PCI DSS Compliant Card Transactions
Introduction
Any contact centre or business that takes credit card payments over the phone is subject to the Payment Card Industry Data Security Standard (PCI-DSS). These standards, developed in collaboration with card providers such as Visa, MasterCard and American Express, specify what should and what should not be done during a transaction, and have the specific aim of reducing fraud.
All centres must be compliant by now, the deadline expired in 2008. But research shows that many are still struggling to become compliant, as the costs can be high. NewVoiceMedia has introduced a PCI-DSS Level 1 compliant service that will help your organisation become compliant with the minimum of fuss...and cost.
At a glance…
- We provide a ‘mid-call’ IVR to automatically collect card payments
- Automated system with on-line data checking reduces errors and loss of time if card is out-of-date, credit limited or stolen
- Full call recording of all conversations for training and security – except for the card details themselves (as specified by PCI-DSS)
- Easy integration with the back-office: the agent populates the screen-pop with customer details, the PCI IVR automatically adds payment received flag. The actual card details are hidden.
- Direct link to the Payment gateway company (such as WorldPay) to speed up transaction processing
- The service is certified PCI-DDS Level 1 compliant – using our service drastically simplifies your compliance process
- Can be added to your existing call centre infrastructure
- No agent in the loop means that the risk of fraud is reduced
- No hardware or software to buy or integrate, the service is provided using a Software-as-a-Service (SaaS) business model.
- Valid for virtual centres and homeworkers
NB NewVoiceMedia is a certified PCI-DSS Level supplier. Please ask to see our certificate (or those from alternate vendors). Very few companies are actually registered!
The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
The PCI Security Standards Council’s mission is to enhance payment account data security by fostering broad adoption of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International.
Click logo to visit PCI site or visit https://www.pcisecuritystandards.org/
The Problem
The risk of fraud a contact centres is substantial; any agent writing down card details could be tempted to cheat…and there are many stories of agents being threatened by gangs to give out sensitive information. The penalties for any organisation caught out by fraud are usually severe: not only in terms of bad publicity but also the costs of recovering from the situation and the penalties that can be raised by the payment card vendors themselves. Sanctions range from a large fine and even withdrawal of the service.
Several years ago the Payment Card Industry (PCI), a consortium of card companies such as Visa, MasterCard, American Express...) created the Data Security Standard, the intent being to reduce fraud by restricting access to sensitive cardholder information.
The PCI-DSS Standard
Anyone taking credit card details over the phone should now be compliant to the PCI-DSS standard. The guidelines not only define what should, and what should not, be done with credit card details, they also specify the various levels of security to protect the computer systems being accessed by unauthorised people. So the scope is far deeper than the 'don't make any recordings' that many people think the standard just implies.
The level of compliance to meet the PCI-DSS standard varies according to the number of transactions a company makes. Small companies taking under 20,000 transactions per year can self-certify; larger companies with over 150,000 transactions must have externally audited processes.
While much of the PCI-DSS standard is just good business practice, the cost of becoming compliant can be very high, especially for the largest contact centre operations. We know of many contact centres are still not compliant because they can not afford to become so.
Until now…
The solution
NewVoiceMedia has developed a service that will enable your organisation to become compliant far faster and at a fraction of the cost. After the agent takes the purchase details the caller is passed to an automated (and secure) IVR system that takes the card details using the callers touch tone pad. During the data collection the agent can be entering all the customer purchase details into the screen pop and preparing for wrap-up. Once the card details are collected the caller could be routed back to the waiting agent where any problems with data entry could be discussed (card out of date etc).
The benefits
The real beauty is that use of our solution eliminates much of the hard work in becoming compliant for yourself – in effect you are not only outsourcing the data collection problem, you are outsourcing the real bottleneck in becoming compliant. Because we are able to spread our solution over many customers we can provide a high security system at a fraction of the cost that you could do the job yourself. It is important to note, however, that we are just one part of the compliance process...you still need to become compliant, but now the costs and timescales are drastically reduced.
| Download the flier | | Join the webinar |
.jpg)
Click here to download flier. (Includes PCI-DSS FAQ section) |
| 
A PCI-DSS webinar that discusses the issues raised on this page is usually held once a month. For more information click here.
|