Organisations that accept card payments over the phone are recording calls for training and monitoring purposes, an obligation the Financial Conduct Authority (FCA) put in place to prevent, detect and deter market abuse. This becomes difficult for those wanting to achieve the Payment Card Industry Data Security Standard (PCI-DSS) which states that no sensitive card data can be recorded.
“But, I’m already PCI compliant, I use pause and resume call recording so my customers’ card details aren’t stored anywhere”
Many organisations believe “pause and resume” or “stop/start” call recording technology is a solution. The agent pauses the call recording at the point where the customer reads out their card details and resumes the recording afterward. The end result is a recording with the payment portion and sensitive information removed.
Pause and Resume Through Manual Intervention isn’t Compliant
The PCI-DSS guidelines stipulate that sensitive card data is removed from call recordings automatically, without the need for an agent or other members of staff to intervene.
Your Staff Are Responsible for Pausing the Recording
If an agent is able to pause the recording, it allows them to say something to the customer off-record. This isn’t compliant and can cause serious customer service issues. Additionally, the agent could forget to pause the recording before taking payment, putting the particular customer at risk and defeating the point of having a solution in place.
Card Details Can Still Be Heard by an Agent
Even with call recording paused, agents can still hear sensitive card details. They could potentially write them down and use or share them for malicious purposes, or simply leave them exposed on their desk for others to see.
Information Can Be Missed
Similarly to agents speaking off-record, a customer can mention something important that isn’t captured in a call recording for future use. Especially relevant if the transaction has just taken place and the agent forgets to resume recording.
Cost and Time of Maintaining
In order to follow the FCA rules related to call recording, the audio files would need to be maintained and monitored regularly to ensure it is only the sensitive card data that agents are excluding from the call. A timely and costly process for any organisation.
The Correct, Complete and Compliant Solution
With an Agent Assisted Payments Solution from Key IVR, the customer still uses their keypad to enter payment details but Twin Clamp Technology DMTF suppression is applied to the keypad presses, ensuring no sensitive information enters the Contact Centre payment system and isn’t present on the call-recording, allowing them to record the entire call.
It’s still easy for a customer to make a payment when on the phone with an agent. At the point of taking payment an agent simply asks a customer to enter their card details onto their phone keypad, the agent stays on the phone to communicate to the customer and assist them with the payment process via a live webpage. Improving customer experience and increasing payment conversion without the need to rely on an agent to pause the call, removing the risk of human error.
Talk to Key IVR and let us help you reduce serious security risks within your Contact Centre with our PCI-DSS compliant solutions. We work in partnership and integrate with a wide range of payment providers and suppliers with the aim to design a solution that meets your individual business requirements.
Find out more about our services:
Alternatively, please contact us on 01302 513 000 or email sales@keyivr.com to discuss your requirements.
