Data Breaches and Cyber-attacks Highlight the Need for Securing All Payment Channels

Despite the best efforts of businesses to beef up their internet security, hacks, data breaches and cyber-attacks continue to be a serious threat to their customers’ sensitive and confidential information, particularly their credit card data. Recently, 201 online stores in Canada and the U.S. fell victim to a Magecart attack which consisted of planting malicious JavaScript code that steals customers’ payment card details any time a customer uses their card to pay for something online.

Data breaches and cyberattacks occur at the rate of tens of thousands of intrusions per day and some types of businesses – like health care providers for example – are even more vulnerable and are targeted at a rate above the average.

Given this type of environment, businesses have an obligation to ensure that their security procedures meet payment card industry standards (PCI) and those that use their services have a right to expect that their payment information is being protected. Taking the necessary steps to ensure the security of their payment channels is more important now for businesses than it has ever been, both for the sake of their customer’s protection and the financial health of their businesses.

The cost of managing payment security is becoming of greater concern to organizations, as the measures to protect credit card holder information and the need to adhere to Payment Card Industry security requirements (PCI) have become a lot stricter in recent years. Keep in mind that PCI Compliance standards do NOT just apply to digital data, i.e. data that is collected online. It also applies to any methods a business may use that involves the collection of credit card information, including paper statements and payments made over the phone.

Whether a customer is speaking on the phone with a live staffer, providing their credit card information on paper, or paying electronically, PCI standards must be adhered to. For more information about PCI Compliance and how it affects businesses click here.

Securing the Pay By Phone Payment Channel

If your business is allowing customers to pay their bills over the phone by calling in and giving their credit card information to a live staffer, there are security considerations specific to this method that need to be observed. First off, how secure is the environment in which a staffer or staffers are entering payment information? Are their computer stations locked down i.e. are they only set up to be used for entering information in one spot, as opposed to people having multiple windows open to perform a variety of other tasks? Are the people entering the credit card information allowed to have their smartphones at their desk? Pens and notepads? PCI provides a complete set of guidelines specific to a live staff environment.

Businesses must realize that when their customers are calling in to pay for products and services over the telephone, they are responsible for securing their customers’ credit card information while they are collecting and transmitting this highly sensitive information. They must ensure that every information transmission point complies with PCI standards. This applies to live staff, telephone systems, software solutions, network segments and data storage as well as any wired, wireless, private and public networks. Security starts at the point where payment card information is collected whether given to an employee of your business over the telephone, a live contact center agent over the telephone or entered into an Interactive Voice Response system (IVR).

How Interactive Voice Response (IVR) Reduces or Eliminates the Need for Live Staff To Collect Credit Card information and Improves Security

Implementing a secure IVR Payment solution by a PCI Compliant service provider is one way to manage the cost of PCI Compliance effectively. A 24/7 automated IVR system simply removes the responsibility for handling sensitive credit card information from live agents. IVR technology allows customers to make bill payments over the telephone via an automated phone system, as opposed to interacting with a live person. Protecting the confidentiality of personal and financial info is one of the key advantages to be gained by installing an IVR PBP system. Not only can customers make a bill payment anytime that it’s convenient to them (even if that time is outside of normal operating hours), but by removing the need for interaction with a live person when paying their bill, your customers can feel confident that their sensitive personal information has not been compromised.

Taking Action

Taking the necessary steps to ensure payment channel security benefits both businesses and their customers. For customers, they get the convenience of being able to pay for services 24/7 in a secure, PCI Compliant environment. For businesses and other types of organizations they are less vulnerable to data breaches and the bad publicity that often results, in addition to the significant financial consequences in the form of fines, extra related fees and lost business.

We’re Here to Help

What our clients are saying about us

“Never any issues with you guys! Things just work.”

Gerry Henstra, CEO, Henstra Business Solutions

“Customer service is a really big deal to us, and I am glad to do business with a company that obviously takes it as seriously as we do.”

Jeff Boatman, Global Client Solutions

“We’re happy with the IVR Payment system and it has been working well for us. Recently we also setup your newest SMS (text) receipts and found it to work great.”

IT Manager

“I want to command you and your team at Datatel on the job just completed for Tele-Response Center. The attention to detail and professionalism with which you approached the project was exemplary and greatly appreciated especially considering the several applications that needed to be implemented on short notice. Thanks again for your assistance getting this project off the ground so smoothly.”

Joe Grossman, Sr. Vice President, 121 Direct Response

“My team and I would like to commend Datatel on creating an IVR application that adds great value to our new Travel product. Your knowledge, input and expertise in IVR scripting, call flow management and overall IVR logistics made the development and implementation stages extremely easy to manage. Thank you for a well executed campaign that was launched on time and on budget.”

Ryan McCullough, Marketing Manager, Aegon Direct

“Great team to work with. I look forward to utilizing some additional capabilities in the future.”

Bob Griffin, VP of Operations, MedA/Rx

“We are very grateful for many years of mutually beneficial business relationship with Datatel and for impeccable customer service we have received during these years.”

Director of Student Accounts

“We, Standard Life, very much appreciated Datatel’s expertise, knowledge and support as we worked through the development and implementation stages. Our Clients appreciate the simplicity of the capability, while gathering very valuable feedback. Thanks for making this a very positive experience.”

Anne Pennell, VP, Customer Services Operations, Standard Life

“This was one of the best implementations I have been a part of. The communication was excellent and everything was responded to and dealt with swiftly. A real pleasure. We are looking forward to the impact this will have on our patient payments! Thank you!”

Kim Pace, Director Patient Accounts and Revenue, Chatham-Kent Health Alliance