Is call center compliance an issue for your business? Compliance regulations are constantly changing to meet new standards, and many organizations spend significant resources to stay compliant. According to Verizon’s 2019 Payment Security Report, globally only 36.7% of businesses are PCI compliant; in the Americas, only 20.4% meet PCI standards.
Yet despite these challenges, technological advances are making call center compliance easier than it’s ever been.
The Compliance Challenges Call Centers Face
Once a call center agent asks for personal data, such as card details or bank transaction information, the business is responsible for protecting that data in motion and at rest. The reality is, many contact centers are failing customers when it comes to data protection.
One survey of 500 contact center agents found that 72 percent collect card information or social security numbers by asking customers to read the number out loud. Thirty percent reported having access to customers’ card information or other sensitive data, even though they weren’t on the phone with that customer. These high-risk practices can lead to data breaches, identity theft and fraud. Businesses who fail to comply with PCI-DSS and NACHA standards can face stiff fines or lose certain privileges.
What the Rules Say About Customers’ Payment Data
There are two primary sets of rules and regulations your call center has to follow when handling sensitive customer data. Whether you’re outsourcing contact center services or have in-house agents, making sure your business is compliant is your responsibility.
- NACHA (National Automated Clearinghouse Association) Rules govern all ACH payments. All sensitive data, including bank account numbers and routing numbers, have to be encrypted when sent, received, or stored. It’s also your responsibility to ensure routing numbers are valid.
- PCI-DSS (Payment Card Industry Data Security Standard) regulations require encryption and other protective measures for cardholder data.
New Technologies Simplify Compliance
Use these payment innovations to accept payments without putting sensitive data at risk.
1. Pay by Text Message
Instead of taking card data over the phone, a call center agent can send a push notification to the customer’s phone. From there, the customer can enter their card details and complete the payment with a secure transaction.
With pay by text, customers aren’t sharing card information with the agent, so there’s no need to encrypt cardholder data to ensure call center compliance. This is an effective way to take remote payments while reducing compliance scope, a win-win for businesses and consumers.
2. Interactive Voice Response
IVR allows the customer to interact with pre-recorded voice prompts when paying a bill rather than a call center representative. As with using push to text technology, with IVR, there’s a layer of technology in between the customer and the call center agent. And as long as card data is masked, the call center agents are shielded from receiving sensitive data over the phone.
Here’s how using IVR for secure payments works:
- The customer dials into your contact center using a customer service or bill payment number.
- If a live agent answers, they can redirect the call to your integrated IVR technology. From there, the customer will be prompted to enter their card details through their phone keyboard.
- With IVR, your customers can also make after-hours payments. IVR can service customers around the clock, giving them the opportunity to pay their bill securely at any time.
3. Digital Authorizations for Autopay
What happens when a customer prefers ACH payments?
It’s still possible to accept payment info without involving your call center agent by using digital authorizations. This type of technology works with recurring ACH transaction payments.
Here’s how it works:
- The customer calls to set up recurring payments through your autopay feature.
- Then, the agent pushes an authorization notification to the customer’s phone, or to their email.
- The customer inputs their bank account and routing details via their phone or an encrypted email.
4. AI-Powered Fraud Systems
Maintaining call center compliance involves ensuring the person entering the payment info is using their own financial details. Some call centers rely on AI technology to detect anomalies that could indicate an instance of fraud.
An AI-powered fraud system can reject flagged payment methods, identify payment info that should be flagged, and take other real-time actions intended to reduce fraud risk.
A Platform that Enhances Compliance
Consider using these technologies to add a layer of protection for your customer’s data. Call center compliance is more vital today than ever. As a result of the COVID-19 crisis and more people staying home, call center volume has increased for banks, lenders, and other businesses.
Customers expect to be able to continue having a seamless experience with your business – just without in-person interactions. This means more over-the-phone and digital payments, and more contact center questions as customers try new transaction methods they may not have been using before the coronavirus.
Integrating call center technology with the right payments platform can also help your business maintain compliance. PayNearMe is PCI-DSS certified. It also comes with real-time account validations and risks analysis to reduce fraud, as well as push to pay, IVR technology, and digital authorizations for ACH transactions.
Learn how the platform can help to reduce or eliminate the burden of compliance requirements for your business. Request a demo today.