As we all hit the streets, the web and our phones to buy Christmas gifts, we’re possibly treating our payment card purchases with a little more concern and care than we gave them this time last year, and with good reason. According to the Financial Fraud Action UK, types of fraud where the card holder is not present (phone, online or by mail order purchases) have seen a 23 per cent year-on-year rise. And a staggering total of £185 million of fraud losses were recorded on UK cards between January and June 2012.
Consumers are becoming more aware of fraud and how their personal data is stored and used, so the way in which you securely handle your customer’s payments over any payment method, is becoming increasingly important to them. Two of the main risk areas for data breaches are internal staff access and external phone or network hacking. When customer data falls into the wrong hands, it can potentially spell disaster for the reputation and success of your business.
But help is at hand…
The Payment Card Industry Data Security Standards (PCI DSS) provides a set of security rules and practices that all businesses must adhere to if they want to continue accepting credit and debit cards from their customers. These rules help business to ensure their customers’ card information is handled securely and disposed of promptly. Following these rules minimises the risk of fraud and they are enforced by the card organisation via fines (up to £500,000 for holding sensitive payment card data) and potentially withdrawal of your transaction services.
So if your business is taking payments over the phone or website this Christmas or will be in the New Year, then PCI Compliance is an absolute must. As a starter, here are 12 PCI requirements - one for each day of Christmas:
The 12 PCI Requirements:
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Physically and logically protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for employees and contractors
And that’s just systems and processes… what about the people?
Your customer facing staff are both the most important asset to your organisation and the biggest risk when it comes to card information. They are also one of the toughest areas to secure without making their work life challenging.
Fortunately systems are now available that not only help eliminate card data from your IT systems but also allow staff to take payments over the phone without accessing card data.
By capturing payment via the touchtone keypad and blanking the tones heard by the staff member, payments can be handled simply without any significant changes how they interact with the customer. The staff member just adds the customer details and the amount to pay, and confirms the payment with the customer. The customers feel more at ease that they are not relaying their card details to a stranger at the other end of the phone, or anyone else in earshot…
Happy secure customers, protected productive business and peace of mind that your compliance needs for card payments are met without complex systems integration.
So have a great start to a happy and prosperous 2014.
With the explosion of smartphones, tablets and social media, it’s becoming ever more challenging to provide the kind of service your customers want. While many companies are now offering support through more channels, it’s a fact that customers still make enquiries through phone automation and contact centre agents. In addition, the majority of these phone calls are coming through IVRs from mobile phones.
When developed poorly, IVRs can be extremely unpopular with customers. This usually happens when companies try and make IVRs super-efficient but end up making them over complicated - adding layer upon layer of options. Unfortunately this just creates unnecessary frustration and results in agents beginning conversations with highly irritated callers.
So what can you do to make your IVR system good? It’s a hard question to answer without knowing your system, but here are a few tips from Eckoh to consider getting your current system the best it can be:
1. Keep it simple.
For the sanity of your customers, keep the menu options short. We now live in a world where we expect answers within seconds, so time-pressed customers don’t have the patience to navigate through complicated confusing menu systems. Give your IVR a call to see what you think of it, and where you may be able to simplify it if necessary. Aim for short clearly worded menus with no more than three options at each interval.
2. Don’t forget it.
Like any machine, an IVR needs attention at frequent intervals to ensure its running smoothly. A mature system probably needs reviewing every month and a new IVR will need daily or weekly attention (depending on call volumes) to ensure it’s working to its peak performance. Make sure your IVR is tuned up regularly to keep it effective and efficient for your customers.
3. Don’t ignore customers’ requests to speak to an agent
If a customer wants to speak to an agent – connect them. Many companies make it extremely difficult for customers to speak to agents by putting in diversions and blockers to force customers through automation. In our experience, customers happily use a well-designed IVR system if one of the options includes speaking to an agent early on in the process. Don’t make it impossible for customers to talk to you as you’ll end up alienating them to your brand. Check your IVR and see how easy it is for your customers to get hold of an agent. It should be within the first two menu intervals.
4. Give your customers some intellectual credit
It’s highly likely that your customers have seen your website or contacted you through social media, so you don’t need to tell them how to find you on the web by giving your website address. Also, if you ask them to give you their phone number through speech or touchtone, you don’t need give them excessive guidance on how to do it. Usability tests show that people are well versed in providing this information over the phone and the various formats that are required, so save your customers time by trusting their intelligence.
5. Save customers their precious time.
If a customer phones you wanting to track an order or pay a bill, they’re unlikely to want to hear about your latest promotional offer. So save marketing messages for a suitable time during the call – preferably at the end. Also, allow customers to anticipate options and interrupt the IVR dialogue rather than insisting that the caller listen to the whole message or option before they choose. Both these tips will help progress the call quicker and will help the customer resolve their query.
6. Remove menus altogether.
Highly departmentalised companies who have complex and multi-layered IVRs are reviewing the opportunity that natural language speech recognition provides and are opting for a speech recognition system. In some cases this removes the menu system altogether and after saying what they want the customer is directed to the correct destination within seconds and without lifting a finger. If relevant for the company, this alternative to IVR has a high take by customers given its more intuitive interface.
Want more information? contact us here, or call 08000 630 730
Types of fraud where the card holder is not present, such as when purchases are made over the phone, online or by mail order, have seen a 23 per cent year-on-year rise. According to recent finding by Financial Fraud Action UK, which prevents crime on behalf of the financial services industry, £142m worth of losses were recorded.
So what does this mean for the Contact Centre industry and in particular organisations that take customer payments over the phone?
Despite improvements in security technology, criminals are finding new ways to target consumers using deception crimes over the phone. These have increased overall fraud losses on UK cards by almost 20% in 2013 with £216.1 million worth of card frauds committed in the first 6 months.
The most worrying statistic shows a sharp increase in Card-Not-Present (CNP) crimes, where the cardholder is not physically present at the merchant when making a purchase. Criminals obtain card details through methods such as skimming, hacking into retailer’s data connections, or through unsolicited emails or telephone calls. CNP crime accounts for 63% of all card fraud.
Phone fraud on the increase
A telephone scam called “vishing” is becoming a more widely used method by criminals to get card details. The conman pretending to be calling from a building society, bank or utility provider tries to get their victim to hand over personal information such as their card PIN and date of birth.
They’ll ask the victim to call the bank back immediately to check that the call is authentic. Once the caller hangs up the criminal stays on the line, hands the phone to another member of their gang and the victim believes that they are actually speaking to their bank.
Another scam asks the victim to key in their PIN on their phone keypad, after claiming that their card needs renewing, or has seen some fraudulent activity. This means the criminal can to decipher their personal number from the telephone audio tones.
Tackling fraud
The Citizens Advice Bureau and police provide some good advice, helping consumers to spot a scam. Advice such as:
- Never give out contact details like your name, phone number or address to strangers or to people who should have this information already.
- Never give financial information or details of your identity, bank accounts or credit card to strangers or to the businesses that should already hold your details.
But if this is the advice given to consumers to protect themselves better, in the situation of paying a bill or making a purchase, what do consumers do when they are asked identification questions by a call/contact centre agent before being asked for their card details? How do they know whether they can trust the agent and organisation to keep their information safe?
The Contact Centre Challenge
In a consumer survey commissioned by Eckoh in 2012, 86% of consumers did not trust contact centre workers to keep their card payment details secure, believing that some agents may commit fraud by stealing their data. With the increase in contact centres asking for certain security information over the phone, this increased awareness of security consciousness by consumers may hinder attempts at merchants to present a secure environment to their customers.
To protect their customer details, many contact centres are applying technology that is compliant with the Payment Card Industry Data Security Standards (PCI DSS). This prevents card details from entering their environment and the agents from seeing or hearing the card information being relayed to them. Card details are provided over the phone using the customers’ telephone keypad and the audio tones are converted to monotones to avert encryption. Agent screens displaying a customer’s file also masks the card details from view so they are not seen.
Consumers need to know it’s Safe
Consumers will want the same security signature on their phone calls as they see on their web payments. Despite going to great lengths to implement PCI DSS compliant technology, contact centres are not promoting this level of security to their customers. With greater fraud awareness, customers will no doubt begin to question the integrity and security of the information they are asked to verbally provide over the phone. This was confirmed in our recent survey where 50.3% of consumers said that they would feel more secure if they knew a technology based solution was involved in the contact centre agent transaction process.
To give customers peace of mind at a time when criminals are using direct contact to commit fraud, merchants need to offer the reassurance that they have ALL customer contact channels, including their voice channels, securely covered.
Since the rise of social media, advanced interactive websites, smartphone and tablets; organisations all over the world are adding more channels so customers can communicate with them. People can now do all their research on a product and service from the comfort of their own home or on their train journey to work, and even share their opinions once they’ve purchased.
These days, social media and mobile channels in particular are the driving forces behind customer contact. The new self-serving public now chooses to find out information themselves before making a decision and they’ll tend to do all this through the vast amount of information available to them on the world-wide web.
So what of the humble phone channel? Do people actually call to speak to a real human being anymore? The answer is a resounding yes, with most people still choosing the phone as their primary method of contact with self-service channels closely following. What has changed however, is the rationale for the call and the type of help needed. As customers find information to their general enquiries themselves through automation or other self-help channels like the web and mobile apps, they tend to make a phone call when they have complex enquiries that need a specific and detailed answer that isn’t available anywhere else but a specialist. And that’s how people now view customer service – a ‘trusted advisor’. No longer do they exist to answer mundane questions about bank balances or nearest store information. They are now asked technical questions about product operation, service support and issues they are experiencing that need resolving.
But as the phone is no longer the only communication channel – but one of many, the challenge currently facing organisations is the apparent disconnect between what the customer wants from their phone call and what the contact centre agent is able to give them. Companies are realising that joining channels to provide a seamless and effortless customer experience is essential to maintain the faith and trust of their customers.
Look at it from the way you buy things yourself for instance. You may start a search on the website using your smartphone or tablet, you want more technical information on a product or service so you click ‘call me back’ by giving your name and number. You then discuss the issue with an agent who you would ‘expect’ to know which product you have an interest in or a problem with, based on your actions on their website. Unfortunately, this isn’t always the case and customers are becoming increasing more demanding that their journey through the organisations various channels is followed.
An unbroken integration between automated and voice channels gives your customers a great brand experience. It shows that you are in touch with them, understand their needs and can offer helpful and accurate information to help them make a choice. The phone channel is still perceived by customers and organisations as an extremely important part of the channel mix and ‘the hub’ of all other channels, usually being the point of most complex information for the customer.
The phone is very much here to stay, with its use is evolving to make calls quicker and efficient. General enquiries are now answered by automated services and live agents are empowered to know much more detail about the products and services being sold.
Many contact centres are changing their approach to how they deal with customer information to meet the pressure to comply with PCI DSS Standards. However, while most merchants are endeavouring to meet increasing customer security demands and protect their customers’ data, some do not see PCI compliance as a necessary step to achieve this.
In a recent Eckoh survey, 93% of contact centres either had a PCI Compliance programme underway or are planning one. All contact centres tended to adopt one of the following strategies that had varying degrees of achieving PCI DSS compliance:
Denial – “Fraud won’t happen to us”
17% only use basic security as their main fraud deterrent, using manual processes and training to ensure correct handling of payment information. These contact centres also rely heavily on firewalls and other security related equipment to prevent breaches to systems and use encryption software for areas that store customers’ information. Although these are good practice measures and form part of basic systems security, they are not fail-safe and often span generic systems without any specific focus on one department’s activity or processes. When breached, it often spells financial and reputational disaster for the organisation involved.
Segmenting – separate payments areas, clean rooms, pausing recordings
42% of contact centres use additional security to segment the payment process within the contact centre. This includes creating ‘clean room’ environments or segregating credit card handlers from other contact centre personnel. Although this is generally good practice, there are still gaps in these systems and processes. Call recordings and data collected on PCs and networks will be exposed in a PCI audit, so segmenting in isolation will not adequately address the full scale of PCI requirements.
As an additional step, some contact centres are transferring calls from one agent to an unrecorded extension where a second agent takes the customer’s payment card details (such as the CVV number) for bank verification. Other systems (used by 30% of our contact centre sample) enable agents to manually pause and resume recording using buttons on their screen or handset.
These methods may work and are used extensively. The downsides are that they are still open to human error; and standards and regulations are continually evolving making gaps to achieve compliance ever wider. It is also well known that the payment card council standards prefer solid, technology-based solutions.
Protecting – outsourcing the risk to PCI compliant service providers
More contact centres are realising the benefits of outsourcing security requirements to PCI DSS Level One service providers, as it reduces the scope of the lengthy and time consuming audit. Of our sample, 13% of contact centres use external vendor technology such as EckohPAY, where agents can transfer calls to an IVR platform such as at the point in a conversation when they need to take payments. The caller uses their telephone keypad to enter their card details.
Third party cloud-based solutions such as EckohPROTECT can also be applied to the whole contact centre. This method works by the agent asking the caller to enter their card details manually through their telephone keypad. The agent is never exposed to cardholder data and enables the customer to stay on the phone with the caller while they are processing their payment. Minimal agent intervention is needed and the system hides card entries on the agent screen and blocks the DTMF tones from being recorded. It also enables call recordings to continue without interruption. This approach is proving to be popular with contact centres that are aiming to increase the volume of home based and remote agents to their workforce as they can use the same security systems as their premise based colleagues.
Some businesses already have established IT network compliance methods for payment data through other means which means they only to address the telephony aspects of their IT infrastructure. Solutions like CallGuard which focuses purely on the call recordings, eliminates sensitive card data from telephone conversations before they are recorded. It can also prevent your agents from seeing any card data on screen, removing the potential for card data theft.
Cloud-based solutions are proving to be the most resilient form of PCI compliance available to contact centres. Of our sample, 9% of contact centres had adopted such solutions with a further 13% considering this approach as part of their future compliance programme.
This morning I received a text from my bank advising me of my latest balance. I wanted to query a payment and so went into the mobile app I have on my smartphone. Still a bit confused, I requested a call back. Luckily, when the agent called me I recognised the transaction and so my mind was put at rest.
My point here isn’t that I am prone to forgetting my purchases, but that in the space of ten minutes I interacted with my bank via three different channels. As little as five years ago this scenario would have been unthinkable. I’d probably of been reviewing my paper statement and spending a long time on the phone listening to hold music in order to find out the information I needed. Yet this casual flicking between channels is now the norm. Thanks to the rapid developments of technology, customer service operations have been streamlined and made simpler, more direct. But the instantaneous nature of communication we are all now used to has also led to rising expectations.
As a customer, whichever channel I choose to interact with, I expect my bank, utility company, council or a retailer to know who I am. If I have updated something online, I also expect for that to be reflected in the mobile app or for the call centre agent to be aware of it. As consumers when it comes to customer service we demand high standards. If we don’t get a reply to a Live Chat request in seconds? Cue a tirade on Facebook. If someone is delayed in responding to a Tweet ‘what are they doing?’ we wonder aloud to our followers. We want access to information now and we demand it now.
…..and nearly always ends in disappointment
The speed with which the data we desire is delivered to us, isn’t necessarily the only issue at hand here. It is also the quality and accuracy of it. For example, if I download an offer code via the Pizza Express mobile app, I expect to be able to redeem it in-store, not be told it isn’t accepted unless printed out. If I provide information via one channel, I want it to be recognised in another, be that web, mobile, in-store or a call centre. In short, my one transaction crosses multiple channels and I expect it to be replicated accordingly.
Yet, very rarely are our expectations met. UK PLC and public sector organisations are struggling to integrate data across multiple platforms and deliver the seamless and, most importantly, consistent service that consumers’ crave. You could argue that it doesn’t really matter, but it really, really does. How brands build communities, loyalty and retain customers all comes down to the customer experience that they deliver. No one likes to repeat themselves multiple times. It’s frustrating. After all, surely recognising one transaction should be such a simple thing? Consumers don’t care how you do it; they just want it done.
The rise of omni-channel
Omni-channel is a term that is growing in popularity and reflects how today’s savvy consumers seek to engage with brands and organisations. It is a trend that recognises that people no longer engage via one chosen channel and the need to ensure that a customer has a rewarding experience whether they are in-store, on-line, using their landline at home or browsing using their mobile. If as a brand, you don’t support or provide choice then will your business become defunct? Customer service strategies have to acknowledge that it isn’t just about offering different channels; it’s now about integrating them and providing a truly agile service.
Arguably, despite the fact that we live in a multi-channel, multi-device, multi-screen world, the device through which we interact will become less important. What will matter more is the quality of that interaction. To this end we are seeing increasingly diverse applications that allow us to interact using our voices as well as through a traditional keypad. As consumers become more comfortable and adept at using their voice to give commands, ask questions and enter information on their devices, so they are becoming more aware of the ease, speed and convenience of the technology. This is evident from the rise we’re seeing in the number of businesses deploying natural language call routing technology. The same ease and speed with which calls can be routed can also be realised by integrating speech with the web or mobile apps. As the device becomes less important, so organisations must find the common thread that binds multiple channels together. As we flip from our phone, to the TV, to the tablet how we control these interactions will more commonly be done using speech.
At a time when budgets are tight, companies could stick to tried and tested methods, but instead they should be looking at how they can innovate and at the same time make long term efficiencies. Brands need to embrace new, proven technologies at the same pace that consumers demand them; and integrate all channels to deliver a rapid, comprehensive and satisfying experience.
Nik Philpot
CEO, Eckoh
Want more information about our services? contact Eckoh here, or call 08000 630 730
Consumers everywhere now have the ability to call; browse the web; order and purchase products and services; and comment about their experience. The meteoric adoption of portable consumer technology such as smartphones and tablets, in just the last two years is only set to extend further with new devices and new ways of interacting already in development.
So where does this leave businesses that only used to interact with customers over the phone or email?
Customers are now demanding interaction with customer service organisations via mobile devices. To compete in the market, these organisations need to provide the means to be contacted in this way so that customers can, at the swipe of their finger perform tasks such as:
- register, order and pay for products and services,
- locate offices or stores,
- create call back/support requests; and
- receive value-added services and incentives.
To keep up with the pace of innovation, and compete effectively and quickly, companies are outsourcing requests to develop mobile apps and mobile optimised websites. They also want to offer the latest functionality associated with these apps such as GPS to locate stores/offices, and/or payment security for orders and purchases using an app or mobile website.
As exciting as all this advancement and connectivity is for businesses, the challenge facing Customer Services departments is that they have to do more with less financial investment. Efficiency is still the dominant objective. As customer touch points grow, department heads know that they have to devise a strategy that includes automating as many common enquiries and payments as possible to free up their agents for other tasks and keep costs down.
Generation X and Generation Y will continue to drive the adoption of new mobile technologies and demand more self-service offerings. To meet changing customer demands, brands need to create a stronger customers service by enabling the user to take control of their own accounts on a 24/7 basis.
As well as our expertise in phone automation through speech enabled technology, Eckoh has worked with businesses to get them interacting with their customers through their preferred contact channel including phone, web, mobile/ smartphones and other devices. Services can also be highly personalised, recognising customers from previous interactions, and meeting their needs using information already known about them.
Speed is the key for customers and personalisation means that the customers needs are met quickly and efficiently. But it doesn't stop at just providing all these channels. They have to work seamlessly together and follow the customer's journey as they flit from one channel to the next. The customer expects consistency, so whether they start with a web chat, follow through with a web purchase and end in a conversation with an advisor - they'll expect that advisor to know their entire contact history and keep up with them.
Want more information about our services? Contact Eckoh here, or call 08000 630 730
