regular training including the perils of phishing emails, often a far bigger risk than a rogue staff member writing the odd card number down, can prove vital to securing data.
Although used by only a few, especially large contact centres, automated IVR process to take card details from the customer cuts the agent risk out of the loop entirely.
Third-Party Cloud-Based Payment Solution
No cardholder data is passed into the contact centre environment, whether infrastructure, agents or storage. As such, this can de-scope the entire contact centre from PCI compliance, but does rely on the security processes and operational effectiveness of the service provider.
Whatever solution a contact centre decides to employ, the fact remains that if compliance is being achieved at the expense of customer service, then maybe it’s time to think again.