Rooting out telephone payment security risks

by Natalie Pleyerova on May 12, 2020

While organisations across all industries face the same challenge of earning and maintaining the trust of its customers, reputation is king particularly in the Not for Profit sector. As a charitable organisation, it’s important to be transparent about how money is used, how donations are captured, while also demonstrating the importance of data security and compliance. Following the development of consumer privacy laws and regulations across the globe, supporters are increasingly conscious of how their personal data is being transacted or stored.

PCI Pal® has worked with The Woodland Trust, the UK’s largest woodland conservation charity whose mission is to protect irreplaceable ancient woodland in the UK and restore woodland which had already been damaged, including planting new native trees. The vital work of Woodland Trust is supported by the donations of 500,000 members, and the organisation handles around 3,000 payments every year – a proportion of which is over the telephone.

Prior to partnership with PCI Pal, the supporter’s payment details were processed and erased once payment information had been taken over the phone, or a direct debit had been set up. Following the implementation of PCI Pal Agent Assist, The Woodland Trust experienced benefits such as the reduction of overall risk for staff, reduced call times by up to a minute, increased efficiency and improved communication with donors.

Since PCI Pal Agent Assist uses Dual Tone Multi-Frequency masking technology, the agents in The Woodland Trust’s contact centre no longer handle sensitive payment information. Payment card details are entered by the supporter and sent directly and securely to the payment processor. No payment card information is stored within The Woodland Trust’s systems, descoping their environment from the requirements of PCI DSS and protecting supporters’ sensitive payment card information. Additionally, the agent and the caller remain in constant communication. The supporter can converse with the contact centre staff and enter their own payment card information, while still being able to ask for help if they have any difficulty completing the process. Upon further analysis following the implementation, The Woodland Trust has managed to shave 50-hours off the time taken to process payment details over the phone, enabling the charity to use supporters’ funds even more effectively.

While compliance with PCI DSS may appear daunting, it in fact helps organisations to become more efficient: safeguarding customers’ payment card data, while protecting employees from being exposed to sensitive data and descoping this from the company’s storage systems. Visit our case study page to see more instances of how PCI Pal helps organisations tackle the PCI Compliance hurdle, or reach us directly via [email protected] for more information on how we can support your charity.