Meeting your Regulation and Compliance needs
An increasingly important issue for today's organisations is how to protect themselves – and their customers – by demonstrating that the services they provide are fully compliant with regulations. Here Sabio Director Adam Faulkner highlights some of the reasons why Regulation and Compliance are attracting so much attention, and also to identify the likely impact of these trends on the contact centre community.
Contact centres have always recorded their calls to meet regulatory requirements – why now is there such a renewed focus on regulation and compliance?
Recording is traditionally considered as a simple, defensive purchase – one that only has to be done to meet regulations defined by bodies such as the Financial Services Authority (FSA). However, the increased focus on the Payment Card Industry Data Security Standard (PCI) and new powers available under the Data Protection Act render this subject more complex than ever, presenting risks to organisations that are simply too great to ignore.
Organisations will still need to record calls to meet FSA guidelines, and they will also have to ensure that their payment processes adhere to the PCI standard. What we're seeing, however, is that the smarter organisations are taking their compliance obligations and finding ways to create additional value in areas such as business continuity, more efficient billing and payments, and overall performance improvement.
Why is PCI compliance such an important issue for call centres?
It is estimated that fraud can potentially account for between two and three percent of the bottom line for financial services companies, with Card Holder Not Present Fraud proving a key challenge for payment card providers and their merchants. That's why the leading card operators have come together to create the Payment Card Industry Data Security Standard (PCI DSS) – a set of industry-wide requirements and processes aimed at fighting payment card fraud.
We're certainly experiencing a lot of interest around PCI credit and debit card security as organisations suddenly realise that compliance with the PCI-DSS standard is essential if they're to keep on processing card payments. Today's UK contact centres handle millions of card-based financial transactions – and that's across a wide range of sectors, not just financial services. PCI DSS can help minimise the potential for fraud, and that makes good business sense for contact centres.
What steps should a contact centre take to ensure compliance with industry standards?
PCI compliance is especially applicable to the contact centre environment, where many organisations are failing their PCI compliance audits through the incorrect capture and storage of prohibited customer card data such as account numbers, CVV2 security codes and PINs. This is a particular concern for businesses that have to record their calls for FSA compliance reasons, and don't have any means of consistently halting recordings during the exchange of sensitive payment card data.
What are the penalties for non-compliance with the PCI data security standard?
It is potentially very serious. Non-compliant operations may lose the right to accept credit card transactions or be fined. In the US, for example, Mastercard has recently updated its merchant compliance plan, with fines for a fourth PCI DSS violation now ranging up to $400,000 for non-compliant merchants.
How can Sabio help organisations address this challenge?
To help contact centre operators address the PCI challenge, Sabio has developed a solution that can be deployed to support compliance and also deliver added value. This specialist credit card payment solution combines self-service and call recording technologies to deliver new levels of protection for both callers and contact centre agents. Key to this is our recognition that operators can't rely on live agents to always halt interaction recording at the critical payment stage. That is why we've effectively shielded agents from the need to handle sensitive customer data (and exposure to potential fraud) by transferring customers to a secure, speech-enabled credit card payments line.
Using this application, consumers benefit from the security and re-assurance of not having to share their card account details, while contact centre operators will receive a rapid ROI as the cost of the solution can be quickly recouped through the productivity savings that are achieved by automating the caller verification process.
How can we gain more value from our regulatory and compliance activities?
At Sabio, we aim to integrate compliance projects into an organisation's broader customer management approach, so that it becomes a key part of how they do business. With one travel operator, for example, an effective compliance solution has been instrumental in reducing their overall level of compensation payments as they now always have an accurate and accessible record when contesting liability claims.
Another Sabio customer – Brewin Dolphin, one of the UK's largest private client investment managers – has implemented a best practice recording compliance solution that goes beyond the FSA guidelines on recording to help the company deliver on its obligations as part or the 'Treating Customers Fairly' programme. We're also finding that many organisations are now adopting 100 percent, end-to-end recording approaches as part of their broader business continuity activities.