PCI DSS • eTailing Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Posts Tagged :


PCI DSS: Why it pays to comply

960 640 Stuart O'Brien

By Rob Crutchington, Managing Director, Encoded

For customers to buy from an organisation either in person, online or via a contact centre they need to be confident that their payment cards will not be compromised, their personal details are secure and their identities cannot be stolen.  PCI DSS was created to protect consumers and merchants against security breaches.

PCI DSS stands for the Payment Card Industry Data Security Standard, developed by Visa®, MasterCard®, JBC®, Discover® and American Express®.  It is made up of 12 requirements designed to secure business systems that store, process or transmit card holder data.

As the stakes are getting higher with millions of pounds being lost as a result of card fraud PCI DSS is enjoying a well-earned revival.  Earlier this month a London student was sentenced to 22 months in prison for sending out scam text messages.  This followed an investigation by the Dedicated Card and Payment Crime Unit (DCPCU), a specialist City of London and Metropolitan police unit funded by the banking and cards industry[i]. Officers found the student’s digital devices contained personal details from hundreds of victims while a large quantity of cash was found at his home address.

Many merchants believe if they don’t take payments over the phone then PCI DSS doesn’t apply to them.  However, the regulation applies to card payments made over all channels, including in store and online, to prevent personal details falling into the wrong hands.

What’s the price of non-compliance?

Failure to meet PCI compliance and protect customer data adequately can result in financial penalties and charges, reputational damage and loss of customer trust, as well as potential stolen customer funds or identity. You may also be subject to possible legal costs, settlements and judgements.

In contact centres the most effective way to be PCI DSS compliant is to introduce clever behind the scenes technology.  For example, the latest Agent Assisted Payment systems from Encoded allow contact centre agents to process card payments without being exposed to sensitive card data.  While PCI DSS compliance can be seen as expensive and complicated to implement, working with the right payment service provider will make it your friend and keep you and your customers, safe.

To learn more about PCI DSS visit Encoded.co.uk and download the Truth about PCI DSS Compliance ebook.

Rob Crutchington is Managing Director of Encoded and to read more on PCI DSS  please visit Encoded.co.uk

[i] https://www.ukfinance.org.uk/press/press-releases/enfield-student-behind-scam-texts-jailed-22-months#summary

PCI DSS: The forgotten superhero and the case for Agent Assisted Payments

960 640 Guest Contributor

As millions of pounds are lost to Coronavirus scams, the Payment Card Industry Data Security Standard (PCI DSS) is enjoying a well-earned revival. Rob Crutchington (pictured), Managing Director at Encoded, shows how to drive compliance and build customer confidence using Agent Assisted Payments…

 According to UK Finance, card payments accounted for half (51%) of all payments in the UK in 2019 while consumer use of credit cards rose by 7% to 3.3 billion payments over the same period[i].  Fortunately, these trends in payment habits have proved invaluable during lockdown when record numbers of consumers rely on debit or credit cards to pay for essential shopping.  Unfortunately, the COVID-19 health crisis has also highlighted the darker side of human nature with credit card fraud surging 35%[ii] and reports that £4.6 million has already been lost to coronavirus-related scams since lockdown started.[iii]

If these alarming statistics are anything to go by, widespread consumer fears about the vulnerability of sensitive card data are fell-founded.  Contact centres should take charge now, reassuring customers that it’s safe to make card payments by getting back to basics and embracing the functionality of secure Agent Assisted Payment solutions.

Back to basics with PCI DSS
Even though the first version of PCI DSS was introduced a long time ago (December 2004) the international standards framework still matters for three simple reasons:

  • Worldwide weapon against a global threat – the ultimate aim of PCI DSS of reducing the incidence of card fraud and promoting best-practice in information security is now more important than ever before.
  • Strict rules, punitive actions – it’s a violation of PCI DSS to record or store any CAV2, CVC2, CVV2 or CID codes after authorisation even if that data is encrypted.  Failure to comply means hefty penalties and we all know there’s no greater incentive to follow the rules than a severe dent in the pocket.
  • Trust across the entire payment ecosystem – PCI DSS affects everyone from the contact centres offering card payments to their partners, suppliers and customers.  The simple truth is organisations that have successfully achieved PCI DSS compliance are more likely to choose their third-party service providers carefully, conducting proper due diligence and risk analysis to establish whether they have the right skills and experience to deliver secure automated card payments.  This triggers a snowball effect to raise standards all round.

Introduce clever technology behind the scenes
Once re-acquainted with the importance of PCI DSS, why not introduce technology that enables PCI DSS compliance?  The latest Agent Assisted Payments allow contact centre agents to process card payments without being exposed to sensitive card data.  After the customer has used their telephone’s touch-tone keypad to tap in their card details, all an agent sees on their screen is whether the payment has been approved or declined.

Look for a partner who is Level 1 PCI DSS accredited, which means you and your customers can rely on their technology with absolute confidence.  They should offer Agent Assisted Payment solutions that are carrier, phone and CRM system agnostic so they integrate seamlessly with your existing contact centre infrastructure to enable real-time reconciliation of payments, maintain ‘business as usual’ contact centre operations, even when working remotely and deliver a joined up and exceptional customer experience (CX).

Three ways to use Agent Assisted Payments:

  1. De-scope your contact centre – for PCI DSS compliance purposes.  Implementing Agent Assisted Payments significantly reduces the time, cost and resource required to complete PCI DSS Self-Assessment Questionnaires (SAQs) for a company to become PCI compliant.  In fact, of the controls covered in version 3.2.1 of the standard, Agent Assisted Payments places 51% completely out of scope and 30% of the remaining controls are heavily reduced.
  2. Offer Tokenisation – for multiple payments, recurring payments or returning customers, Agent Assisted Payments linked to tokenisation enhance CX.  Tokenisation is the innovative process that allows contact centres to be outside PCI DSS scope, as no real cardholder data enters the environment and makes it a less attractive target for data hacking and stealing data. Meanwhile, returning customers are not required to enter card details over and over again.
  3. Educate customers about the value of PCI DSS – the chances are that most customers will have heard about Verified by Visa, 3D Secure or MasterCard SecureCode but draw a blank at PCI DSS.  The beauty of Agent Assisted Payments is that contact centre agents can continue to talk to the card holder throughout the entire payment process.  This gives them the opportunity to talk about the important steps their organisation is taking to keep customers’ card details safe.  They can also introduce new ‘accessible for all’ technologies such as virtual terminal payments specifically designed for disabled or elderly customers who may feel embarrassed when they cannot use traditional automated payment systems and prefer the human touch.

Now is the time to renew your acquaintance with PCI DSS and use Agent Assisted Payments to drive all-round compliance. Learn how to bridge the gap between providing personalised CX and enhanced security, while significantly reducing the time, cost and resource required to comply with stringent PCI DSS rules.