Consumer trust in a business has never been so critical. Take, for example, the recent hack on Ashley Madison which saw customer data stolen from its 37 million users, leaving patrons details exposed and the businesses reputation in tatters. This news demonstrates the need for customers to feel confident that their financial and sensitive details are safe when parting with them over the phone and online. The bottom line is, if the public does not trust your brand, they aren’t going to give you their custom.
Coupled by the fact that upcoming changes to the European General Data Protection Regulation will provide uniformity of data protection laws across all 27 EU states, businesses need to act now to educate customers on the security surrounding remote payments. They also need to review their PCI compliance in order to protect consumer data and avoid fines of up to $100,000 per month under the new EU Data Protection Law set to arrive in 2017.
In fact, according to a recent survey of 2,000 UK consumers by Elitetele.com, 97% don’t know what happens to sensitive information they give to call centre operatives over the phone. When asked to describe what happens, over a third (36% stated they had no idea and almost two thirds (61 per cent) incorrectly identified what information operatives have access to and how it is stored.
Consumers also have significant insecurities about how financial information is handled, despite technology existing to guard against criminals online. 40% stated they are not confident their payment details are secure from being hacked by cyber criminals, and 30% are scared operatives can secretly record their information elsewhere. Which is just another reason for customer’s to not want to hand over sensitive financial information.
But where do these insecurities derive from? The simple answer is a lack of compliancy. With a widespread adoption of compliance put in place, it would provide a more transparent and trustworthy relationship between brands and customers.
So how can businesses do their bit to make customers more receptive, while building long lasting and trusting relationships? While there is no one size fits all solution, the following three steps will help any business to ensure they are PCI compliant ahead of these changes, an in turn create a safe and transparent environment for customers:
1. PCI DSS Compliance Call Recording
PCI compliance is mandatory for any business taking payments over the internet or on the phone to minimise the risk of fraud. In fact, the Financial Services Authority (FSA) requires all financial companies to record and store their telephone conversations. However, it is a violation to store any sensitive authentication data, should companies be found to violate this, penalties and fines could be enough to close a business down.
To safeguard against this, businesses must have in place a fully compliant PCI call recording system that satisfies all criteria outlined in the PCI DSS, as well as regulations from the Financial Services authority. By doing so, agents don’t hear or see any sensitive information provided by the customer and the information remains missing from stored or archived call recordings.
2. Interactive Voice Response Payment System
Research has found that 75% of consumers prefer talking to a customer service representative over the phone rather than online. This makes perfect sense; for customers a quick phone call eliminates waiting time and solves the problem there and then. However, with this comes the need for increased customer support and, with more agents involved in the payment process, the worry of non-compliance.
Using a state of the art IVR payment system enables customers to make payments without the need for an agent, or the need to store credit card details, making the transaction 100% PCI compliant.
3. PCI – Data Governance
A Data Governance solution allows organisations to manage access entitlements efficiently and effectively as well as audit access to every file and email event. This ensures Data Governance policies are in place and adhered to.
In the case of PCI, it is important to protect not only databases, but file shares as well. Customers can then rest easy that their details are secure, and out of reach of curious members of staff.
4. PCI – Data Governance
A Data Governance solution allows organisations to be able to keep pace with data, manage access entitlements efficiently and effectively, audit access to every file and email event, identify and involve data owners and find and classify sensitive and business critical data. This ensures Data Governance policies are in place and adhered to.
In the case of PCI, it is important to protect not only databases, but file shares as well. Customers can then rest easy that their details are secure, and out of reach of curious members of staff. When file shares contain any of the PCI-designated sensitive information, organisations need to audit access to these shared networked resources as part of their PCI compliance efforts.
Understandably, there is no one size fits all solution. Compliance levels depend on the size and nature of a business, and knowing where to start can prove a daunting task due to ever changing rules and regulations. What is clear is businesses need to seek expert advice on deploying the right solution ahead of the new EU legislation, helping them become and remain PCI compliant. By doing so, they can have the peace of mind that they will not be handed a fine which will halt future business growth, not to mention the irreversible damage it can do to a brand’s reputation.
By Matt Newing, CEO at Elitetele.com, is a unified communications provider, delivering an unrivalled, next generation product portfolio to businesses that is designed to increase efficiency, cut costs and deliver return on investment.