Pause-and-resume recording is quickly becoming a legacy solution that no longer efficiently serves the purpose it was designed for, namely to facilitate and ensure Payment Card Industry Data Security Standards (PCI DSS) compliance in the contact centre.
Technology has matured over time, thus rendering pause-and-resume to be an antiquated process compared with newer solutions that reduce fraud exposure and PCI DSS compliance costs, while improving customer service & confidence.
Nevertheless, 59 percent of contact centres still use pause-and-resume as their primary response to credit card security concerns. So, for those organisations still making the best of an antiquated solution, we’ve laid out the five reasons why pause-and-resume payment processing puts the call centre, PCI compliance, and the customer at risk, and why you should consider more effective solutions.
- Manual pause-and-resume is unreliable
Just over half of the contact centres that still use pause-and-resume, deploy it using manual processes. Considering that contact centre agents are focused on the customer and customer service, even the best agents will occasionally divert their attention away from an exacting pause-and-resume process. The impact on PCI DSS compliance is obvious, as the whole recording solution is dragged back into scope every time human error occurs as credit card numbers get captured in call logs. That makes manual pause-and-resume an unsatisfactory solution. Fortunately, there are alternatives that can integrate with legacy solutions, positively impact workflow, and ensure that your agents are serving customers without the risks associated with handling sensitive credit card data.
- Automated pause-and-resume is often complex and costly
Automatically pausing call recording, for example when an agent opens a payment page, does not guarantee that the customer will find their payment information and present their details in the allotted “pause” time. If “resume” starts recording again, then the call and PCI DSS compliance may be compromised. This means an automated pause-and-resume solution doesn’t always prevent sensitive card data from being recorded or stored. Of course, that leads to other process requirements to cleanse the recording and protect stored card data. Automated pause and resume is often complicated and relatively costly to deploy, with much more cost effective solutions now available which facilitate compliance while also preventing card capture in call recordings and downstream systems.
- Agents remain exposed to credit card data
Unfortunately, pause-and-resume solutions don’t prevent agents from hearing the customer’s credit card details, and “paused” recording can make it easier to engage in malicious activities off the record. This can be problematic for call centre environments, and is especially troublesome given the growth of work-at-home agents. Turning off or pausing call recording may also have negative regulatory, governance and training implications. Customer interaction through the call centre is part of the brand experience, and it seems more prudent for companies to have agents focusing on servicing customers rather than thinking about security and PCI DSS compliance on each and every call. Integrated technology solutions are now available which prevent agent exposure to sensitive data, and allow them to focus on customer services, sales and support.
- Screen capture processes remain in scope for PCI DSS
For reasons ranging from quality assurance to regulatory requirements, many call centres use screen capture technology during calls. Screen captures fall within the scope of the PCI DSS requirements and all networks ‘connected to’ workstations displaying cardholder data are in scope, therefore screen capture processes pull systems and processes into the scope of PCI security compliance. In addition to which any time credit card data is displayed on screen, there is a risk of fraud be it via printing, photos and/or agents manually writing card details down.
Advanced services such as IP Solutions AgentSecure service can prevent credit card data from entering the call centre environment while still allowing credit card payments to be processed quickly and efficiently, as such existing screen capture process will no longer scrape sensitive card data within the process.
- Contact Centre Agents no longer need to fall under the ‘need to know’ category
The Payment Card Industry Data Security Standards (PCI DSS) requirements state companies must limit access to credit card data to only those individuals whose job requires such access i.e. on a need to know basis.
Now that cloud based services are available in Australia, which enable contact centre agents to securely process credit card payments in real time without being exposed to credit card data, the previously held belief that agents need to hear credit card details to process payments and service customers is no longer valid. With IP Solutions AgentSecure service, agents have no exposure to credit card data, and the agents’ communication channel with the customer remains open and the highest levels of customer service are maintained throughout the payment process.
Pause & Resume solutions do not adhere to the principle of “restricting access to card data on a need to know basis” as more advanced services are now available which can eliminate agent exposure to credit card data entirely.
Watch a short video to learn how more advanced solutions will protect your staff and secure your payment processes, in line with the PCI DSS compliance standards.
And there you have it. Pause-and-resume recording has had its day and it’s time contact centres considered more secure, customer centric processing solutions that improve customer service & payment security while opening the potential to improve customer service, cash flow and average call handling times.
Don’t Be The Next Headline, Find Your Unprotected Credit Card Data Before The Criminals Do!