Posted inPCI DSS Compliance
Consumers adore new technology — but criminals love it too. So what safety principles should innovative companies be taking to heart during October, European Cyber Security Month?
We all value new technology if it gives us more choice, convenience and control. We'll even share our personal details — and hand over our bank card details if something's really worth paying for.
Over coming months, we'll see more emerging tech in areas such as:
- Smarter homes, surrounded by the Internet of Things that create unique customer needs
- AI-based voice assistants to manage our lives, curate our entertainment and pick out products
- Tech that learns about us and predicts what we want — before it's even crossed our minds.
In time, we'll witness the 'digital concierge', an ambient, data-driven assistant that will stay with us everywhere, across communications channels — in our homes, cars and at work. We may even trust it to look up reviews and make simple spending decisions for us.
But when launching new tech-driven consumer services, companies shouldn't just be thinking about innovation, sales and how to deliver a great customer experience — data security must be a priority.
Emerging technology can give businesses a competitive advantage. But it can also open up sweet spots for criminals if new services run ahead of security.
The stakes are getting higher too. The more that new tech becomes embedded within our lives — and the more we trust digital services without thinking — then the easier it is for criminals to take advantage. And the more shocked we'll be if our personal data is stolen. It's worth remembering, 78% of customers already won't go back to an organization that's experienced a breach (Ping 2018 Customer Survey).
Because criminals follow the money instinctively, then the top priority for companies should be protection around card payments whenever they launch a new service.
But this raises an immediate question: Should the company manage this security themselves ... becoming experts in the Payment Card Industry Data Security Standard (PCI DSS) and figuring out how it should apply to the leading-edge services they're trying to launch quickly?
Alternatively, should organizations rely on a payment partner to take care of everything?
Before answering that question, it's worth taking a step back. When it comes to tech innovation, companies should have a payment security strategy that's built on three principles:
#1: Ensuring business flexibility
Financial regulations keep changing, so your security capabilities should be able to adapt easily to whatever your business needs, your customers want — and what the industry demands. This means cloud-based solutions are ideal.
#2: Favouring speed and simplicity
If you're about to release new technology, don't get mired in complexity. Find a way to enable security, without disrupting your business or delivering a cumbersome customer experience.
#3: Reducing the burden of PCI DSS compliance
Payment security isn't an annual set-and-forget activity. It's costly, risky, difficult and must be lived out, daily. If your corporate mission is something different to becoming a payment security company, then don't turn into one by accident.
Keith Ward, Technical Director at Eckoh says, “We believe that payment security takes specialist know-how. It's not a case of merely ticking boxes on a compliance form in-house, bolting together a few APIs and then relying on your staff implicitly. Criminals are way more devious than people often realize and it takes constant vigilance, consistent process and a security-minded culture to keep them at bay.”
Trusting a partner to take care of payments for you is the best way to go, so you can focus solely on the innovation that will give you the edge. Best of all, if a partner is able to effectively wrap a security blanket around your business by ensuring that card data never touches your systems — then you can't fall victim to hackers, rogue agents or employee blunders.
“At Eckoh, we've earned our reputation creating payment solutions that help organizations to achieve compliance easily without taking on the burden of regulations and removing the risk of handling sensitive data whilst paving the way for innovative new services” says Ashley Burton, Head of Product at Eckoh.
“For example, our patented, award-winning CallGuard product tackles an age-old security vulnerability by enabling contact center agents to take payments securely over the phone. Now agents can process the transaction without seeing, hearing or being about to look up a customer's card details.
We also pioneered payments with e-Wallets, achieving the world's first Apple Pay transaction made over the phone. Eckoh also became the first PCI DSS Level One service provider to allow secure payments within web chat sessions as part of a continuous conversation using our breakthrough ChatGuard service.
We’re working on a ton of other innovations too, extending our platform to help secure new and emerging technologies so we’re always ready before mainstream consumer usage reaches critical mass.
The good people behind European Cyber Security Month (ECSM) came up with a slogan for 2019: "Cyber security is a shared responsibility." The message from Eckoh is that the sharing doesn't have to be just between you and your customers — we're here to help shoulder that burden with you.”
- Take a look at the Eckoh’s range of contact centre technology solutions that provide the channels and payment solutions they need to transform customer engagement, protect data and achieve PCI DSS compliance. Now you can meet customer expectations and maximize satisfaction – without having to rip and replace systems endlessly.