PCI-DSS is a huge problem for Contact Centres.
I was called today by a large multinational bank. The conversation was straight forward enough and the customer service agent was professional, no dramas there. Suddenly it came to making a card payment. To my shock the call handler simply asked for my details. No break in recording no automated system kicking in, simply fire straight in.
I know things are all a bit strange in this new world order and forgiveness can be given to the local small business taking a phone payment. However even the ‘home working’ scenario can not excuse large multinational banking groups! T-mobile would testify to the efforts they have gone to implement new systems since their little miss hap in 2006. (Where they lost 17 million German customers details and they appeared on the dark web for sale!)
What is PCI DSS Compliance:
PCI DSS compliance basically means that any payment gateway that a company has is run in a way where none of the details are stored or accessed by their system or operators. Any sensitive card information entered using the keypad goes directly to the card company. The call centre is then notified when the payment is completed. There is no point during the call that any secure details land on the call centres system or with the agent. In short, problem solved, you can’t leak what you don’t have!
Route One Connect has a PCI DSS compliant system using Amazon Connect. We have 2 modes. First is the self-service method where the IVR asks for the details sends the information to you any payment gateway. The Second, is an agent led solution still using Amazon Connect where the tones are masked from the agent and the agent screen. With the system easy to configure and cost effective, there are no excuses all to put your customers details at risk.
Similarly, For more information on PCI-DSS please check out our other blog post here.