Interview with John Greenwood, Head of Technology & PCI Compliance.
As many businesses are forced into homeworking, the need for remote access to internal systems to enable home-based agents to provide a full service has never been higher.Companies who can adapt quickly will improve their chances of long-term survival, emerging from this crisis with higher customer satisfaction and lower attrition rates.
We spoke to our very own John Greenwood, lead contributor to the PCI SSC Information Supplement (Protecting telephone-based payment card data) and authority on payments compliance in the contact centre and BPO (Business Process Outsourcing) sector. We asked John what advice he would give to organisations with customer service teams on coping with these pressures and his tips on how to rapidly build an improved operation for the future.
What new challenges are businesses facing?
John explained some of the major factors affecting business decisions in the sector today, “Quick alterations in the way customer service departments and contact centres work are placing new challenges in front of organisations. To maintain business as usual, major changes are having to be made to how people work. Amongst the issues that need to be dealt with are:
- Stable and secure connectivity to multi-channel communications – including voice, webchat, plus social communications like WhatsApp, Twitter and Facebook Messenger.
- Secure and reliable connections to business applications – systems normally accessed within the office need to be reliably used from many remote homeworker locations.
- Processing orders in line with regulations and contractual requirements – the need to collect customer data and take payments in line with DPA 2018 / GDPR and PCI DSS, protecting customers and the business alike.
These operational challenges are daunting enough, but now there is a requirement for rapid deployment of home working solutions, which many existing technological solutions struggle to cope with.”
What are the biggest risks of a rapid move to homeworking?
John stated that, “Moving system access and agents away from a central site carries some significant risks. The introduction of chip & PIN payment technology moved payment fraud away from face-to-face and towards the ecommerce payments acceptance channel. As the minimum international data security standard for taking card payments (PCI DSS) has evolved to reduce ecomm’ fraud, so crime groups are adapting and the payment card industry is playing a continual game of catch up. Payment card details are valuable and easily monetised to fund organised crime, criminals are increasingly targeting businesses who use the MOTO (Mail Order, Telephone Order) payment acceptance channels. Contact centres have been an obvious target and now mass homeworking offers the unscrupulous a new opportunity.”
He continues, “It is not easy for organisations to fully replicate all the people, process and technology security measures that are in place in their contact centres, particularly as the transition to homeworking is happening so quickly. Many organisations have simply not had time to run a full risk assessment or discuss their significant changes in risk profile with their acquiring banks. Whatever your circumstances, working from home and handling payment card data puts your homeworkers at risk of being approached by organised crime.”
John added, “Data breaches and compromises of personal data can be hugely damaging both financially and reputationally, with prosecutions making headline news. A breach of the Data Protection Act will also attract action from the acquiring bank on behalf of the payment brands (Visa, Mastercard etc). This means ‘penalties’ of up to €18 per card exposed and potential notice to withdraw payment facilities until evidence is provided that minimum data security standards were being met, which means PCI DSS compliance being certified. If a breach is found, it is likely that your operation will be suspended, at least temporarily but potentially permanently. This will have obvious effects on the business and your teams. The reputational consequences on top of the obvious financial implications could seriously damage your organisation in the long term. Put simply, you may lose the ability to take money through your agents in the short term, risk reputational damage and risk an ICO fine. Then there would be the added costs of forensic investigation, increased transaction charges and for either achieving or maintaining PCI compliance.”
He continues, “From a liability point of view, your customers are protected. The financial burden is on the merchant. Certainly, from a data protection standpoint if the merchant had failed to create a defendable position, by documenting a risk assessment to support the security of personal data in the home working environment.”
What does your business need to do to safely move into the ‘new world’ of homeworking?
Enabling homeworking on a large scale is an opportunity for brands to improve operations, manage costs and increase flexibility in the workforce. It’s vital that your business approaches this opportunity in the right way.
John says “Take the chance to reduce and remove risks from your operations. You can do this by carefully choosing your technological and communications platforms, finding solutions which are easy to implement and enable compliance with PCI DSS (Payment Card Industry Data Security Standards). There are compliant and rapidly-deployable options available including Ciptex RACE, built on the Twilio platform – which it shares with some of the world’s most successful, reliable and secure apps including WhatsApp, Airbnb, and Uber.”
By implementing effective systems rapidly, you can protect not only customers, but your homeworkers and ultimately the business. The rethink, which has been forced upon us all by a global pandemic, might be responsible for organisational improvements and increased protection.
Do you need to safeguard your remote payments?
If you’d like to talk about a technology independent way to quickly implement safe payment processing for your business, the team at Contact Centre Panel can help. We’ve built a technology network by helping contact centres to safely and securely meet business and customer needs.