Technology Toolkit – PCI compliant card payment handling Related Articles The Ultimate Guide to PCI Compliance An Introduction to… PCI Compliance PCI Compliance Best Practices for Call Recording and Transcription How Do You Make Your Call Centre PCI Compliant? 4,503 Filed under - Technology, Compliance, PCI Compliance, Toolkit, Ultra In this series we look at how technology can help to solve contact centre problems. This week we look at PCI compliance. PCI compliant card payment handling The problem Any organisation that stores, processes or transmits sensitive cardholder data must now be compliant with the Payment Card Industry Data Security Standards (PCI DSS) – an internationally recognised set of technical and operational requirements designed to protect cardholder data. This includes organisations that take card payments through their customer contact centres. Merchants that fail to comply with the PCI DSS run the serious risk of costly fines, damaged customer relationships and bad PR. The solution PCI DSS compliant technology solutions can remove contact centre advisors from access to credit card details. How it works There are broadly two types of PCI DSS compliant technology solution used within customer contact centres today: Fully automated PCI solutions (i.e. non advisor-assisted) that use Interactive Voice Response (IVR) technology. Advisor-assisted PCI solutions: these allow advisors to collect customer payment information without ever seeing or hearing card details. Advisors are, however, able to remain on the phone and assist customers throughout the payment process, minimising confusion and the chance of customers ending calls before their transactions are complete. Advisors prompt customers when each piece of information is required, with customers using their telephone keypad to type in card details. The tones generated by the phone are then collected, bypassing the recording and advisor, into the PCI application and payment gateway. All calls can be recorded as normal to ensure that, if applicable, FSA regulations are met. Advisor-assisted PCI technology solutions can be delivered from the Cloud or via an OnPremise system. The architecture of a typical OnPremise solution is as follows: The steps involved in an advisor-assisted card payment handling transaction are typically: STEP 1: At the point of payment, advisor opens payment screen. STEP 2: Advisor guides customer through payment, requesting each piece of information when needed. STEP 3: System collects card details. STEP 4: Advisor receives payment confirmation and authorisation code for customer. STEP 5: Captured details are sent to acquiring bank. STEP 6: Payment is made to beneficiary. Fig 1: Advisor notified that data is being collected Fig 2: Advisor notified that CVN details are invalid Fig 3: Advisor notified that all card details are correct Benefits A professional PCI compliant technology solution can: Completely de-scope contact centre advisors from PCI DSS audits Reduce audited controls (in one recent case, from 240 SACK levels at SACK level 4 to under 60 at SACK level 1) Ensure PCI DSS compliance without affecting use of performance-optimisation applications or other regulatory/legislative principles and practices (such as the requirement to record entire client interactions relating to FSA regulations) Be simple to use with little advisor training required Have a positive effect on both the advisor’s and customer’s experience Reduce the scope for human error Ensure that no one in the contact centre has access to card payment details – thus preventing advisors from sharing or selling card details and reducing the likelihood of them being asked to do so Remove the need for ‘clean room’ environments where advisors aren’t allowed paper, pencils and personal belongings at their desks (including mobile phones and other communication devices) and not allowed to use email. It is estimated that implementing a clean room environment can cost around £2,000 per advisor. Companies using this solution There are a number of companies using this type of solution, including a leading global tax and advisory company and a railway infrastructure company. Michael Gray This technology toolkit was provided by Michael Gray, Marketing Director of Ultra Communications. Author: Jonty Pearce Published On: 29th May 2013 - Last modified: 28th Jun 2017 Read more about - Technology, Compliance, PCI Compliance, Toolkit, Ultra Recommended Articles The Ultimate Guide to PCI Compliance An Introduction to… PCI Compliance PCI Compliance Best Practices for Call Recording and Transcription How Do You Make Your Call Centre PCI Compliant? Contact Centre Reports, Surveys and White Papers Get the latest call centre and BPO reports, specialist whitepapers and interesting case-studies. Choose the content that you want to receive. Contact Centre Reports, Surveys and White Papers Invites to Webinars & Events Weekly Newsletter