Make PCI DSS compliance an intrinsic part of your Information Security framework but ensure it’s not a one-off exercise. That’s the message from Rob Crutchington, CEO of Encoded. Here, he shows how to reduce customer effort and boost payment success while protecting sensitive card data.
The latest version of the Payment Card Industry Data Security Standard (PCI DSS) became mandatory in April this year. This gave organisations an opportunity to exploit the most robust framework yet for protecting payment card data against increasingly sophisticated cyber threats. Ultimately, success depends on a complete change of mind-set when it comes to handling payments in contact centres – and it’s not a one-off exercise. PCI DSS compliance is a fundamental part of any good continuous improvement programme and must be revisited every year – and that takes time and resource.
PCI DSS compliance can be a full time job, a reality highlighted by ContactBabel’s latest research into fraud reduction and PCI compliance which revealed how achieving and then maintaining continuously high levels of PCI Compliance is a major challenge facing organisations today. Add to this the competitive pressures commonly shared by Encoded’s own customers and it is easy to see how PCI DSS compliance can quickly fall off the priority ‘to do’ list. Here is a round-up of the top PCI challenges and how to overcome them:
1. Cost is a major barrier – customer ID and verification costs UK organisations £2.43 billion a year
According to ContactBabel’s research the majority of organisations (68%) across many different vertical sectors take card payments. However, there has been a gradual 5% decline since 2019 mainly because of the expense and effort needed to achieve and maintain PCI DSS compliance especially when it comes to investment in and sustained upkeep of software and payment technology (65%). Furthermore, when 89% of payment calls are authenticated by agents and it takes 44 seconds to screen each customer, UK customer service operations are spending a whopping £2.43 billion on identification and verification costs alone.
The first step towards overcoming these costs and the amount of effort involved is to work closely with an approved Level One PCI DSS supplier such as Encoded that truly understands the value of compliance. They also have the knowledge, experience and latest tech to keep your business and customers safe in a highly sustainable way. For example, modern Agent Assisted Payment solutions with an added Fraud Prevention Platform allow faster processing of card payments, cost-effectively without agents or the organisation being exposed to sensitive card data.
2. E-commerce is on the rise but it is changing
Online shopping has undeniably become the norm and by the end of 2024, the UK is expected to have 50 million e-commerce users. At the same time, the way people choose to shop online is changing. For example, card-accepting organisations are having to cope with the rapid shift from credit and debit cards to Alternative Payment Methods (APMs) including digital wallets like Apple Pay and Google Pay. The popularity of the latter is increasing and accounted for 35% of e-commerce transaction values in 2022.
Despite this huge business opportunity, too many organisations are lagging behind, held back by clunky processes and technology that result in abandoned online shopping baskets while exposing them to the serious risks of non-PCI DSS compliance. It’s time for card-accepting organisations to step up their game by embracing the latest tech heroes including Payment Orchestration. These offer a single, dynamic and highly secure platform for managing the entire payment process, from payment authorisation to transaction routing and settlement, irrespective of gateway payment provider, acquirer and the consumer’s preferred payment method.
What is more, Encoded’s comprehensive range of e-commerce solutions are proven to reduce costs through greater use of self-service options, cutting acquirer fees and reducing PCI DSS costs.
3. Digital processing needn’t be complicated
Adopting a digital first strategy is the way forward for successful businesses, opening up different channels and making it easy for customers to pay securely, anytime, anywhere. Digital processes such as two-factor authentication though increasingly commonplace, provide a highly effective identity and access management security method. Using solutions such as Encoded’s PayByLink, consumers can pay securely by debit or credit card in a hassle-free way and at their own convenience. A one-time link providing a pre-populated payment form to pay with previously stored card or submit new details is simply sent to customers via SMS, Email, WhatsApp or Facebook Messenger.
Valuable time is freed-up, enabling customer service advisors or contact centre agents to handle more complex calls and revenue generating activities. Meanwhile, staff and network resource contact with any personal customer data is totally eliminated to assist with PCI DSS as well as General Data Protection Regulation (GDPR) compliance.
For more ideas on how to stay one step ahead of the ever-changing PCI DSS compliance landscape – and the competition, contact us.
