PCI Compliance isn't new and neither are the challenges that can go along with it, especially for call centers that accept payment. When Quality Monitoring systems are in place, calls with credit-card data need to be paused and not recorded or efforts have to be made to mask or mute the card data while it’s verbally captured from the customer.
PCI Compliance infractions are no fun either. The consequences of not being PCI compliant range from $5,000 to $500,000 per incident and this does not include any resulting bad press your firm could garner if word gets out that your customer’s personally identifiable information (PII) was mishandled. We’ve all seen what this can do to the reputations of companies with recent large-scale breaches. You can’t afford such a mishap.
The varying PCI Compliance solutions on the market today do an adequate job of conforming to compliance but is the data really secure? There are most certainly still some obvious points of failure. For instance, some customers calling from a public location unknowingly share their credit card information with not only the call center but the others around them who could quickly capture the information as well. Likewise, what if a rogue agent hits the record button on his/her smart phone and captures the audio of the customer providing his/her card number? In either case the data is as good as gone and right into the hands of a fraudster.
The only real way to completely protect one’s credit card data is for the information never to be spoken in the first place or communicated in any way that makes it audibly identifiable.
New solutions are now available to provide this level of protection. Customers will no longer verbalize their credit card information, instead they will be instructed by the call center agent to enter these digits via their dial pad (no download app required). The customer-entered digits will be collected in your secure server and inserted into the appropriate systems without the agent, the agent desktop or call recording system being exposed to the information. The result is a solution to minimize your PCI scope and reduce the data exposure within your call center footprint.
In addition to the obvious security benefits, there are other advantages that may not be top of mind. For instance, in a call center that takes hundreds or thousands of credit card calls a day, imagine the multiplier of time wasted by the verbal exchange and verification of the customer’s card number. The individual slowly reads the card number, expiration date and the 3 digit code on the back to the agent. The agent then has to read it all back. This takes time, and in a big call center the aggregate of all of these unnecessary verbal exchanges can be quite significant.
Recent studies show that the customer entered digit approach can save upwards of 15 seconds per call by avoiding the dance described above. Customers will be happier too by not having to repeat their number again.
This same technology could also be used to capture social security numbers, bank pin codes, prescription numbers (HIPAA) and so on. Currently, systems like these are not offered by the traditional telephony or call recording system providers, and a new call center solution product segment is emerging.