Since the rise of social media, advanced interactive websites, smartphone and tablets; organisations all over the world are adding more channels so customers can communicate with them. People can now do all their research on a product and service from the comfort of their own home or on their train journey to work, and even share their opinions once they’ve purchased.
These days, social media and mobile channels in particular are the driving forces behind customer contact. The new self-serving public now chooses to find out information themselves before making a decision and they’ll tend to do all this through the vast amount of information available to them on the world-wide web.
So what of the humble phone channel? Do people actually call to speak to a real human being anymore? The answer is a resounding yes, with most people still choosing the phone as their primary method of contact with self-service channels closely following. What has changed however, is the rationale for the call and the type of help needed. As customers find information to their general enquiries themselves through automation or other self-help channels like the web and mobile apps, they tend to make a phone call when they have complex enquiries that need a specific and detailed answer that isn’t available anywhere else but a specialist. And that’s how people now view customer service – a ‘trusted advisor’. No longer do they exist to answer mundane questions about bank balances or nearest store information. They are now asked technical questions about product operation, service support and issues they are experiencing that need resolving.
But as the phone is no longer the only communication channel – but one of many, the challenge currently facing organisations is the apparent disconnect between what the customer wants from their phone call and what the contact centre agent is able to give them. Companies are realising that joining channels to provide a seamless and effortless customer experience is essential to maintain the faith and trust of their customers.
Look at it from the way you buy things yourself for instance. You may start a search on the website using your smartphone or tablet, you want more technical information on a product or service so you click ‘call me back’ by giving your name and number. You then discuss the issue with an agent who you would ‘expect’ to know which product you have an interest in or a problem with, based on your actions on their website. Unfortunately, this isn’t always the case and customers are becoming increasing more demanding that their journey through the organisations various channels is followed.
An unbroken integration between automated and voice channels gives your customers a great brand experience. It shows that you are in touch with them, understand their needs and can offer helpful and accurate information to help them make a choice. The phone channel is still perceived by customers and organisations as an extremely important part of the channel mix and ‘the hub’ of all other channels, usually being the point of most complex information for the customer.
The phone is very much here to stay, with its use is evolving to make calls quicker and efficient. General enquiries are now answered by automated services and live agents are empowered to know much more detail about the products and services being sold.
Tuesday 27 August 2013
Thursday 1 August 2013
What are contact centres doing to address PCI DSS compliance?
Many contact centres are changing their approach to how they deal with customer information to meet the pressure to comply with PCI DSS Standards. However, while most merchants are endeavouring to meet increasing customer security demands and protect their customers’ data, some do not see PCI compliance as a necessary step to achieve this.
In a recent Eckoh survey, 93% of contact centres either had a PCI Compliance programme underway or are planning one. All contact centres tended to adopt one of the following strategies that had varying degrees of achieving PCI DSS compliance:
Denial – “Fraud won’t happen to us”
17% only use basic security as their main fraud deterrent, using manual processes and training to ensure correct handling of payment information. These contact centres also rely heavily on firewalls and other security related equipment to prevent breaches to systems and use encryption software for areas that store customers’ information. Although these are good practice measures and form part of basic systems security, they are not fail-safe and often span generic systems without any specific focus on one department’s activity or processes. When breached, it often spells financial and reputational disaster for the organisation involved.
Segmenting – separate payments areas, clean rooms, pausing recordings
42% of contact centres use additional security to segment the payment process within the contact centre. This includes creating ‘clean room’ environments or segregating credit card handlers from other contact centre personnel. Although this is generally good practice, there are still gaps in these systems and processes. Call recordings and data collected on PCs and networks will be exposed in a PCI audit, so segmenting in isolation will not adequately address the full scale of PCI requirements.
As an additional step, some contact centres are transferring calls from one agent to an unrecorded extension where a second agent takes the customer’s payment card details (such as the CVV number) for bank verification. Other systems (used by 30% of our contact centre sample) enable agents to manually pause and resume recording using buttons on their screen or handset.
These methods may work and are used extensively. The downsides are that they are still open to human error; and standards and regulations are continually evolving making gaps to achieve compliance ever wider. It is also well known that the payment card council standards prefer solid, technology-based solutions.
Protecting – outsourcing the risk to PCI compliant service providers
More contact centres are realising the benefits of outsourcing security requirements to PCI DSS Level One service providers, as it reduces the scope of the lengthy and time consuming audit. Of our sample, 13% of contact centres use external vendor technology such as EckohPAY, where agents can transfer calls to an IVR platform such as at the point in a conversation when they need to take payments. The caller uses their telephone keypad to enter their card details.
Third party cloud-based solutions such as EckohPROTECT can also be applied to the whole contact centre. This method works by the agent asking the caller to enter their card details manually through their telephone keypad. The agent is never exposed to cardholder data and enables the customer to stay on the phone with the caller while they are processing their payment. Minimal agent intervention is needed and the system hides card entries on the agent screen and blocks the DTMF tones from being recorded. It also enables call recordings to continue without interruption. This approach is proving to be popular with contact centres that are aiming to increase the volume of home based and remote agents to their workforce as they can use the same security systems as their premise based colleagues.
Some businesses already have established IT network compliance methods for payment data through other means which means they only to address the telephony aspects of their IT infrastructure. Solutions like CallGuard which focuses purely on the call recordings, eliminates sensitive card data from telephone conversations before they are recorded. It can also prevent your agents from seeing any card data on screen, removing the potential for card data theft.
Cloud-based solutions are proving to be the most resilient form of PCI compliance available to contact centres. Of our sample, 9% of contact centres had adopted such solutions with a further 13% considering this approach as part of their future compliance programme.
Subscribe to:
Posts (Atom)