Despite the best efforts of businesses to beef up their internet security, hacks, data breaches and cyber-attacks continue to be a serious threat to their customers’ sensitive and confidential information, particularly their credit card data. Recently, 201 online stores in Canada and the U.S. fell victim to a Magecart attack which consisted of planting malicious JavaScript code that steals customers’ payment card details any time a customer uses their card to pay for something online.

Data breaches and cyberattacks occur at the rate of tens of thousands of intrusions per day and some types of businesses – like health care providers for example – are even more vulnerable and are targeted at a rate above the average.

Given this type of environment, businesses have an obligation to ensure that their security procedures meet payment card industry standards (PCI) and those that use their services have a right to expect that their payment information is being protected. Taking the necessary steps to ensure the security of their payment channels is more important now for businesses than it has ever been, both for the sake of their customer’s protection and the financial health of their businesses.

The cost of managing payment security is becoming of greater concern to organizations, as the measures to protect credit card holder information and the need to adhere to Payment Card Industry security requirements (PCI) have become a lot stricter in recent years. Keep in mind that PCI Compliance standards do NOT just apply to digital data, i.e. data that is collected online. It also applies to any methods a business may use that involves the collection of credit card information, including paper statements and payments made over the phone.

Whether a customer is speaking on the phone with a live staffer, providing their credit card information on paper, or paying electronically, PCI standards must be adhered to. For more information about PCI Compliance and how it affects businesses click here.

Securing the Pay By Phone Payment Channel

If your business is allowing customers to pay their bills over the phone by calling in and giving their credit card information to a live staffer, there are security considerations specific to this method that need to be observed. First off, how secure is the environment in which a staffer or staffers are entering payment information? Are their computer stations locked down i.e. are they only set up to be used for entering information in one spot, as opposed to people having multiple windows open to perform a variety of other tasks? Are the people entering the credit card information allowed to have their smartphones at their desk? Pens and notepads? PCI provides a complete set of guidelines specific to a live staff environment.

Businesses must realize that when their customers are calling in to pay for products and services over the telephone, they are responsible for securing their customers’ credit card information while they are collecting and transmitting this highly sensitive information. They must ensure that every information transmission point complies with PCI standards. This applies to live staff, telephone systems, software solutions, network segments and data storage as well as any wired, wireless, private and public networks. Security starts at the point where payment card information is collected whether given to an employee of your business over the telephone, a live contact center agent over the telephone or entered into an Interactive Voice Response system (IVR).

How Interactive Voice Response (IVR) Reduces or Eliminates the Need for Live Staff To Collect Credit Card information and Improves Security

Implementing a secure IVR Payment solution by a PCI Compliant service provider is one way to manage the cost of PCI Compliance effectively. A 24/7 automated IVR system simply removes the responsibility for handling sensitive credit card information from live agents. IVR technology allows customers to make bill payments over the telephone via an automated phone system, as opposed to interacting with a live person. Protecting the confidentiality of personal and financial info is one of the key advantages to be gained by installing an IVR PBP system. Not only can customers make a bill payment anytime that it’s convenient to them (even if that time is outside of normal operating hours), but by removing the need for interaction with a live person when paying their bill, your customers can feel confident that their sensitive personal information has not been compromised.

Taking Action

Taking the necessary steps to ensure payment channel security benefits both businesses and their customers. For customers, they get the convenience of being able to pay for services 24/7 in a secure, PCI Compliant environment. For businesses and other types of organizations they are less vulnerable to data breaches and the bad publicity that often results, in addition to the significant financial consequences in the form of fines, extra related fees and lost business.