× Globe

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site

Important COVID-19 update Read More


The latest thinking from Eckoh

Ouch! Is your PCI DSS solution a bad fit?
Tuesday, 10 September 2019

Imagine wearing a pair of flip-flops on a mountain hike! For contact centres, selecting the wrong secure payment solution can prove just as uncomfortable — and have painful consequences.

Bad fit 900

Card-Not-Present crime is set to reach £680m by 2020 [1] in the UK and over 60% of this is happening in the contact centre.[2] Payment security is a big issue for business and for customers. 

When it comes to PCI DSS compliance, there's a big difference between apparently simple off-the-peg solutions and more tailored approach that fits all your needs and can even de-scope your whole environment.

The idea of choosing something that on the surface seems simple can be seductive. Customer service organisations can be tempted by the idea of choosing a one-size-fits-all solution, switching it on and away they go – ticking the boxes for another year.

But what seems simple today can become fiendishly tricky tomorrow and unles it removes all card data from your environment it still leaves you wide open to data breaches.

So, what might it be good to know from the outset?

What you're really buying into
There are many aspects of a PCI DSS compliant payment solution to consider. These include:

  • The customer experience — what it's like when your customers make transactions over the phone, web chat, mobile or another channel
  • The agent experience — how they interact with customers and the equipment they use
  • The integration — with your internal processes such as billing, order fulfilment, contact history, call recording and even upselling
  • The interface with your payment service provider (PSP) and the back-office processes for reconciliation, refunds and reporting
  • The vital matter of how much of the PCI DSS compliance burden still sits with the contact centre

The simple truth is that a simple plu-and-play payment product will shoehorn you into uncomfortable compromises in these areas — that becomes more and more apparent over time.

Pinching in painful places
It could be that your web payments are not a problem, but you can't handle transactions during web chat sessions, while payments over the phone may be fraught with security concerns and clunky workarounds.

Then you discover that virtually all the weight of PCI DSS compliance still falls on you — your chosen solutions do not, on their own, achieve compliance. This creates a world of stress and angst  - cjamges to business processes, and new rules for agents to follow. Even then, you're not really sure if your security is watertight; there's that nagging fear of possible data breaches.

To follow our footwear analogy, it's like discovering your new ‘bargain basement’ shoes have a tongue missing, a wobbly heel and not much of a sole ... which explains the 'bargain' price.

Also, maybe the solutions you’re using don't integrate easily and so your agents are constantly flipping between systems, which frustrates staff and impacts the customer experience?

In reality, 'one size fits all' can mean one size fits no-one at all.

Finding the right fit for you
Custom payment solutions are different because they fit around your needs — with the minimum effort required on your side. They can wrap around your contact centre to prevent card data enteringit, de-scoping your environment and allowing your to manage your business without constraints. The best secure payment solutions work with your existing processes and systems, to make you PCI DSS compliant without forcing you to change or restricting your future growth. There's a price tag on this, of course, but you'll find it pays off - and then some.

Remember those machines that used to measure your feet in specialist shoe shops? The best secure payment solution providers do something similar. They'll want to understand your business footprint — all the dimensions of your payments processes — so they can offer a perfect fit first time. They'll engage with your specialists to ensure they meet your business needs and expectations from day one.

Discover more today
When it comes to choosing a PCI DSS secure payment solution, why take the risk with an ‘bargain’ offering when you can have something that is made to fit you now and in the future? If you want a secure payment solution that won't give you blisters after a few days, or fall apart after a few weeks, or start to feel tight after a number of months, then take a look at the nine things you need to know about PCI DSS compliance to stay ahead of security threats and discover the most robust solutions available today for securing contact centre payments across all channels.

If you’d like to have a chat about any issues or aspects of your PCI DSS compliance then get in touch.

[1] National Audit Office

[2] Aite Group Research

About the Author

Alex Monaghan

Alex Monaghan

Presales Director

Alex has over 30 years’ experience in speech and communication technology. His contact centre, telecoms and secure payment knowledge will enable him to put together the best possible solution for our customers and provide honest, clear advice and support.

Connect with us on LinkedIn

Latest Blog Items

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Find out the critical next steps to ensuring security for your remote workers involving your people, processes and technology. #contactcentres #securepayments #eckoh bit.ly/2D7QLLx
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Eckoh had an excellent performance in the year, with double digit revenue and profit growth as well as record order levels for a second year running. #contactcentres #paymentsecurity bit.ly/30NSO0U
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Find out about the 5 lessons learned from COVID-19 for contact centre resilience. bit.ly/3cPDxz3

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube