The Hidden Costs of Pause-and-Resume Payment Card Processing

By Curtis Nash

Businesses are concerned with how to handle the massive amounts of sensitive data presented to them on a daily basis. Technology, and most notably cloud-based services, can help alleviate the problem by leveraging infrastrucure, reducing capital investment, and increasing operational flexibility. This is especially true in call center environments that frequently process sensitive card data as part of the normal workflow.

There is no debating that credit and debit cards have emerged as the preferred method of payment for consumers who are more atuned than ever to security concerns. Card processing technologies for e-commerce and brick-and-mortar stores have continuously improved, but call centers haven’t kept up, and the efforts to protect sensitive card data received via telephone is clearly on the rise.

Payment Card Industry Data Security Standards (PCI-DSS), the de facto guideline for call centers, was originally designed to prevent customer data from being exposed to agents or recorded, thus offering theoretical protection of payment card details. Merchants lost a significantly higher percentage of revenue (0.68 percent) to fraud in 2014, compared to 0.51 percent in 2013, according to LexisNexis.

The risks associated with payment card fraud and data breaches continue to haunt call center managers, PCI compliance officers, and company executives. No wonder – last year 700 million records were exposed in data breaches, causing an estimated financial loss of $400 million, with stolen credit card details selling for up to twenty dollars each on the black market.

The constant threats continue to evolve, so companies need to review and update controls regularly in order to stay ahead of hackers and criminals. Unfortunately, it may not be enough to simply meet the high standards of PCI-DSS compliance, and one particular area of risk and concern is “pause-and-resume” recording.

Originally positioned as a quick and easy fix for keeping sensitive authentication data out of call recordings, pause-and-resume does nothing to mitigate fraud, and its inherent flaws can leave credit card details exposed to hackers.

Incredibly, more than half of all call centers still use pause-and-resume. Beyond fraud, however, there are four hidden costs that call center executives should be aware of when assessing if pause-and-resume is still right for their business.

1) The Hidden Cost of Compliance: There are 904 separate reporting entries in PCI DSS 3.0, and compliance costs real money. Support staff monitoring, unenforceable policies, and process maintenance require considerable investments in both time and money. And this doesn’t include processes that are dependent on manual interactions or are transferable to growth opportunities like work-at-home agents. Once toxic data gets into your call center, it requires expensive exception handling and potentially brings all systems into the scope of PCI compliance.

2) The Hidden Cost of Compliant Resolution: Paused call recording not only exposes the workflow to malicious agent activity and attempted scams, but without an audit trail, there is no way to know call details or prove what conversations may have transpired. Resolution of customer complaints means investing time and money to settle claims for which there is evidence either way.

3) The Hidden Cost of Lost Sales Opportunities: Customer demand for secure systems that protect the privacy of card details will continue to increase over time. When data is compromised, either through a breach or fraudulent activity, consumers will quickly seek alternative suppliers and shop elsewhere. Look at what happens to the sales of a well-known brand after a breach goes public.

4) The Hidden Cost of Damaging Your Brand: Building and maintaining a brand costs millions of dollars. Breaches damage reputation, erode trust, and may be unrecoverable for long periods of time. On the flip side, people may frequently talk about your brand and the breach.

Improving the Customer Experience: Call centers rightly should be focused on the customer, not on process. Most consumers don’t know anything about pause-and-resume. They only know that “this call may be recorded for training and quality purposes.” Nonetheless, consumers are becoming more and more hesitant to give out payment card information to persons or companies they don’t know, information that effectively enables someone else to use their payment card or store it in a system that may be compromised.

Imagine if the experience of handling a payment card transaction were different. Suppose your company representative could remain on the call with your customer, boast about your brand, and explain that your systems employ leading-edge technology to prevent payment card details from ever being seen, heard, or stored. Your competitors don’t do that. The agent might instruct the customer to use the keypad on his or her phone to input payment card data, and the agent would be there to assist and perhaps even suggest additional purchase oportunities.

Envision how that might create loyalty or expand your potential consumer markets. Imagine, for example, how this might attract buyers over age fifty, who will have a global spending power of $15 trillion by 2020. That’s a lot of money for a group of consumers who rely heavily on phones and contact centers to make purchases instead of visiting traditional retail locations.

Improving the customer experience for all consumers with secure payment card processing solutions will position call centers to be a viable channel for many years to come.

So when you evaluate pause-and-resume, consider the hidden costs and the impact it has on the customer experience.

Curtis Nash, the founder and CEO of Cognia, brings energy and enthusiasm for taking technology and applying it in new and unexpected markets. As a lifelong technology entrepreneur, Curtis has experience and success in technology, operations, and business development. His interests include mobile telecommunications, compliance technology, cloud services, and real-time communications (such as instant messaging).

[From Connection Magazine – January/February 2016]

Leave a Reply