Interview with John Greenwood, Head of Technology & PCI Compliance.

As many businesses are forced into homeworking, the need for remote access to internal systems to enable home-based agents to provide a full service has never been higher.Companies who can adapt quickly will improve their chances of long-term survival, emerging from this crisis with higher customer satisfaction and lower attrition rates.

We spoke to our very own John Greenwood, lead contributor to the PCI SSC Information Supplement (Protecting telephone-based payment card data) and authority on payments compliance in the contact centre and BPO (Business Process Outsourcing) sector. We asked John what advice he would give to organisations with customer service teams on coping with these pressures and his tips on how to rapidly build an improved operation for the future.

What new challenges are businesses facing?

John explained some of the major factors affecting business decisions in the sector today, “Quick alterations in the way customer service departments and contact centres work are placing new challenges in front of organisations. To maintain business as usual, major changes are having to be made to how people work. Amongst the issues that need to be dealt with are:

These operational challenges are daunting enough, but now there is a requirement for rapid deployment of home working solutions, which many existing technological solutions struggle to cope with.”

What are the biggest risks of a rapid move to homeworking?

John stated that, “Moving system access and agents away from a central site carries some significant risks. The introduction of chip & PIN payment technology moved payment fraud away from face-to-face and towards the ecommerce payments acceptance channel. As the minimum international data security standard for taking card payments (PCI DSS) has evolved to reduce ecomm’ fraud, so crime groups are adapting and the payment card industry is playing a continual game of catch up. Payment card details are valuable and easily monetised to fund organised crime, criminals are increasingly targeting businesses who use the MOTO (Mail Order, Telephone Order) payment acceptance channels. Contact centres have been an obvious target and now mass homeworking offers the unscrupulous a new opportunity.”

He continues, “It is not easy for organisations to fully replicate all the people, process and technology security measures that are in place in their contact centres, particularly as the transition to homeworking is happening so quickly. Many organisations have simply not had time to run a full risk assessment or discuss their significant changes in risk profile with their acquiring banks. Whatever your circumstances, working from home and handling payment card data puts your homeworkers at risk of being approached by organised crime.”

John added, “Data breaches and compromises of personal data can be hugely damaging both financially and reputationally, with prosecutions making headline news. A breach of the Data Protection Act will also attract action from the acquiring bank on behalf of the payment brands (Visa, Mastercard etc). This means ‘penalties’ of up to €18 per card exposed and potential notice to withdraw payment facilities until evidence is provided that minimum data security standards were being met, which means PCI DSS compliance being certified. If a breach is found, it is likely that your operation will be suspended, at least temporarily but potentially permanently. This will have obvious effects on the business and your teams. The reputational consequences on top of the obvious financial implications could seriously damage your organisation in the long term. Put simply, you may lose the ability to take money through your agents in the short term, risk reputational damage and risk an ICO fine. Then there would be the added costs of forensic investigation, increased transaction charges and for either achieving or maintaining PCI compliance.”

He continues, “From a liability point of view, your customers are protected. The financial burden is on the merchant. Certainly, from a data protection standpoint if the merchant had failed to create a defendable position, by documenting a risk assessment to support the security of personal data in the home working environment.”

What does your business need to do to safely move into the ‘new world’ of homeworking?

Enabling homeworking on a large scale is an opportunity for brands to improve operations, manage costs and increase flexibility in the workforce. It’s vital that your business approaches this opportunity in the right way.

John says “Take the chance to reduce and remove risks from your operations. You can do this by carefully choosing your technological and communications platforms, finding solutions which are easy to implement and enable compliance with PCI DSS (Payment Card Industry Data Security Standards). There are compliant and rapidly-deployable options available including Ciptex RACE, built on the Twilio platform – which it shares with some of the world’s most successful, reliable and secure apps including WhatsApp, Airbnb, and Uber.”

By implementing effective systems rapidly, you can protect not only customers, but your homeworkers and ultimately the business. The rethink, which has been forced upon us all by a global pandemic, might be responsible for organisational improvements and increased protection.

Do you need to safeguard your remote payments?

If you’d like to talk about a technology independent way to quickly implement safe payment processing for your business, the team at Contact Centre Panel can help. We’ve built a technology network by helping contact centres to safely and securely meet business and customer needs.

The consumer association, Which?, recently published their annual mobile-customer satisfaction survey. They asked 6135 of their members to rate their mobile network provider on a range of factors including customer service and value for money.

The results highlighted that the three biggest mobile operators were failing to offer their customers a satisfactory level of service, despite often costing more than smaller rivals. Vodafone, EE and O2 all finished in the bottom three, while virtual network operator Giffgaff topped the poll.

Vodafone performed the worst overall for customer service, only achieving a one-star rating for service, value for money and technical support. 20% of the Vodafone customers surveyed said that customer service was poor, including complaints and query handling.

EE, the UK’s largest mobile network, also ranked among the worst providers, with only 25% of EE customers saying they had received good or excellent service for technical support, and less than half said the same about ease of contact and customer service.

The smaller network providers came out on top of the 13 networks included in the survey. Giffgaff was rated the top network in the survey, with Utility Warehouse and Plusnet Mobile taking second and third place.

To read the full results of the Which? best and worst mobile networks survey click here

With this in mind, we have pulled together a list of the top ten most common reasons for customers to get upset with their mobile service provider:

1. Responding to enquires too slowly
2. Providing information to one call agent only to have to provide the same information to a different call agent from the same company at a later point
3. Providing information to an automated system and then having to repeat the same information when connected to a call agent
4. Receiving excessive volumes of communication
5. Receiving communication that you consider an invasion of privacy
6. Treating you with a non-tailored one size fits all approach
7. Inaccurately tailored communication i.e. being addressed incorrectly -“Mr” in a customer letter when you are female
8. Receiving information that is inaccurately targeted i.e. offers of a joint account when you are single
9. Receiving little or no communication
10. Over familiar tone in communication

If your customer service is falling short get in touch get in touch to find out how Contact Centre Panel can help.