Technology Toolkit – PCI compliant card payment handling

Views - 1,355

technology-toolkit---PCI-complianceIn this series we look at how technology can help to solve contact centre problems. This week we look at PCI compliance.

PCI compliant card payment handling

The problem

Any organisation that stores, processes or transmits sensitive cardholder data must now be compliant with the Payment Card Industry Data Security Standards (PCI DSS) – an internationally recognised set of technical and operational requirements designed to protect cardholder data. This includes organisations that take card payments through their customer contact centres.

Merchants that fail to comply with the PCI DSS run the serious risk of costly fines, damaged customer relationships and bad PR.

The solution

PCI DSS compliant technology solutions can remove contact centre advisors from access to credit card details.

How it works

There are broadly two types of PCI DSS compliant technology solution used within customer contact centres today:

  • Fully automated PCI solutions (i.e. non advisor-assisted) that use Interactive Voice Response (IVR) technology.
  • Advisor-assisted PCI solutions: these allow advisors to collect customer payment information without ever seeing or hearing card details. Advisors are, however, able to remain on the phone and assist customers throughout the payment process, minimising confusion and the chance of customers ending calls before their transactions are complete. Advisors prompt customers when each piece of information is required, with customers using their telephone keypad to type in card details. The tones generated by the phone are then collected, bypassing the recording and advisor, into the PCI application and payment gateway. All calls can be recorded as normal to ensure that, if applicable, FSA regulations are met.

Advisor-assisted PCI technology solutions can be delivered from the Cloud or via an OnPremise system. The architecture of a typical OnPremise solution is as follows:

PCI Compliance diagram

 

The steps involved in an advisor-assisted card payment handling transaction are typically:

STEP 1: At the point of payment, advisor opens payment screen.
STEP 2: Advisor guides customer through payment, requesting each piece of information when needed.
STEP 3: System collects card details.
STEP 4: Advisor receives payment confirmation and authorisation code for customer.
STEP 5: Captured details are sent to acquiring bank.
STEP 6: Payment is made to beneficiary.

Fig 1: Advisor notified that data is being collected

Fig 2: Advisor notified that CVN details are invalid

Fig 3: Advisor notified that all card details are correct

Benefits

A professional PCI compliant technology solution can:

  • Completely de-scope contact centre advisors from PCI DSS audits
  • Reduce audited controls (in one recent case, from 240 SACK levels at SACK level 4 to under 60 at SACK level 1)
  • Ensure PCI DSS compliance without affecting use of performance-optimisation applications or other regulatory/legislative principles and practices (such as the requirement to record entire client interactions relating to FSA regulations)
  • Be simple to use with little advisor training required
  • Have a positive effect on both the advisor’s and customer’s experience
  • Reduce the scope for human error
  • Ensure that no one in the contact centre has access to card payment details – thus preventing advisors from sharing or selling card details and reducing the likelihood of them being asked to do so
  • Remove the need for ‘clean room’ environments where advisors aren’t allowed paper, pencils and personal belongings at their desks (including mobile phones and other communication devices) and not allowed to use email. It is estimated that implementing a clean room environment can cost around £2,000 per advisor.

Companies using this solution

There are a number of companies using this type of solution, including a leading global tax and advisory company and a railway infrastructure company.

Michael Gray

Michael Gray

This technology toolkit was provided by Michael Gray, Marketing Director of Ultra Communications.

29 May 2013 - Filed under Technology , , ,

Views - 1,355

Liked this article? Why not get our free newsletter.

Post a comment







Subscribe to the free Call Centre Helper Newsletter
Google Plus page

injixo ad
Button Adverts
injixo ad

Latest Jobs
Newsletter
Click here for a FREE SUBSCRIPTION
to Call Centre Helper

free newsletter
Latest news
Directory
Poll
The last time you used an automated phone service (IVR), did it give you a menu option that accurately described your issue?



Popular Pages
Join the Discussion
 
call centre | call centre jobs | presentation | powerpoint templates | business helper