The pandemic has prompted the creation of a new type of customer: one who wants to conduct their entire journey with a business online. As more and more businesses are transitioning to an omni-channel communications model, companies’ service offerings get increasingly diversified, and customers expect to have the same level of service across all channels.
This, combined with the fact that agents are now working from home, creates new security and compliance considerations that organisations need to be aware of.
Does their technology allow them to continue taking secure, PCI DSS compliant payments even when an agent is working from home?
How, then, can a company receive payments freely without having to jeopardise its reputation and the security of its clients?
I sat down with Shameem Smillie, Contact Centre Sales Manager UKI at Mitel, and Iain Regan, CRO at Semafone, to find out.
Security First
All companies receiving credit card payments from customers are obligated to comply with the PCI DSS (Payment Card Industry Data Security Standard). Says Regan:
“The PCI DSS stipulates: If you are taking card payments, you need to ensure that the sensitive payment card data is taken, processed and stored in a secure, structured, and consistent way”
Over the past few years, governments and inter-governmental bodies like the EU have also started to get more involved in how businesses are handling customer data. This growing involvement also means that if a business doesn’t make compliance a priority – it might suffer more than just reputational damage.
“The internet has created an explosion in the use and availability of personal data,” says Regan. “Unfortunately, it also means that in the wrong hands, this data is worth money and attracts fraudsters. The laws and regulations regarding data security are telling companies: If you don’t put customer data and security at the heart of what you do – expect to get some really big fines.”
The Current Challenges
“COVID has created a situation where consumers can’t visit a physical store,” says Regan. “Therefore, they are now seeking other areas of a business to engage with, which is typically the customer service or call centre.”
This rekindled popularity of the call centre creates an unprecedented call load, which in turn leads many costumers to a new type of journey: a digitally-based journey.
“Suddenly companies have got customers chatting with them or texting with them on Facebook Messenger. Those customers expect the same level of CX – they expect the digital channels to be as fully-enabled and as fully-featured as if they were calling the call centre or walking into a retail store. This is where organisations need to consider what their technology allows them to do. Do they have the ability to commercially-enable any of those digital channels, keeping them from losing any revenue-generating opportunities, while still maintaining a secure, and most importantly, a PCI DSS-compliant environment?”
Why Choose an Automated Solution?
There are various downsides to using traditional, voice-based solutions in order to tackle current data security challenges. One of the main ones is the need to maintain PCI DSS compliance manually, requiring a large amount of time and resources.
“The contact centre comprises many different elements – from the physical environment to people, IT, telephony, etc. All of these elements could be exposed to card data, making it really complex to secure the contact centre as a whole,” explains Regan.
“Therefore, what you tend to find is while businesses may be compliant on the day of audit, it only takes one element to go wrong in order to put them at risk of being non-compliant. This is why maintaining compliance manually is incredibly time-consuming and not as efficient as using an automated or de-scoping solution”
By utilising the Semafone-Mitel solution, a company can spare itself a lot of compliance headache, both now and in the future.
“We’ve got a customer with over 1000 agents – they’re a great example for this,” says Smillie. “By deploying Semafone in conjunction with Mitel, they were able to save time and resources, and spare themselves the anxiety of preparing for an audit.”
Both Simple and Secure
“The Semafone secure payment solution is embedded within Mitel’s platform. So from an agent’s perspective, it all looks and feels exactly the same,” says Regan. “We’re simply capturing that card data in a different way: instead of the customer verbalising their card data, they type it in their telephone handset, or the agent sends them a secure link, allowing them to discretely enter their payment details using whichever payment method they choose.”
In fact, Mitel and Semafone take all the card data away from the merchant, ensuring utmost security.
“The contact centre agents can no longer see or hear that card data because all of it has been securely captured by Semafone in the cloud. This means that fraudsters can’t intercept or hack contact centre systems or bribe agents anymore, since the card data is no longer shared or stored – you can’t hack data you don’t hold.”
Going into 2021, organisations will need to adapt quickly to make sure customers encounter maximum convenience whenever they interact with the brand. Allowing secure digital payments will be an important part of that.
