PCI in the Contact Centre – Who’s Afraid of the Big Bad Wolf?

I’ve lost count of the number of customer engagements I have been in where “PCI fear”, as I call it, kicks in. Clients adjust their shirt collars like Darth Vader is force choking them and the worry lines crumple the forehead. “We thought we had a solution but it ended up just too complicated and expensive” is normally the next sentence, followed by a lament on scope creep and how their QSA was concerned about a potential hacker using Saturn’s rings to bounce some malware into their network.

I jest, but the core issues above ring true for virtually all of our customers. I’d be as bold as to say they may resonate with you too. The reality is, though, things don’t need to be this complicated, costly and negative.

The payment landscape today, by comparison to even 5 years ago, is very different from a risk perspective. Cybercrime is now commonly recognised as a concern by consumers when making decisions to buy, whether online or over the phone – just see some of the recent articles in the Mail & Express. With a growing public demand for personal data security, the security of payment card data is becoming ever more important. PCI is ignored at an organisation’s peril, but it doesn’t have to be the big bad wolf.

We all know the risks and penalties, the usual vendors present them to us at every PCI conference and seminar going; your agents and staff are all potential criminals, the big breaches and fines at certain US retailers, etc. It’s all getting a bit boring now, so often have they been mentioned.

But, let’s think for one moment on PCI as a positive thing (I know, but go with me on this). Now that the banking community is committed to PCI DSS, there is mounting pressure from acquirers for their merchants to become compliant. This pressure we are seeing in the form of incentives to improve security by offering reduced merchant service fees – lower risk = lower costs. A clear incentive for any customer looking to justify a PCI programme spend!

Companies can also use their improved security as a selling point to their customers. This also applies in the B2B world for service providers working with other companies and handling payments on their behalf. Merchants should promote the fact that they take security seriously, PCI and data security are an organisational mindset. Do it better than the others and achieve a competitive advantage.

The key factor to support the above is that there are technology providers and people with expertise that can work with a business to deliver cost-effective tools to achieve compliance at a sensible cost that can achieve return on investment very quickly.

New “pay as you use” and “on demand” models mean that the costs are scalable, but choosing the right partner to help you on your journey is key. Ideally, you want an organisation with extensive capabilities in telephony and software (this should be a must-have), but also look towards somebody who has real-life operational practitioners’ experience of business process and customer journey as this could vary by department, line of business or any other number of permutations and therefore so does the payment process. One size doesn’t fit all and the end result will most likely be a combination of tools and delivery mechanisms.

Organisations needs to measure risk against operational efficiency and any changes due to compliance should show real risk reduction but should not detract from customer service or reduce a business’s ability to operate efficiently – indeed, as outlined above, it could deliver both financial and operational benefits.

So, PCI then? Maybe the big bad wolf’s not so scary when it can’t bite you.

With thanks to Stephen Murray, Business Development Director at IP Integration