The PCI Compliance Challenge for Local Authorities

Any organisation that handles card payments over the phone needs to comply with the PCI DSS – a set of 12 binding requirements, designed to ensure complete data protection for organisations that handle payment cards.

This includes ensuring no payment card information is stored, in addition to having no manual intervention to capture card details verbally during a call.

This poses a significant challenge for many organisations that are required to record telephone calls for compliance purposes. Regulatory bodies and local authorities are no exception.

For councils, handling thousands of financial transactions every month is an important task.  As well as face to face, by postal cheques or direct debits, telephone-based payments continue to be a popular choice and one that councils need to offer to those living in their town, district or borough.

The difficulty arises however when payment solutions need to not only be accessible, but compliant with telephone payment security guidelines to ensure payments are handled in the most secure way. With data breaches regularly reported in the media, local authorities would not want to be exposed by non-compliance or data breaches.

At present many local authorities are heavily reliant on customers paying through Interactive Voice Response (IVR) systems, which are automated systems that allow a computer to recognise and process both speech and DTMF telephone keypad tones. While IVRs help to reduce call handling times and can provide an out-of-hours payment option, they also add another layer of friction to the checkout process which results in higher levels of dropout.

When customers are paying a car parking fine or similar, adding automation at a time when the customer may be frustrated or reluctant to pay can also exacerbate the problem. Simplifying this process reduces dropped call rates.

Councils are looking at ways to make call handling as efficient as possible, while providing a quality experience to the person at the end of the line.  The use of IVRs are becoming less popular as people are often uncomfortable being transferred elsewhere to provide payment card details, or they may not understand how to provide their details using an automated system.

The preferred solution is taking payments whilst keeping the customer on the phone, however historically there have been PCI Compliance issues with this approach as agents are exposed to customers’ sensitive card data, which creates a potential risk.

With customers from every walk of life – from young to old, those who are familiar with technology and those who aren’t – councils need to identify a payment solution that is seamless, and where its trained customer service team can fully assist customers for an improved service, and to ensure payments are taken securely.


How PCI Pal solves the PCI compliance issue

Agent Assist fills the gap for those local authorities who are looking for an answer to the ‘customer service / payment security’ conundrum.

It enables councils’ contact centre agents to take card payments securely, while maintaining an open dialogue with the customer.   It does this by using DTMF (dual-tone multi-frequency) masking technology, so customers simply enter the card number details using their telephone keypad. Information is then processed without the agent seeing or hearing any card details and without the need for the call to be placed on hold or diverted.

This eliminates the need to transfer calls away from the council’s agents meaning they are able to stay on the line to support customers in completing the transaction.

It also means that councils can continue using call recording software, which may have required pausing if people were providing card payment details over the phone.


The advantages

In conclusion, contact centre staff can handhold customers through the payment process, yet the local authority is fully PCI Compliant.

We have also seen Agent morale receive an unexpected boost, as customers find the payment process straightforward, so agents do not have to deal with unhappy customers who are trying to navigate automated payment systems without success.

When you bring it all together, it means less dropped calls, reduced call lengths, more payments being processed in a timely fashion and, overall, an improved customer experience.

The post The PCI Compliance Challenge for Local Authorities appeared first on PCI Pal.

*** This is a Security Bloggers Network syndicated blog from Knowledge Centre – PCI Pal authored by Stacey Richards. Read the original post at:

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)