Phone Payment Transactions – Compliance but with Trust at the Heart of the Solution

Posted by Megan Neale

Any contact centre operation which handles payment transactions over voice channels will tell you about the significance of ‘PCI DSS’ and its implications on customer experience. Securing the consumer’s trust around the payment process while maintaining the integrity of customer data is vital to customer satisfaction. And it is precisely to protect the customer’s interests, that the Payment Card Industry Data Security (PCI DSS) adopted measures and standardised controls around card holder data. However, the stringent protocols surrounding PCI DSS compliance consists of over 258 security controls, the implementation of which demand considerable investment in  time, resources and money.

Consequently, it is the impact this has on employee morale I find more fascinating. To me it is clear that as you implement an increasing number of controls into the contact centre, the message being communicated to the contact centre advisor is - “we don’t trust you enough”. This does not create a positive working environment and negatively impacts many of our clients’ employee engagement values. I was keen to find a solution that adhered to full compliance, protected both the customer and the employee and also allowed us to  carry on running a contact centre operation in an open, transparent and fun way to ensure we deliver the best possible service .

Image removed.

Image courtesy: Google Images

The solution:

Our solution was to de-scope PCI payments ; as stated in an insightful blog on the topic, the author argues that “if PCI compliance means reaching a level of security awareness, de-scoping means reducing the number of tick boxes it takes to get there.” For us de-scoping essentially meant ‘removing the contact centre environment’ from the scope of PCI DSS regulations. For contact centres handling a high volume of credit/debit card transactions over phone, this is the best answer to staying compliant while eliminating costs, ensuring data security  and thereby, creating an environment of trust for the users (both customers and employees).

At HGS, all payment interactions are managed via an award winning solutions partner – Semafone. The technology allows a call, and the call recording to progress while the customer enters their credit card information using their telephone keypad. This means that the credit card information is never revealed to the agent. For complete security, Semafone’s patented technology masks the Dual Tone Multi-Frequency (DTMF) keypad tones from the cardholder’s telephone and replaces them with a flat tone so they can’t be recognised by the call centre agent or recorded on any call recording system.

We have extensively deployed this system for global payment receipts for our clients, most recently for an international enquiry helpline service for the UK Visas and Immigration department. And it continues to work exceptionally well for all clients and customers.

And the results speak for them selves

  • Both customers and employees love the system. Advisors require very little training and can easily explain the process to customers.
  • Our solution sits at network level within our SIP channel network so is completely scalable and adaptable to client requirements

Integrating Semafone’s PCI DSS compliant solution components into HGS’s payment ecosystem has accelerated ‘ease of use’ for our customers while engendering trust and confidence in what can often be a cumbersome process. After all, isn’t that the hallmark of any great customer-centric technology – to improve user experience and drive brand loyalty through simplifying complex transactions, both offline and online.