What is a PCI DSS Certification And Why is it Needed for Payments over the Phone?

Elemér Erdősi
May 22, 2020
May 22, 2020
7 min read
#Business

In an age of ever-increasing customer demands, customers expect to be able to pay anywhere, at any time, and as quickly as possible. As such, the idea of instant payments using mobile phones and web interfaces has been quickly embraced, with the latest technologies offering the possibility of paying in real-time during a phone call. 

When it comes to paying online, data security is always a major concern – for both companies and customers. As such, in order to keep customer data safe, any business that handles, processes, stores or transmits credit card data needs to acquire a PCI DSS certification.

But what is a PCI DSS certification? And why is it needed for companies offering real-time payments over the phone? Find the answers below in my article!  

What is PCI DSS?

PCI DSS is one of the world’s strictest security standards, issued by the five largest credit and debit card issuers in the market (Visa, MasterCard, American Express, Discover and JCB). The regulation requires businesses to comply with 12 general data security requirements. The general requirements apply to all businesses, while there are over 200 sub-requirements, depending on your business which of them are applicable to you.

The PCI DSS certificate applies to any organization that accepts credit and debit card payments. As VCC Live offers VCC Pay, a real-time payment over the phone technology, the company is PCI DSS compliant, which is the ultimate proof of our success to keep our business data safe and secure.

Depending on a business’s PCI merchant level, you might be required to perform an audit. For example, VCC Live is required to pass an annual PCI DSS audit. We are proud that this year saw our certificate renewed for the fourth time.

Failing to comply with the regulation is not a good idea. In fact, if your business handles online transaction without being PCI DSS compliant, you might face not only the potential security risks, but also heavy penalties, such as monthly fines up to $100,000.

PCI DSS certification and payments over the phone

While real-time payment technology has been around for a while, initiating payments in real-time during a phone call is still a unique solution, available at only a few companies in the world. And a particular reason for that is that, to be able to initiate real-time payments during phone calls, again, your company or the outsourced call center you rely on will need to be in possession of the PCI DSS certificate

However, complying with the PCI DSS regulation is a costly and lengthy process requiring a thorough preparation. Alternatively, it might be easier for your business to choose a solution that is PCI DSS compliant, such as VCC Live. In this case, the system you use already ensures PCI DSS compliance, guaranteeing that your customer data is safe and secure at all times. 

Currently, businesses using VCC Live can leverage two methods to initiate real-time payments during a phone call:

Payments over the phone via IVR

The first option is paying via an IVR system, which has both its pros and cons: in terms of the pros, a great number of customers now prefer the solution provided by an IVR system, solving their own problems without interacting with a live agent. On the other hand, IVR systems are not particularly popular with customers because of potentially long on-hold times and often overcomplicated menu options.

Also, IVR often isn’t comprehensive enough on its own, with live assistance still ending up being needed. Even worse, many IVR solutions have no option for a human resource that can help customers out if they get stuck during the payment process. VCC Live®’s VCC Live Pay, however, provides the option for transferring customers to a live agent if requested and handles the payment with agent assistance. A lot more user-friendly, right?

Real-time payments with agent assistance

Allowing customers to pay during a phone call with agent assistance is still a very unique and innovative technology, with only a few businesses around the world providing such a solution. VCC Live® is proud to be one of those few companies.

However, as we all know, exposing customers’ data to a live agent can potentially bring significant security risks. To address this issue, as part of the PCI DSS certification’s requirements, solutions such as VCC Live Pay make use of mobile phone touchpads’ DTMF technology.

Dual-tone multi-frequency signaling (DTMFs) technology allows telco companies to know what number is being pressed when a customer presses the buttons on their telephone. Each number generates a distinct tone, which is sent as a signal to a switching system that translates it back to the original number.

One major principle of the PCI DSS certification is keeping customer card data secure at all times, meaning it needs to be masked even for the contact center operators handling the call. So, when paying in real-time during a phone call with agent assistance, customers enter the digits of their credit cards on their phone keypads, with agents being completely unable to see card data in any way.

As a result, the payment process is not only easy but also fully safe and secure, as no time do agents have access to customers’ card data while a customer is entering credit card details, etc.

Without a doubt, customer service is a tricky business. Handling a great number of customers, data security is always a major concern. Acquiring a PCI DSS certificate or using a service provider such as VCC Live that is already PCI DSS compliant, will allow you to ensure customer data is safe and secure in all online transactions. 

Elemér Erdősi
Elemér Erdősi is Head of Key Account Management at VCC Live®. With substantial experience in the contact center and telecommunications industry, he focuses on sharing his Service Delivery, Analytical Skills, Operations Management and Call Center Development knowledge and expertise with clients and CX enthusiasts.
Rate this article