Contact centers like those at airlines, travel agencies, healthcare providers, and others that process payments, all face new and unprecedented challenges stemming from the Coronavirus Pandemic. Millions of contact center agents across the globe work from home and face a myriad of fresh security issues.
Contact center employees and management (pre-pandemic) had grown accustomed to the safeguards of a physical office like advanced firewalls. Today, there is a heavier reliance on VPNs or virtual private networks. The most critical element, which has not changed, however; there remain high levels of payment activity, according to PCI Pal’s Chief Revenue Officer, Darren Gill.
“Folks still need to pay off loans, their rent, utilities, and there are a lot of business implications of having secure payments.”
So, how to tackle such a pressing quagmire; one that could impact a company’s reputation, while adhering to consumer data compliance regulations?
Gill told me that the provider of secure cloud-based payment solutions – has seen significant growth throughout the pandemic – boasting some impressive figures.
According to the secure payment provider’s latest financial earnings, it has seen a lot of momentum in North America, with Gill noting it continues to build. PCI Pal’s revenue shot up by 279%, and today, North America makes up 26% of its revenue.
Its recurring revenue now sits at 88% of revenue in 2020. I also learned the PCI Pal signed 195 new sales contracts in the year 2020. And that 78% of its new sales contracts were generated by channel partners. It is clear that business is booming for the secure payment provider, but the question is why?
Filling the CCaaS Payment Gap
The simplest answer is that these solutions work to complement CCaaS offerings. According to Gill, up to sixty percent of those in the contact center market and who deliver customer service, take credit card payments. This statistic alone can work to demonstrate a clear need for a service like PCI Pal.
It also prompted me to want to better understand how PCI Pal keeps CCaaS providers like Five9 and Talkdesk on the bleeding edge of secure payment processing. He said that the pair have long had reason to coexist, but the COVID-19 Pandemic gave decision-makers a greater sense of urgency to update some of the methods used for payment processing, adding:
“Payment security has been climbing its way to the top of contact center priority lists, and since the onset of the Pandemic, it is an even bigger focus for decision-makers.”
We all remember giving our credit card number or social security number over the phone to an agent and feeling uneasy about it. Thankfully this is no longer acceptable in most scenarios; as it is not PCI compliant. I will focus on what IS PCI compliant in a later section of this article.
As recording for quality assurance is usually in place, what has become widely accepted is the pause and resume call recording method.
“This ensures any sensitive information doesn’t get recorded, but the agent still hears the sensitive data – which was less of an issue in supervised contact center environments.”
With COVID-19, that reality has changed as there is no supervision or cameras to curb such occurrences. Although likely rare, there are undoubtedly some bad actors, and weeding them out of organizations is warranted. Gill told me that the pause, resume method is standard for many omnichannel contact center solutions. But it is not reliable.
“An agent should be able to say to a caller, please enter your credit card info using the touch-tone phone.”
In essence, this is one of the many ways a company like PCI Pal keeps customer data safe. That information gets masked so agents can only hear flat tones.
“We found it to be a lot less personable and effective is when agents transfer customers to an IVR. It is not such a great customer experience.”
PCI Pal’s goal, to keep the agent and caller in constant contact and to secure data. Agents then learn if payment is confirmed approved or declined, with no card data ever getting exposed to the agent.
Easy Access through Cloud Marketplaces
Gill shared with me that PCI Pal is; what he called: ‘highly integrated into most of the market’s CCaaS solutions, vendors like 8×8 and its Secure Pay solution. 8×8 white labels the product, which further showcase PCI Pal’s many routes to market in the CCaaS space. It is also available via various marketplaces, including Genesys AppFoundry.
“We want to make it easy for customers to consume our offering as a part of their CCaaS solution,” Gill concluded.
And PCI Pal recently added support for Amazon Connect along with AWS Marketplace.
The Issue of Contact Center Compliance
In 2006, five of the world’s top credit card and payment processing companies put together the set of standards to help those in the industry self-regulate. The Payment Card Industry Data Security Standard (PCI DSS) has six overarching objectives, all areas PCI Pal tackles in some way shape or form:
- To ensure a secure network which could mean that companies that leverage CCaaS solutions to process customer payments that store sensitive cardholder info – must ensure that network is set up with robust firewalls and strict security protocols for maximum security.
- To ensure cardholder data kept on a company server are encrypted.
- Software must be secure and antivirus software is an essential part against protecting the threat of intrusion, which has also seen a sizable uptick in use during the pandemic along with VPNs.
- Companies have to restrict access to sensitive data to a (need-to-know-basis).
- And monitoring the network; well, that is key to ensuring constant compliance.
- There must also be a company-wide security policy put in place, one that is ideally followed.
PCI Pal, I learned, more recently formed the PCI Pal Advisory Committee (“PAC”) a group that includes payments/cyber-security expert Neira Jones. Along with countless other changes to the business during the pandemic – PCI Pal also welcomed a new Chief Technology Officer, Mufti Monim.
He joined the team back in April 2021 from retail finance cloud technology provider, Deko.