Blog

The latest thinking from Eckoh

Ouch! Is your PCI DSS solution a bad fit?
Tuesday, 10 September 2019

Imagine wearing a pair of flip-flops on a mountain hike! For contact centers, selecting the wrong secure payment solution can prove just as uncomfortable — and have painful consequences.

Bad fit 900

Card-Not-Present crime is set to reach $7.2 billion by 2020 [1] in the UK and over 60% of this is happening in the contact center.[2] Payment security is a big issue for business and for customers.

When it comes to PCI DSS compliance, there's a big difference between apparently simple off-the-peg solutions and a more tailored approach that fits all your needs and can even descope your whole environment.

The idea of choosing something that on the surface seems simple can be seductive. Customer service organizations can be tempted by the idea of choosing a one-size-fits-all solution, switching it on and away they go – ticking the boxes for another year.

But what seems simple today can become fiendishly tricky tomorrow, and unless it removes all card data from your environment it still leaves you wide open to data breaches.

So, what might it be good to know from the outset?

What you're really buying into
There are many aspects of a PCI DSS compliant payment solution to consider. These include:

  • The customer experience —what it's like when your customers make transactions over the phone, web chat, mobile or another channel
  • The agent experience — how they interact with customers and the equipment they use
  • The integration — with your internal processes such as billing, order fulfilment, contact history, call recording and even upselling
  • The interface with your payment service provider (PSP) and the back-office processes for reconciliation, refunds and reporting
  • The vital matter of how much of the PCI DSS compliance burden still sits with the contact center

The simple truth is that a simple plug-and-play payment product will shoehorn you into uncomfortable compromises in these areas — that become more and more apparent over time.

Pinching in painful places
It could be that your web payments are not a problem, but you can't handle transactions during web chat sessions, while payments over the phone may be fraught with security concerns and clunky workarounds.

Then you discover that virtually all the weight of PCI DSS compliance still falls on you — your chosen solutions do not, on their own, achieve compliance. This creates a world of stress and angst – changes to business processes, and new rules for agents to follow. Even then, you're not really sure if your security is watertight: there's that nagging fear of possible data breaches.

To follow our footwear analogy, it's like discovering your new ‘bargain basement’ shoes have a tongue missing, a wobbly heel and not much of a sole ... which explains the 'bargain' price.

Also, maybe the solutions you’re using don't integrate easily and so your agents are constantly flipping between screens, which frustrates staff and impacts the customer experience.

In reality, 'one size fits all' can mean one size fits no-one at all.

Finding the right fit for you
Custom payment solutions are different because they fit around your needs — with the minimum effort required on your side. They can wrap around your contact center to prevent card data entering it, descoping your environment and allowing you to manage your business without constraints. The best secure payment solutions work with your existing processes and systems, to make you PCI DSS compliant without forcing you to change or restricting your future growth. There's a price tag on this, of course, but you'll find it pays off – and then some!

Remember those machines that used to measure your feet in specialist shoe shops? The best secure payment solution providers do something similar. They'll want to understand your business footprint — all the dimensions of your payments processes — so they can offer a perfect fit first time. They'll engage with your specialists to ensure they meet your business needs and expectations from day one.

Discover more today
When it comes to choosing a PCI DSS secure payment solution, why take the risk with a ‘bargain’ offering when you can have something that is made to fit you now and in the future? If you want a secure payment solution that won't give you blisters after a few days, or fall apart after a few weeks, or start to feel tight after a number of months, then take a look at the nine things you need to know about PCI DSS compliance to stay ahead of security threats and discover the most robust solutions available today for securing contact center payments across all channels.

If you’d like to have a chat about any issues or aspects of your PCI DSS compliance then give us a call on 866 258 9297 or drop us an email at This email address is being protected from spambots. You need JavaScript enabled to view it. 

[1] Iovation and Aite Group Report

[2] Aite Group Research

About the Author

Tony Porter

Tony Porter

Head of Global Marketing Tony has over 30 years’ experience in sales, marketing and business development and currently leads these activities for Eckoh in both the US and UK markets and across all sectors. Tony’s role focuses on helping contact centers to improve their customer engagement, making them convenient and secure for consumers to use. He understands the challenges organizations face around PCI DSS compliance and how to make the Omnichannel contact center experience a satisfying reality. He is a regular speaker at events on topics such as PCI DSS, GDPR, contact center technology, IVR solutions, self-service, secure payments, marketing and business development.

Connect with us on LinkedIn

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Navigating through an online issue with a customer can be difficult when you cannot see what the customer is experiencing. But with Eckoh's co-browsing solution, contact centre agents and customers can share screens for better clarity and demonstration: bit.ly/2LZ6GzI
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Contact centres must protect customer card data — but the wrong PCI DSS strategy can hold back your business. Sometimes, only a security rethink will give you the freedom to thrive. Read more: bit.ly/34C3mjt #PCIDSS #contactcentre
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Here are a few benefits of our Knowledge Base Internal solution: ✔Agents can respond faster ✔Improves the consistency and accuracy of responses ✔Make the most of your existing knowledge assets ✔Agents can search in their own words bit.ly/2Ek8VHv #contactcentres