PCI DSS impacts local and global enterprises whose contact centre agents take card pay-ments over the phone using in-house and/or outsourced call centres, outsourced IT, out-sourced agents and home workers.
PCI compliance and data protection in contact centres are hot topics for issuers, acquirer, fraud monitors, merchants, outsourcers and consumers around the world. Some merchants are taking action to make their systems for contact centre telephone payments compliant with PCI DSS, but others are not moving fast enough, either in terms of industry standards or consumer expectations.
Merchants are adopting very diverse strategies for operating contact centres. They include the following three approaches –
Head in the Sand: These organisations are adopting a trust-based approach relying on exist-ing systems and staff, including elements of “clean-rooming”, but are unaware of the seri-ousness of PCI requirements.
Segmenting the Problem: Here, organisations are setting up discrete payment teams to re-duce the number of agents taking payments
De-scoping payments: Organisations engaged in PCI compliance are using technology to shield crucial payment card data from the call centre.
Contact centre managers are getting more pressure to comply with PCI DSS, not just from card issuers, acquirers and industry associations, but from their customers too. According to recent research by Davies Hickman for Syntec Telecom 68% of UK consumers feel call centre managers should do more to prevent credit and debit card fraud while only 14% feeling very confident that organisations they buy from will keep their personal and card payment de-tails secure.
Trust is a big issue, with 80% of consumers saying they felt some call centre agents may commit fraud by stealing personal data and credit card payment details given over the phone. Only 3% of consumers say payment over the phone to a call centre is the most secure method (compared to chip and pin, online and self service.)
With 3,000 contact centres in the UK employing 500,000 people, agent turnover often runs at 30% per annum, creating a continual need to train new starters and vet their credentials. If merchants do not keep personal data secure, the consequences may be expensive, both in the case of compensation, fines and potential loss of reputation.
For full details of the report:
http://www.syntec.co.uk/index.php?p=whitepaperPCIDSS