Give Your Customers a Safer Way to Pay by Phone

This post was co-authored by Genesys AppFoundry partner, CardEasy.

Major data breaches, such as the Marriott hack that affected up to 500 million customers, always make headlines. It’s hardly surprising that consumers are increasingly concerned about paying merchants by phone, according to research by Syntec. Organizations transacting and storing payment card details must protect consumer data from breaches while adhering to regulations like PCI DSS and GDPR.

Still, Syntec research indicates that most people are asked to read their card numbers aloud when paying by phone. In addition, the research also showed the following:

  • Only 5% of consumers think that making telephone payments to a call center is the most secure form of payment
  • Fifty-nine percent say the risk of call center fraud keeps them from paying by phone
  • Eighty percent would rather not give their card details to a call center agent
  • The number of consumers who haven’t bought something because they were concerned about payment card security when paying over the phone has risen from 44% in 2016 to 63% today

A Better Way to Secure Information
When asked how contact centers should secure customer information, most consumers noted that they would prefer using a method that hides card details from both the call center agent and the call recording. Consumers value the security of their personal data and will avoid shopping with companies they perceive to be insecure. And all companies interviewed wanted technical solutions to help them descope from the regulatory controls of PCI DSS.

PCI assessors and security experts both believe that using controls like pause and resume (stop/start) for call recordings is only half the solution in reducing risks. The best option is to descope from the controls entirely by creating a no card data environment. DTMF masking — touchtone keypad payment by phone — was considered the most comprehensive way to do this.

Switching to DTMF masking for telephone payments using CardEasy lets consumers enter their own card numbers — just as they would in a retail or e-commerce environment. The system lets consumers enter their card details using their telephone keypad, either in the middle of the normal phone conversation with the agent or using customer self-service IVR.

DTMF tones are replaced with flat sounds before they reach the agent, so the different tones are concealed. And this means that payment card data is not seen, heard or stored in the contact center or call recordings. This removes the risk of card data being breached and accelerates the payment process. It also reduces errors and protects the merchant’s brand reputations.

CardEasy, which won the Genesys “Best Security Solution” award at Call & Contact Centre Expo in London in 2018, integrates seamlessly with the Genesys® PureCloud®, PureEngageTM and PureConnectTM platforms. Download a copy of the Syntec research on PCI DSS in contact centers and learn more about CardEasy at the AppFoundry Marketplace.