With more people shopping online or ordering items over the phone during lockdown and even as restrictions ease, businesses need to me mindful of how they take payments.
Where businesses that take card payments over the phone, they are not permitted to record the CV2 number under payment card industry (PCI) regulations. Whether this number is spoken or typed in on a keypad, businesses must adhere to these regulations and not keep any recordings of either the numbers being said or the dial tones of the keypad.
With more than half of UK consumers now buying goods online, PCI protection is more important than ever before. Businesses found breaching these security standards risk a considerable fine. Coupled with loss of reputation, breaching PCI regulations is inadvisable.
Many businesses use call recording for checking call details, dispute resolution, training and monitoring. To meet PCI regulations, call handlers need to remember to pause and resume the recording when customers give them their card details. However, this relies on human endeavour and as we all know, humans make mistakes. If an employee forgets to press the pause button, a breach could be very costly.
Technology has thankfully moved on!
How to avoid PCI breaches
Cease recording calls
This is the simplest way to avoid breaching any PCI regulations. However, businesses would also lose out on all the benefits of call recordings which you can read more about in our previous blog here: https://www.swcomms.co.uk/blog/article/call-recording-options-have-moved-on/
An automated system is the answer to confidently meet PCI regulations. When card details are entered by an agent on a PC, the application monitors for payment website addresses and then automatically pauses the recording as customer says their details and restarts when they have exited the relevant website.
Interactive voice response (IVR) solutions
Automated IVR solutions recognise when a customer is going to enter private details, such as card numbers. When a customer is asked to enter their payment details via their telephone keypad, the tones are masked to prevent them being deciphered.
If your business is still relying on dated PCI compliance methods or you’ve just started taking payments over the phone, then please do get in touch as I would be happy to help.