Geoff Forsyth 13 March 2019

Handling telephone payments – is your council compliant?

Handling telephone payments – is your council compliant? image

At every council across the country, payments for services are handled in a number of ways; face to face, direct debit, online and over the phone.

When handling payments over the phone, it is important to be aware of the rules around handling sensitive card payment details to make sure your organisation is compliant with the payment card industry rules, but to also reduce the overall risk resulting from a data hack in the future.

Sadly, in today’s modern world, significant data breaches are all too common and so it is important that councils safeguard contact centres to mitigate the related risks.

In a recent survey conducted by PCI Pal, over 2,000 people were polled and almost a third said that they feel that government organisations or departments are ‘the least secure or most prone to a data breach’, demonstrating that trust certainly needs to be built in this area.

With this in mind, here are some tips to consider on securing incoming payments to provide the assurances that consumers are today asking for:

1. Firstly, what is PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organisations that handle payments by debit or credit card. It was created by the Payment Card Industry Security Standards Council (PCI SSC), which is a conglomerate of the five major card brands globally, namely Visa, Mastercard, American Express, Discover, and JCB.

The PCI DSS was created to reduce the amount of card fraud globally, due to mishandling of the sensitive data associated with payment cards. It is a set of 12 standards for merchants and service providers on how they handle this data while taking payments either for themselves or third parties.

2. Descope your contact centre

Payment card data is the ultimate prize for hackers, so the first step is to identify how to stop your organisation from being on a target list. Rather than trying to keep hackers out, instead focus on encrypting your data and, where possible, ensure there is no data for them to take in the first place.

If de-scoping technologies are used for payments handled via a contact centre, sensitive payment card data never enters the enterprise and therefore the risk is removed.

It also means your organisation is compliant with the PCI DSS, which ultimately improves the ongoing security of all telephone, IVR, web and SMS financial transactions.

3. Remove outdated ‘pause-and-resume’ controls

In a whitepaper we recently produced with Verizon, it examined contact centre challenges in achieving sustainable PCI DSS compliance. We found that 60% of organisations are still using outdated ‘pause-and-resume’ technologies to avoid storing sensitive data on telephone call recordings.

Instead, consider switching to using modern Dual Tone Multi Frequency (DTMF) masking technology; it prevents contact centre agents from handling any payment card data, as instead payment details are keyed in to the customer’s telephone keypad, avoiding any information from being verbally shared.

This also means calls no longer need to be routed to a payment card system, meaning the agent can continue speaking with the customer while they make the payment, improving the overall experience.

4. Look to the cloud

By opting for PCI compliance solutions that are available via the cloud, there is no requirement to integrate card payment software directly into your organisation’s desktop environment. Instead, via smart cloud-based integrations with existing telephony and payment infrastructures, the process is seamless and creates no additional IT burden or management.

5. Assess your people processes

According to the PCI Security Standards Council, people typically represent one of the highest risks when it comes to the security of data, whether intentional or accidental. For example, compromises can originate from inside an organisation from any person who handles calls or may have access to systems and processes where telephone-based payment transactions are managed.

Remove this layer of risk by not exposing your staff to payment card details, when handling transactions over the phone.

Geoff Forsyth is CTO of PCI Pal

For your free daily news bulletin
Highways jobs

Head of Highways & Transport

City of York Council
£58,568 - £66,923 per annum
This is hugely exciting time to join the Council in this new role as the strategic lead for our Highways and Transport service. York, North Yorkshire
Recuriter: City of York Council

Youth & Community Based Commissioner

Essex County Council
£19308 - £19631 per annum
Youth & Community Based Commissioner Permanent, Part Time £19,308 to £19,631 per annum (FTE) Location
Recuriter: Essex County Council

Social Worker - Family Support & Protection Team

Essex County Council
Up to £207 per day + Umbrella
Family Operations delivers direct provision of services relating to vulnerable children, young people and complex families. These services will be del England, Essex, Harlow
Recuriter: Essex County Council

District Youth and Community Commissioner in Training

Essex County Council
£25313 - £28001 per annum
District Youth and Community Commissioner in Training Permanent, Full Time £25,313 - £28,001 Per Annum Location
Recuriter: Essex County Council

Social Worker - Early Intervention Team

Essex County Council
Up to £207 per day + Umbrella
*** This is a temporary position to start as soon as possible based at Colchester Hospital ***About the RoleWorking to support adults, and their famil England, Essex, Colchester
Recuriter: Essex County Council

Public Property

Latest issue - Public Property News

This issue of Public Property examines how how flexible workspaces can lead the way in regeneration for local authorities, Why local authority intervention is key to successful urban regeneration schemes and if the Government’s challenge of embracing beauty is an opportunity for communities.

The March issue also takes a closer look at Blackburn with Darwen Council's first digital health hub to help people gain control over health and care services.

Register for your free digital issue