encoded • eTailing Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Posts Tagged :

encoded

5 Minutes With… Encoded’s Rob Crutchington

960 640 Stuart O'Brien

In the latest instalment of our eCommerce industry executive interview series we spoke to Rob Crutchington, Director at Encoded, about the company, the ongoing challenges of the global pandemic, the implementation of Secure Customer Authentication and frictionless payment methods…

Tell us about your company, products and services.

Encoded offers a range of card payment solutions for all contact centre channels. Our complete payment suite includes IVR Payments, Agent Assisted Payments, eCommerce Payments, Mobile Apps and our latest PayByLink solution. Encoded is also a Payments Gateway.

We work with contact centres and many large brands to provide secure payment solutions that free up valuable agent time, allowing them to focus on customer service, more complex enquiries and revenue generating activities.

What have been the biggest challenges the eCommerce/Payments industry has faced over the past 12 months?

Of course, Covid has been one of the biggest challenges for all businesses. For those contact centres taking payments, the new way of working had serious implications. Suddenly everything changed with people working at home. It became more difficult to maintain a managed environment where security could be controlled and any issues escalated quickly as and when necessary.

With homeworking the environment couldn’t be managed in the same way, compliance became a challenge and we saw a shift towards e-commerce. While a secure link and a ‘soft phone’ could be quickly adopted, the network, an agent’s PC and environment were outside of the organisation’s control. This has led to many companies adopting a ‘Digital First Strategy’ – pushing customers to use digital channels for communication and payments where possible.

And what have been the biggest opportunities?

This ‘perfect storm’ of agents working from home and increased e-commerce has been a fantastic opportunity for some companies. While it has provided a challenge for the MOTO (mail order telephone order) sector, the companies that have been able to implement a digital first strategy and provide their customers with alternative payment choices, have been the ones to prosper.

However, I don’t think contact centres will disappear. The gold standard of customer service will always be the personal touch and talking to people. Companies that adopt a digital first strategy will need to think carefully about their customer service goals before choosing new technologies to be sure that they support and not hinder interactions.

What is the biggest priority for the eCommerce/Payments industry in 2021?

The biggest priority has definitely been the implementation of Secure Customer Authentication (SCA) for transactions to comply with the latest version of PSD2. It has been put back slightly, again because of Covid, but is due to be enforced by next March 2022. I think the FCA will expect companies to continue to take robust action to reduce the risk of fraud. If organisations can apply SCA to an e-commerce transaction – they should do so now.

What are the main trends you are expecting to see in the market in 2021?

I think we will continue to see a shift towards e-commerce. Frictionless payment methods will definitely also increase – Alternative Payment Methods (APMs) such as Apple Pay and Google Pay will become more commonplace. We’ve already seen PayPal become more mainstream, particularly in Europe. The increase in the contactless payment amount to £100 in October will support this trend.

With this greater payment flexibility, I also think that we will see a necessary step-up in security, with more two factor authentication processes in place to validate cardholders’ details across all payment channels.

What technology is going to have the biggest impact on the market this coming year?

From my viewpoint I think a blend of services like pay-by-link options and open banking will have a big impact. Open banking has already brought financial and consumer policies into the 21st century and created a competitive environment in both banking and payment technology.

Open banking helps customers manage and make more of their money by allowing secure access to their banking and other financial data. Opting into the new apps and services gives people more control over their finances.  The security and speed of these technologies will drive adoption. We have already seen younger customers, familiar with using their phone and apps see the benefits and flexibility that they offer.

In 2025 we’ll all be talking about…?

Having a Digital First Strategy will be top of the agenda. If a company is processing or accepting a customer’s card data, they will opt for a digital first solution.  This approach will go beyond the ability to check balances and make payments to more complex tasks and the entire customer journey.  For example, fintech companies such as Monzo, Starling and Revolut have digital only propositions offering services through digital channels without manual intervention.    The traditional ways of accepting payments will disappear as digitally secure forms of payment take precedence with new apps and open banking. Open banking has already given customers and SMEs greater market choice and greater control over their money and data in a secure environment, which will only continue to increase in popularity.

Which person in, or associated with, the eCommerce/Payments industry would you most like to meet?

Mark Carney ex-Governor of the Bank of England. I suspect he has many stories to tell and no longer being Governor, he might feel more inclined to tell them.

What’s the most surprising thing you’ve learnt about the eCommerce/Payments sector?

I am always impressed by the way the payment industry continues to work together to tackle fraud.  The landscape is constantly changing, but the payments industry is always introducing innovations, adopting new technologies and ways to combat criminal activity to prevent customers having their card data and personal identity information stolen.

What’s the most exciting thing about your job?

For me it is signing a new customer and developing a long-term relationship with them. I always remember where I was when we first got the go ahead from new customers – from the smaller ones to some of the larger brands like BMW, Toyota and Samsung Electronics. Whoever the customer, I still get a thrill when working with them to help solve their payment challenges.

And what’s the most challenging?

With the payment industry constantly changing and new legislation, it certainly keeps us on our toes.  This year, however, I think dealing with the Covid pandemic has been the most challenging. I worked in the office alone for a lot of the time and really missed the energy of having colleagues in the same room. There is normally a real buzz working alongside bright people and it has just not been the same with everyone working remotely.

What’s the best piece of advice you’ve ever been given?

The saying “Always surround yourself with people better than yourself”, attributed to Henry Ford, resonates with me. At Encoded we have built a brilliant team of people over the years and I really value the different skills and experiences that they bring to their roles. I think I have appreciated this even more over the last twelve months when the team has worked consistently hard under difficult circumstances.

PCI DSS: Why it pays to comply

960 640 Stuart O'Brien

By Rob Crutchington, Managing Director, Encoded

For customers to buy from an organisation either in person, online or via a contact centre they need to be confident that their payment cards will not be compromised, their personal details are secure and their identities cannot be stolen.  PCI DSS was created to protect consumers and merchants against security breaches.

PCI DSS stands for the Payment Card Industry Data Security Standard, developed by Visa®, MasterCard®, JBC®, Discover® and American Express®.  It is made up of 12 requirements designed to secure business systems that store, process or transmit card holder data.

As the stakes are getting higher with millions of pounds being lost as a result of card fraud PCI DSS is enjoying a well-earned revival.  Earlier this month a London student was sentenced to 22 months in prison for sending out scam text messages.  This followed an investigation by the Dedicated Card and Payment Crime Unit (DCPCU), a specialist City of London and Metropolitan police unit funded by the banking and cards industry[i]. Officers found the student’s digital devices contained personal details from hundreds of victims while a large quantity of cash was found at his home address.

Many merchants believe if they don’t take payments over the phone then PCI DSS doesn’t apply to them.  However, the regulation applies to card payments made over all channels, including in store and online, to prevent personal details falling into the wrong hands.

What’s the price of non-compliance?

Failure to meet PCI compliance and protect customer data adequately can result in financial penalties and charges, reputational damage and loss of customer trust, as well as potential stolen customer funds or identity. You may also be subject to possible legal costs, settlements and judgements.

In contact centres the most effective way to be PCI DSS compliant is to introduce clever behind the scenes technology.  For example, the latest Agent Assisted Payment systems from Encoded allow contact centre agents to process card payments without being exposed to sensitive card data.  While PCI DSS compliance can be seen as expensive and complicated to implement, working with the right payment service provider will make it your friend and keep you and your customers, safe.

To learn more about PCI DSS visit Encoded.co.uk and download the Truth about PCI DSS Compliance ebook.

Rob Crutchington is Managing Director of Encoded and to read more on PCI DSS  please visit Encoded.co.uk

[i] https://www.ukfinance.org.uk/press/press-releases/enfield-student-behind-scam-texts-jailed-22-months#summary

SCA: Three things every merchant needs to know

960 640 Guest Contributor

With online fraud on the increase, companies must take action to make sure they meet the updated version of the Payment Services Directive (PSD2) which will mandate Strong Customer Authentication (SCA).  The Financial Conduct Authority (FCA) has announced the deadline for implementing full SCA compliance for e-commerce transactions is now 14 March 2022.

The first PSD2 in 2007 levelled the playing field for payment institutions in the EU.  It increased competition and set out common payment standards and benefited customers and participators in the industry.  The revision in 2015 resulted in a more integrated and efficient payments market. SCA adds an extra level of protection for both merchants and their customers.

Why is SCA so important now? Here are three things every company/merchant should know:

  • SCA protects businesses and the customer from online fraud

SCA (or multi-factor authentication) assures the card issuer and acquirer that the transaction is genuine. If a customer pays online with SCA, but later claims it was fraudulent, the bank or card issuer accepts liability – previously the merchant had to refund the money and incur chargeback costs. 

  • SCA will become mandatory on 14 March 2022

The new deadline to meet the new PSD2 with SCA requirements is 14 March 2022, for all UK company transactions online (over £45 or 50 Euros).  The FCA will enforce the directive and repeat offenders of declined transactions may be fined for non-compliance, not to mention the possible reputational damage.

  • Working with the right Payment Services Provider helps achieve compliance

With some acquirers, secure checks are carried out separately from the transaction processing – which merchants must handle themselves. This is expensive to set up and requires resources and expertise to manage the mandatory technical and operational interfaces with third parties.

Working with an established payment services provider (PSP) like Encoded means the transaction process and administration is managed from start to finish.  The merchant captures the customer transaction and the PSP carries out all the secure checks required by the acquirer to verify the card with the card issuer behind the scenes. With checks authorised, the PSP issues a secure link that takes the customer through the online process to complete the transaction.

Choosing the right payment service provider early is an investment for the future. Now is the time to start thinking about how to protect your business from fraudulent transactions and comply with the new regulations.

Adam Bromage-Hughes is Technical Director at Encoded and to read the full article please visit Encoded.co.uk

PCI DSS: The forgotten superhero and the case for Agent Assisted Payments

960 640 Guest Contributor

As millions of pounds are lost to Coronavirus scams, the Payment Card Industry Data Security Standard (PCI DSS) is enjoying a well-earned revival. Rob Crutchington (pictured), Managing Director at Encoded, shows how to drive compliance and build customer confidence using Agent Assisted Payments…

 According to UK Finance, card payments accounted for half (51%) of all payments in the UK in 2019 while consumer use of credit cards rose by 7% to 3.3 billion payments over the same period[i].  Fortunately, these trends in payment habits have proved invaluable during lockdown when record numbers of consumers rely on debit or credit cards to pay for essential shopping.  Unfortunately, the COVID-19 health crisis has also highlighted the darker side of human nature with credit card fraud surging 35%[ii] and reports that £4.6 million has already been lost to coronavirus-related scams since lockdown started.[iii]

If these alarming statistics are anything to go by, widespread consumer fears about the vulnerability of sensitive card data are fell-founded.  Contact centres should take charge now, reassuring customers that it’s safe to make card payments by getting back to basics and embracing the functionality of secure Agent Assisted Payment solutions.

Back to basics with PCI DSS
Even though the first version of PCI DSS was introduced a long time ago (December 2004) the international standards framework still matters for three simple reasons:

  • Worldwide weapon against a global threat – the ultimate aim of PCI DSS of reducing the incidence of card fraud and promoting best-practice in information security is now more important than ever before.
  • Strict rules, punitive actions – it’s a violation of PCI DSS to record or store any CAV2, CVC2, CVV2 or CID codes after authorisation even if that data is encrypted.  Failure to comply means hefty penalties and we all know there’s no greater incentive to follow the rules than a severe dent in the pocket.
  • Trust across the entire payment ecosystem – PCI DSS affects everyone from the contact centres offering card payments to their partners, suppliers and customers.  The simple truth is organisations that have successfully achieved PCI DSS compliance are more likely to choose their third-party service providers carefully, conducting proper due diligence and risk analysis to establish whether they have the right skills and experience to deliver secure automated card payments.  This triggers a snowball effect to raise standards all round.

Introduce clever technology behind the scenes
Once re-acquainted with the importance of PCI DSS, why not introduce technology that enables PCI DSS compliance?  The latest Agent Assisted Payments allow contact centre agents to process card payments without being exposed to sensitive card data.  After the customer has used their telephone’s touch-tone keypad to tap in their card details, all an agent sees on their screen is whether the payment has been approved or declined.

Look for a partner who is Level 1 PCI DSS accredited, which means you and your customers can rely on their technology with absolute confidence.  They should offer Agent Assisted Payment solutions that are carrier, phone and CRM system agnostic so they integrate seamlessly with your existing contact centre infrastructure to enable real-time reconciliation of payments, maintain ‘business as usual’ contact centre operations, even when working remotely and deliver a joined up and exceptional customer experience (CX).

Three ways to use Agent Assisted Payments:

  1. De-scope your contact centre – for PCI DSS compliance purposes.  Implementing Agent Assisted Payments significantly reduces the time, cost and resource required to complete PCI DSS Self-Assessment Questionnaires (SAQs) for a company to become PCI compliant.  In fact, of the controls covered in version 3.2.1 of the standard, Agent Assisted Payments places 51% completely out of scope and 30% of the remaining controls are heavily reduced.
  2. Offer Tokenisation – for multiple payments, recurring payments or returning customers, Agent Assisted Payments linked to tokenisation enhance CX.  Tokenisation is the innovative process that allows contact centres to be outside PCI DSS scope, as no real cardholder data enters the environment and makes it a less attractive target for data hacking and stealing data. Meanwhile, returning customers are not required to enter card details over and over again.
  3. Educate customers about the value of PCI DSS – the chances are that most customers will have heard about Verified by Visa, 3D Secure or MasterCard SecureCode but draw a blank at PCI DSS.  The beauty of Agent Assisted Payments is that contact centre agents can continue to talk to the card holder throughout the entire payment process.  This gives them the opportunity to talk about the important steps their organisation is taking to keep customers’ card details safe.  They can also introduce new ‘accessible for all’ technologies such as virtual terminal payments specifically designed for disabled or elderly customers who may feel embarrassed when they cannot use traditional automated payment systems and prefer the human touch.

Now is the time to renew your acquaintance with PCI DSS and use Agent Assisted Payments to drive all-round compliance. Learn how to bridge the gap between providing personalised CX and enhanced security, while significantly reducing the time, cost and resource required to comply with stringent PCI DSS rules.