Geoff Forsyth 13 March 2019

Handling telephone payments – is your council compliant?

Handling telephone payments – is your council compliant? image

At every council across the country, payments for services are handled in a number of ways; face to face, direct debit, online and over the phone.

When handling payments over the phone, it is important to be aware of the rules around handling sensitive card payment details to make sure your organisation is compliant with the payment card industry rules, but to also reduce the overall risk resulting from a data hack in the future.

Sadly, in today’s modern world, significant data breaches are all too common and so it is important that councils safeguard contact centres to mitigate the related risks.

In a recent survey conducted by PCI Pal, over 2,000 people were polled and almost a third said that they feel that government organisations or departments are ‘the least secure or most prone to a data breach’, demonstrating that trust certainly needs to be built in this area.

With this in mind, here are some tips to consider on securing incoming payments to provide the assurances that consumers are today asking for:

1. Firstly, what is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations that handle payments by debit or credit card. It was created by the Payment Card Industry Security Standards Council (PCI SSC), which is a conglomerate of the five major card brands globally, namely Visa, Mastercard, American Express, Discover, and JCB.

The PCI DSS was created to reduce the amount of card fraud globally, due to mishandling of the sensitive data associated with payment cards. It is a set of 12 standards for merchants and service providers on how they handle this data while taking payments either for themselves or third parties.

2. Descope your contact centre

Payment card data is the ultimate prize for hackers, so the first step is to identify how to stop your organisation from being on a target list. Rather than trying to keep hackers out, instead focus on encrypting your data and, where possible, ensure there is no data for them to take in the first place.

If de-scoping technologies are used for payments handled via a contact centre, sensitive payment card data never enters the enterprise and therefore the risk is removed.

It also means your organisation is compliant with the PCI DSS, which ultimately improves the ongoing security of all telephone, IVR, web and SMS financial transactions.

3. Remove outdated ‘pause-and-resume’ controls

In a whitepaper we recently produced with Verizon, it examined contact centre challenges in achieving sustainable PCI DSS compliance. We found that 60% of organisations are still using outdated ‘pause-and-resume’ technologies to avoid storing sensitive data on telephone call recordings.

Instead, consider switching to using modern Dual Tone Multi Frequency (DTMF) masking technology; it prevents contact centre agents from handling any payment card data, as instead payment details are keyed in to the customer’s telephone keypad, avoiding any information from being verbally shared.

This also means calls no longer need to be routed to a payment card system, meaning the agent can continue speaking with the customer while they make the payment, improving the overall experience.

4. Look to the cloud

By opting for PCI compliance solutions that are available via the cloud, there is no requirement to integrate card payment software directly into your organisation’s desktop environment. Instead, via smart cloud-based integrations with existing telephony and payment infrastructures, the process is seamless and creates no additional IT burden or management.

5. Assess your people processes

According to the PCI Security Standards Council, people typically represent one of the highest risks when it comes to the security of data, whether intentional or accidental. For example, compromises can originate from inside an organisation from any person who handles calls or may have access to systems and processes where telephone-based payment transactions are managed.

Remove this layer of risk by not exposing your staff to payment card details, when handling transactions over the phone.

Geoff Forsyth is CTO of PCI Pal

SIGN UP
For your free daily news bulletin
Highways jobs

Senior Practitioner - Family Support & Protection Team

Essex County Council
Up to £237 per day + Umbrella
To hold and sustain a caseload consisting of the most sensitive, "complex and difficult" cases to which the post holder is able to bring to bear the highest standards of professional ability and a considerable depth of knowledge in relevant legislation in England, Essex, Basildon
Recuriter: Essex County Council

Assessment & Commissioning Officer

Kirklees Metropolitan Council
£34,728 - £36,922 per annum
We are looking for a SEND Assessment and Commissioning Officer to play a key role in improving the outcomes for... Kirklees, West Yorkshire
Recuriter: Kirklees Metropolitan Council

Placement Officer

Kirklees Metropolitan Council
£23,080 - £24,491
This job will appeal to you if you like the buzz of a busy team and have a genuine interest in ensuring children and... Kirklees, West Yorkshire
Recuriter: Kirklees Metropolitan Council

Social Worker - Children and Families Hub

Essex County Council
Negotiable
In Essex County Council we are "Serious about Social Work". We have invested in our workforce and created a positive environment for our social wor England, Essex, Colchester
Recuriter: Essex County Council

East Berkshire – Joint Director of Public Health

Bracknell Forest Borough Council
£110,000 to £120,000
Lead a unique new Public Health Network Berkshire
Recuriter: Bracknell Forest Borough Council

Public Property

Latest issue - Public Property News

This issue of Public Property examines how how flexible workspaces can lead the way in regeneration for local authorities, Why local authority intervention is key to successful urban regeneration schemes and if the Government’s challenge of embracing beauty is an opportunity for communities.

The March issue also takes a closer look at Blackburn with Darwen Council's first digital health hub to help people gain control over health and care services.

Register for your free digital issue