Dealing with PCI Compliance When Capturing Card Details Dealing with PCI Compliance When Capturing Card Details

If you work in a contact centre that deals with payments over the phone, you’re probably aware of the restrictions around being PCI compliant. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that companies that accept, process, store or transmit credit/debit card information maintain a secure environment.

PCI DSS rules restrict the physical access to a customer’s sensitive data and also ensures that security software is kept up to date and security systems are regularly tested, in a bid to make shopping over the phone as safe as possible for consumers.

Whilst compliance with the PCI rules is compulsory for the protection of the customer, it can potentially be detrimental to the customer experience you provide within your business, and could even leave consumers underwhelmed by the quality of your customer service. PCI rules can’t be avoided, so here are some tips to make your customer service standards remain high whilst still being PCI compliant:


Tell the customer what is about to happen

To restrict physical access to a customer’s payment details, customers may be transferred to an automated system, allowing them to enter their card details securely. If a customer has been speaking to an agent for some time, suddenly being sent to an automated system might take them by surprise. Ensure your agent explains that they are about to go through to an automated system to enter their payment details, why this is happening, and what they need to do.

Return the customer to the agent after they have entered their payment details

Being sent to an automated system may leave some customers feeling lost without the agent to guide them through the process. Overcome this by returning the customer to the same agent they were speaking to before the automation to let them know that their payment has gone through successfully and to thank them for their custom.

Use one-sided recording during payment

As calls are recorded in contact centres to monitor the service your agents are providing, the data captured from recording calls can be critical to helping you improve customer service quality amongst agents. Pausing and restarting the recording of calls can damage the quality of data captured, and therefore hinder the quality improvement process. Using one-sided recording (where only the agent, not the customer is being recorded) during payment prevents the need to stop and start recordings, whilst also complying with PCI.

Train your staff on PCI compliance

PCI compliance can be complex, and the rules can prevent agents being able to do certain things for the customer. An agent may be able to view a customer’s details, but not update or delete them because that authority is reserved for supervisors. If a customer asks to change their payment details, it is important that the agent is able to explain why this can’t be done there and then, and avoid saying “I don’t know”. PCI is there to protect customers, so it is important that agents understand why rules need to be followed, and the consequences if they are not followed.

We hope you found these tips helpful. For more information on PCI compliance, please call 0800 088 7899

Take a look at our recent post

Get fresh updates on email

We'll never share your email address and you can opt out at any time, we promise.