× Globe

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site

Important COVID-19 update Read More


The latest thinking from Eckoh

How can I avoid storing card data when taking payments?
Tuesday, 25 February 2020

Are you worried that storing customer card data will make you a target for criminals? If so, you're not alone. Most merchants feel the same way. But there is an answer.

Do not enter sign 900

Most of us would feel on-edge if we walked around with £50,000 in crisp banknotes stuffed into our pockets. So it's no surprise that the majority of merchants feel the same about the precious customer card data they're holding onto in their contact centres — especially as it places them within scope for PCI DSS compliance.

Recent research from American Express shows that 55% of merchants store customer profiles and card payment details for future purchases — and another 22% plan to do the same in the next 12 months*. However, 73% of merchants feel that storing customer credit cards on file is a security concern for their business. And 76% would prefer not to store customer credit card details at all. Some are bothered about the costs involved too.

But it seems that the need to offer simple payment options and deliver great customer experiences — to stay competitive — may have pushed merchants into this uncomfortable position. So what's the answer?

Where is card data hiding?
Before looking at solutions, it's worth exploring where customer card details are stored within a typical contact centre. It can be unnerving to discover where pockets of precious data end up:

  • PBX-telephony systems: If you take payments over the phone, then sensitive details could be found here.
  • Databases: These are an obvious location for sensitive data. But how good is your security around them?
  • Applications/CRM: Card details could be found alongside your customers' account profiles.
  • Call recordings: Calls are often recorded for training or legal purposes. But recordings can inadvertently contain card numbers spoken aloud by customers or entered using audible DTMF keypad tones that can be deciphered back into numbers.
  • Contact Centre Agents: It's not unknown for agents to scribble down people's numbers or cut-and-paste details from one screen to another because of system issues. It's an area of vulnerability even if agents don't have fraud in mind (though this can be a motive).

PCI DSS non compliance isn't an option

Any merchant that wants to process, store or transmit credit card data needs to be compliant with PCI DSS industry standards. Navigating PCI DSS involves checking PCI merchant levels, investigating the best way to provide PCI DSS compliant payments and completing a PCI assessment.

But attempting to handle each of these areas yourself using an array of PCI DSS compliant solutions can be complex, costly, time-consuming — and never totally secure. Think about new equipment, integration, patching, training and trying to enforce strict policies. Even then, you're still vulnerable to human error, mischief-making or insider fraud  

You'll still be a target too — for criminals that are getting increasingly sophisticated in their modes of attack. So what's the alternative to trying to sort your own contact centre compliance?

Lifting the burden from your business

Rolling back on customer convenience isn't the way to go. But it's possible to overcome the data security risks by using a solution that prevents data entering your systems in the first place – such as Eckoh CallGuard or ChatGuard.

For customers, the process is ultra smooth. They still speak or chat to your agents, use your familiar apps and your website as normal. What's more, with a PCI Level 1 partner such as Eckoh, you can add extra payment methods securely — such as e-Wallet payments, Chat Payments or IVR payments.

Behind the scenes, CallGuard prevents any sensitive data from entering your contact centre systems. Instead, data passes through Eckoh’s secure platform to the Payment Service Provider (PSP) and transaction success is confirmed by return.

Inside your contact centre, the data is masked by Eckoh’s patented tokenisation technology which makes sure that the real card data is not exposed to your agents or systems.  

So your entire contact centre environment is shielded from any trace of sensitive data. This means that even if criminals managed to get around your security, infiltrate your workforce or obtain information from systems — there's nothing sensitive to steal.

Entirely de-scoping your contact centre means that customer service directors, contact centre managers, chief security officers and heads of compliance can breathe a sigh of relief. While they cannot pass on the whole burden of PCI DSS compliance, it can ease the load, risk and the worry.

Call centre compliance made easy

De-scoping your contact centre can be quick and relatively pain-free. It doesn't require the wholesale removal of your technology, expensive investment, painful integration and months of disruption impacting staff and customers.

With a cloud-based platform, such as the Eckoh Experience Portal, you can quickly access all the engagement channels and payment solutions you need to truly transform customer engagement and protect customer data as well as achieving, and maintaining, PCI DSS compliance. Take a look at our guide on ‘PCI DSS: De-scoping your contact centre’ which explores these issues or get in touch for more information.

*American Express Insights 2019 Digital Payments Survey

About the Author

Claire Lynam

Claire Lynam

Marketing Manager

Claire is a professional marketer with 30 years experience in marketing, communications and PR, creating content and collateral that resonates with an organisation's audience. Having worked in multi-national companies and SMEs, Claire has expertise in creating messaging that works for both B2C and B2B markets. 

Connect with us on LinkedIn

Latest Blog Items

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Want to get more sales or bill payments across the line, then the answer could reside with your Chat or Chatbot. #webchat #chatbots #securepayments #chatguard eckoh.com/chatguard
Eckoh (@Eckoh)

Eckoh (@Eckoh)

We are very pleased to announce that Eckoh has won both the Judges Award and Customer Choice Award for the Best Contact Center Solution at the 2020 Card Not Present (CNP) Awards. eckoh.com/resources/news… #Awards #paymentsecurity
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Eckoh is urging UK companies to take security seriously in their contact centres when adapting their home-working and office working routines as the lockdown is eased. eckoh.com/resources/news… #contactcentre #remoteworking

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube