January 7, 2019
Stay in the Know
Contact centers have a critical role in facilitating sales between enterprises and customers by securely processing credit card payments on the telephone. The value contact centers and their agents provide is especially significant during busy shopping seasons, such as the holidays, during which there is a substantial surge in the volume of sales.
However, the processing of credit card payments in the contact center presents a number of fraud issues to be addressed. While there is fraud in all channels of the sales process, according to research firm Aite Group, a startling 61 percent of fraud originates in contact centers. For the individuals who engage in fraud to obtain sensitive credit card information, business is lucrative and is expected to continue to thrive. In fact, the losses sustained by contact center fraud are expected to double by 2020. How can contact centers and their agents provide a secure environment that will protect their customers’ data?
Managing PCI DSS Compliance
Contact centers are subject to a wide range of regulations, and any regulatory mistakes can result in risks that expose customers’ sensitive payment data. The Payment Card Security Council and the Payment Card Industry Data Security Standard, or PCI DSS, was established by the major credit card firms to ensure that all enterprises that handle credit card information do so in a secure environment.
PCI DSS compliance, which deals strictly with payment card data and cardholder information, is a time-consuming and difficult goal. Approaching it as a task that has to be addressed just once a year is a mistake. Because the standards are routinely updated, the continuous enforcement of PCI DSS compliance is necessary. This not only helps to protect contact centers and their customers from schemes, but it also gives enterprises access to processes and policies that can back their business and operational goals.
Contact centers that are not in compliance with PCI DSS face risks, including forensic audits, monetary fines, restrictions by payment brands and irreversible damage to their own brands.
Factoring in the GDPR
Although the General Data Protection Regulation, which became effective on May 25, 2018, was established to protect the citizens of the European Union, the legislation is applicable to any enterprise in the world that collects and processes personal data, which may be used in the EU. This includes contact centers.
The GDPR’s impact on the contact center industry centers on the handling of customers’ digital data. The scope of GDPR is much wider than that of the PCI DSS standard and covers all personally identifiable information or PII. Under the GDPR, individuals whose data is stored by contact centers are essentially given rights over what happens to their data and where it may be transferred.
Recognizing and Preventing Credit Card Fraud
There are certain behaviors and strategies that fraudsters may utilize while on the phone with contact center agents:
- Individuals will impersonate actual customers and compel contact center agents to “update” PIN numbers to accounts or change contact information.
- They will use stolen credit card information to place an order over the telephone.
- Fraudsters will trick agents into providing the sensitive information to build a profile that will be used for fraud in the future.
Solutions for Mitigating Risk
While there are many options for mitigating the risks associated with processing credit card payments in contact centers, the most effective solution may be one that provides the security mandated by regulatory compliance without hindering the customer experience. Agent-assisted solutions that eliminate the sensitive data from the equation can help mitigate threats. During and after the payment transaction, the agent will remain engaged with the customer without having access to their payment data, while the customer will have confidence in the security of the transaction as their data is not recorded or stored.
Contact centers have a duty to maintain the proper safeguards to mitigate outside and inside risks associated with the processing of credit card payments and to do so while maintaining an optimal experience for customers. This can create a balancing act between having the technology to provide a secure environment while allowing agents to provide the best customer service without fear of exposing customers’ data.
Learn more about transforming credit card payments into a simple, collaborative process between agent and customer.
Get a step-by-step guide to maintaining GDPR compliance and ensuring that your contact levels and communication activities are not negatively affected.