Reduce PCI Compliance Scope with These Three Payment Strategies
With the work-at-home economy gaining ground, many consumer lending organizations are increasingly relying on remote call centers to handle inbound payments and collections.
Lenders operating call centers may find their teams are busier than ever as in-person interactions decrease and customer service requests continue to rise. Unfortunately, an increase in phone-based payments can create PCI compliance issues for call centers.
When it comes to remote PCI compliance, the best option available is to reduce your compliance scope and take less card payments over the phone. The below guide defines a three-point strategy that you can implement to minimize risk while streamlining PCI compliance.
The Problem with Card Payments by Phone
Card payments made over the phone are a significant point of concern for both businesses and consumers worried about data security. All sensitive card data must be protected in transit and at rest–for example, if your team is required to record calls, it’s critical to ensure card numbers aren’t recorded.
This requires call center agents to adhere to strict rules regarding card acceptance over the phone. It also demands significant technological investment, for example, the installation, and maintenance of specialized software to combat fraud, as well as regular audits of compliance protocols. All of this becomes significantly more challenging when dealing with work-from-home or remote call center agents.
The PCI Security Standards Council, the organization that develops and manages PCI compliance guidelines, has set forth strict recommendations for secure transactions via phone. The information supplement “Protecting Telephone-based Payment Card Data” highlights critical points for consideration, including:
- Processes: Organizations need to support security objectives by putting in place transparent, streamlined processes. For example, the organization might ban devices used to record data from the call center environment.
- Technology: Find solutions to minimize unauthorized access to personal account data whenever possible. This could include adding multi factor authentication for remote and home-based workers.
- People: Finally, it’s imperative to create an organizational culture of security. Information should be shared primarily on a “need to know” basis, for instance.
3 Payment Strategies to Reduce Your PCI Compliance Scope
Although you can certainly implement such steps to ensure PCI compliance, this requires an immense investment of time, energy, and financial resources. A more straightforward approach to reducing PCI compliance scope is to minimize the number of cards taken over the telephone.
Divert to these alternative payment strategies.
Push SMS and Email Links to Customers
Instead of having agents take payments directly over the phone, encourage them to push secure payment links directly to the customer via text message or email. This way, the card number is never spoken over the phone, and the live agent can still assist the customer in the process.
PayNearMe allows agents to send a text or email with a single click. They can even stay on the phone with the customer, talking them through the process in real time, while the customer goes through the motions on their screen in the privacy and comfort of their own home.
This doesn’t just reduce your PCI security scope. It also puts you at the cutting edge of the modern payments industry. Deloitte projects the volume of digital payment vehicles will continue to grow worldwide. Payments companies are expected to collaborate more closely with software-as-a-service (SaaS) providers focused on serving niche industries, e.g., college students or restaurants.
Redirect Calls to IVR
Another way to circumvent telephone transactions is to redirect inbound payment calls to an interactive voice response system (IVR). Amend your processes so that when a customer calls, the IVR system is the first point of contact. They may not need to speak with a customer service representative at all.
Additionally, encourage your agents to redirect any card payments back to the IVR consistently. This way, you reduce the PCI scope (and your liability) immensely by simply removing agents from the equation when taking card payments.
PayNearMe offers a dynamic IVR service for bill pay, allowing you to redirect traffic easily. You also get the added advantage of being able to serve customers around the clock.
The system includes customizable prompts, which you can adapt to your precise needs, and bilingual options in English and Spanish. IT setup is minimal, as you just need to route your phone number with this turnkey solution.
Turn to QR Codes
A quick response or QR code is an easy way to include personalized payment links on your printed bills. Your customers can scan a QR code with their mobile phone cameras to be immediately redirected to a predefined website via their device.
This eliminates the need for the customer to pick up the phone at all. The end consumer saves time and hassle while your call center team is alleviated. You not only reduce PCI compliance as a whole, but you may also be able to reduce call center costs and alleviate long wait times.
Again, when you go this route, you aren’t just reducing the PCI compliance burden. You are also getting ahead of the game in terms of tech trends. Mobile banking is on the rise, and people are becoming more accepting of mobile payment methods as they adapt to this new mobile-first reality.
Reduce PCI Compliance Scope with PayNearMe
We know how difficult and costly PCI compliance can be. We are dedicated to helping you reduce your PCI compliance scope with our suite of innovative payment features.
Request a demo today to learn more.