Cash Is No Longer King – How Does This Affect the Payment Card Industry?

Jonathan Graham assesses how the decline of cash is impacting the payment card industry and discusses card security in contact centres.  

It’s just been reported by the British Retail Consortium that payment by card now accounts for more transactions than all other payment types combined in the UK. In particular, there’s been a massive growth in the use of contactless card payments, so much so that there’s speculation that we may be moving towards becoming a cashless society, with the Church of England even trialling electronic collection plates in churches.

Countries such as Sweden are leading the race, with fewer than 20% of Swedish transactions being conducted in cash, and many bars, restaurants and shops are now refusing to take it. Many Swedish banks don’t allow cash withdrawals or deposits. In the UK, newer payment methods such as mobile-to-mobile and ApplePay, as well as the growth of intentionally cash-free services such as Uber and Deliveroo, mean that card payment transaction volumes continue to grow.

At the same time as we’re seeing the growth of card payments and the decline of cash, we’re also seeing growing consumer concern about the safety of such payments (you can read more about this in Syntec’s research white paper which explores consumers’ views of payment card security). So now more than ever, the way in which a business accepts card payments influences the image of that business, the confidence of its customers and the efficiency of the business.

How does the decline of cash affect the payment card industry?

So, what are the implications of this for the card payment industry? How can businesses ensure that their customers’ payments are not only safe but also, critically, seen to be safe by customers themselves? How best to do this depends on the payment channel that’s being used.

For web-based transactions it’s vital that companies ensure their sites are encrypted using the https protocol, and the familiar padlock symbol is something that customers are increasingly expecting to see, alongside the use of an additional secure payment system such as 3D Secure, SecureCode and other similar schemes.

Customers are becoming more and more knowledgeable about such systems, so a few plain text fields on an http addressed page would strike many potential customers as downright dangerous. Indeed, many online transactions are now conducted using PayPal or ApplePay, or customers are able to pay directly from their app store, removing the requirement for them to enter their card details online altogether.

Card security in contact centres

However, when it comes to making payment during a telephone call, things are different. It’s surprising how often customers are still asked to read their card details out to a contact centre agent. Frankly, this is pretty much the equivalent of greeting an in-store customer with a click-clack carbon-paper-based card swipe machine (or are you too young to remember those?).

Customers who would never think of entering their card details onto an unencrypted website are being asked to hand those same details over to someone over the phone with no way of knowing what that person is going to do with those details once they have them. And, as already mentioned, our research shows that this is an issue about which consumers are increasingly concerned.

DTMF payment systems add much more security

The solution to this concern is to use a DTMF (Dual Tone Multi-Frequency) ‘keypad payment by phone’ system such as CardEasy. These systems enable consumers to enter their sensitive card details using the touchtone keypad on their phone. That way, the contact centre agent at the other end is not exposed to callers’ card numbers at all.

CardEasy also has an additional level of security built in, which is that the audio from the caller to the agent is briefly cut while the middle six digits of the long card number (and the 3 or 4 digit security number) are being entered. This means that there is no way that the call centre agent can be exposed to the full numbers, either by hearing the DTMF tones (which are masked) or if the customer happens to read out the numbers at the same time as keying them in, as does sometimes happen.

If the call centre is recording calls, for quality control or other regulatory reasons, then this system also ensures that the card numbers cannot be captured in the call recordings under any circumstances. Using a DTMF payment solution like CardEasy not only benefits the customer but also benefits the organisation, enabling it to de-scope its contact centre from most PCI DSS controls and reducing the cost and hassle of constant monitoring, as well as expensive and time consuming PCI DSS audits for larger merchants.