Jon Dawson, chief revenue officer at Cirrus, discusses three ways that companies can balance compliance requirements to keep consumer data secure, while delivering the best customer experience.
With the continued advice to work from home, and the looming prospect of widespread lockdown restrictions, the issue of PCI compliant payments has come under scrutiny again. Whether buying online or paying bills over the phone, consumers assume the company they are dealing with will manage their card data securely. But with many agents now also working from home, how safe are customer card details?
Card fraud and cyberattacks are never out of the news – UK Finance (the collective voice for the UK banking and finance industry representing more than 250 firms) reported that financial fraud losses across payment cards, remote banking and cheques totalled £824.8 million in 2019. If a business suffers a data breach and is not PCI DSS compliant, it will incur hefty fines. These penalties can be as high as £79 per record, which means that even if a business is processing a few hundred transactions a month, it could be faced with crippling fines. On top of this, there is the reputational damage and associated revenue loss.
There is a common misconception that PCI compliance cannot be maintained with agents working remotely. Happily, this isn’t the case at all. Although it is not practical to ensure an agent is adhering to a ‘clean desk’ policy at home, there are some effective and quick to implement tech solutions that remove risk and ensure compliance – whether agents are in the office or at home.
PCI compliance for remote working
- Agent-Assisted Payments is a way of meeting PCI compliance while enabling agents to take payment on a recorded call. Agents can log in from home and continue to take payments safely and securely. Customers key in their credit card information and the tones are hidden both audibly and visually. This allows the personal touch while keeping customer details protected.
- IVR Payment Service removes the agent risk from the loop entirely by passing customers to a self service IVR to make their payment. However, the IVR solution itself will need to be PCI compliant and the process can be a cumbersome experience for customers.
- Cirrus Link Pay+ enables an agent to send the customer a secure payment link, via web chat, WhatsApp, SMS or Facebook Messenger – while they are on the phone. Customers enter their card details on a secure website page with confidence. The agent (or a digital bot) on the call sees a checklist of the steps completed and can give help while on the phone or online but can’t see the card details. It’s easy, fast and convenient for the customer.
A PCI DSS compliant technology solution is the straightforward answer to protecting data and maintaining compliance for both office and home-working agents. Not only does this provide consistency across the organisation regardless of location, it also delivers a secure and seamless customer experience.