Telco talking-point: the cloud transformation of payment transactions

Viewpoint

In an era where data breaches are becoming increasingly sophisticated and the criminal threat to payment transactions is unprecedented, it makes sense for telecoms businesses to include a secure payments solution as an integrated part of their offering to customers. Doing so adds value and offers a point of difference over competitors, but the challenge is in providing businesses with a fully secure payment solution that achieves industry compliance and does not compromise customer experience.

There’s no getting away from the fact that businesses, large and small and in almost all sectors, depend on taking payments over the phone. Furthermore, customers expect to be able to pay over the phone for goods and services – and without the fear of sensitive data being hacked. However, this fundamental business service is under increasing threat from cybercriminals and hackers. Card not present fraud was valued at £432 million in 2016 – up 8% on the previous year – and is expected to reach £680 million by 2021. Despite these worrying figures, businesses continue to use outdated “pause and resume” methods to take card payments. Indeed, nationally two thirds of contact centre organisations are still using this process. Through automation or manually, agents pause the call recording when taking card data, and then reactivate it afterwards. It is often used by businesses and organisations as a way to reduce risk, but in fact has the opposite effect. Pause and resume is far from being foolproof and exposes a business to sensitive card data and a significant risk of fraud. Recent high-profile cases of data breaches of customer card details demonstrate the reputational impact of attacks – and the fact that no business is invulnerable.

Running parallel to this rising fraud threat is increasing scrutiny. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. The PCI DSS applies to any organisation, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. The “pause and resume” technique has many downsides and leaves a business open to the risk of significant fines from the PCI DSS Council, the loss of merchant status, and of course, the resulting damage to the business’s reputation. Pause and Resume is very likely to be deemed non-compliant when the industry watchdog issues its next update later this year.It boils down to this: Will customers want to continue transacting with a company that is not industry compliant?

Yet, despite a tightening of the regulatory framework, businesses across the spectrum continue to struggle to achieve compliance. A recent industry report revealed that 80 per cent of tested companies failed their interim PCI compliance assessment.

So, amid this industry dilemma, what is the solution and how can telcos gain a commercial edge? The answer lies in cost-effective, resilient technology. A trusted provider of PCI DSS level 1 certified secure payment handling solutions, Ultracomms developed a market-leading solution called PaySure.

The solution allows customers to enter their payment card numbers directly and discreetly into their telephone keypad, instead of reading them out loud to the agents on the line. PaySure uses DTMF masking to securely send payment card information via the phone keypad in a way that cannot be overheard at the user’s end and cannot be deciphered by the agent. This enables contact centre agents to remain on the phone to help customers through the payment process, and as a result, reduces the likelihood of abandoned calls.

The PaySure solution, can be provided to businesses in a number of ways, depending on the needs of the organisation:

• Cloud customer contact platform – Ultracomms is one of the few providers to offer a PCI DSS level 1 certified secure payment processing solution as part of its omni-channel customer contact management platform. This means that for contact centres which take payments by phone, the pain involved in ensuring their whole contact centre remains compliant is completely removed. The added benefit for contact centre clients is that they also can use the fact that their service provider has level 1 PCI DSS certification to attain their own PCI accreditation using the self-assessment method.

• Placed in the telephone network –Ultracomms developed PaySure with flexibility, scalability and simplicity of deployment in mind. PaySure can be integrated into the telephone network so the network service provider can secure the voice channel enabling compliant phone payments for their telco customers as part of their SIP Trunk solution.

Once integrated into the network, PaySure can be deployed to any client very easily and without additional investment. The carrier interconnects with the secure Ultracomms cloud at the point when a customer needs to make a payment. The carrier is then able to charge the customer for the PCI secure leg of the call, bringing additional revenue as well as adding a USP to their network.

To summarise the key features of the PaySure solution are:

• Descoping businesses/contact centres from PCI DSS.
• Delivering significant savings as it avoids capital investment for on-site PCI compliance and minimises the need for PCI audits.
• Improved customer and agent experience – no break in the call as the agent stays on the call throughout the payment process.
• Seamless Payment Service Provider (PSP) integration with all accredited PSPs.
• Fully managed, resilient cloud-based solution – hosted in dual secure data centres, offering rapid roll out and scalability.

It’s abundantly clear that the market demand is there – and is only set to rise – for secure payment technology. Telcos have the opportunity to grasp it with both hands and provide an innovative solution that solves a very real industry problem. Ultimately, it’s a small investment, big differentiator – and a big opportunity to increase their own profitability.

Meet Ultracomms at the Total Telecom Congress – Find out more

About Ultracomms

Ultracomms is a leading provider of PCI DSS level 1 certified secure payment handling and omni-channel customer contact management solutions. Its advanced customer interaction and secure payment solutions are designed to help clients maximise contact centre performance, improve customer experience, simplify compliance process and reduce organisational risk. Ultracomms was the first provider of contact centre solutions using cloud technology in Europe and today handle nearly 100,000,000 minutes of calls every year for customers over our PCI DSS level 1 certified omni-channel customer contact platform. Ultracomms has been PCI DSS level 1 certified since April 2016 and today securely processes over £30m of card transactions a year for its customers. For more information visit http://www.ultracomms.com