Talk to a Specialist

PCI Compliance Can Lead To Hidden Cost Savings

By Barnard Crespi

Everything we hear about PCI compliance is about how expensive and time consuming it can be. However, what we don’t hear is how it can lead to cost savings when innovation is brought in to the equation.

Companies across a wide range of industries employ live agents to interact with their customers. Although technologies that enable self-service have shifted many customer interactions to technologies that are secure and safeguard customer privacy, customers still like being able to talk to a live person when dealing with companies they buy from. This includes handing over their credit card information to an agent on the other side of the phone.

In recent years, new and evolving credit card security regulations, PCI-DSS, have placed the risk and financial burden on companies of maintaining tighter security measures to protect their customers credit card information.

Companies must navigate the maze of PCI guidelines to be compliant and this becomes even more complex when running operations where their employees are in constant interaction with customers where anyone can be handling customer credit card information at any given time. Ensuring that every customer touchpoint is secure has no doubt increased the costs to companies of delivering Live service to their customers. There are no guidelines what companies can expect PCI compliance will cost to achieve and to maintain, as this largely depends on the technology and people infrastructure, and how they do business with their customers.

Many PCI experts will suggest reducing the PCI scope by implementing technologies such as payment webpages offered by many payment gateways and processors. However for many companies who pride themselves in proving a seamless customer service experience, pushing a customer to a web page to make a payment while speaking to an agent on the telephone is not an acceptable option. So why not transfer customers to an automated Interactive Voice Response system which can collect the customers credit card information. Most current phone systems offer IVR as a built in feature which can be programmed to collect credit card information. However, this also falls in scope of PCI-DSS, and does not remove the complexity and costs associated to compliance.

So what other options are there?
  • IVR on the Cloud: An option is to implement an IVR service on the cloud whose infrastructure is already PCI compliant. Some vendors provide tools which companies can use to build IVR applications in their PCI compliant infrastructure. However building and maintaining your own system, even in the vendors platform, will require that you dedicate resources to build, test and maintain the software which you have built or paid someone else to build for you. PCI-DSS also dictates how you need to manage code that collects and transmits credit card information. This approach can remove much of the PCI scope away from your infrastructure to your vendors, however you are still in the hook to ensure your developers follow the guidelines, and you have the resources to maintain what you have built.
  • On-Demand Pay-By-Phone: There is also the option to subscribe to an On-Demand Pay-By-Phone Software service, which provides you a pre-packaged configurable solution which you can plug in to, leaving all the building, maintaining and PCI compliance to the service provider. This can remove a significant amount of effort and financial burden from the company to the service provider.

You still have to go through the cost modeling to arrive to how your dollars are best spent. It’s a better investment to make your call center PCI compliant, use technology you have already paid for and maintain it to the most current PCI standards, build your own in a PCI compliant infrastructure or shift this part of customer interactions to an application already built specifically to process payments.

This is an exercise that every company must go through and can take people and financial resources to arrive to a conclusion. Keep in mind that PCI compliance is not optional and you need to be PCI complaint whether you process 100 payments or 100,000 payments a year.

The Silver Lining

Disguised in this maze of analysis, evaluations and decisions that managers must make, is the potential of exponential cost savings. With On-Demand Pay-By-Phone you can shift agent time to automation time. Provided that the On-Demand Pay-By-Phone cost is lower than your live agent time and by implementing efficient processes you can realize significant cost savings. For example a company who processes 10,000 payments a year implementing On-Demand Pay-By-Phone can save approximately 500 hours a year of agent time. By factoring in labor costs, training, IT, overhead, this can result in thousands of dollars in monthly savings when implementing an On-Demand Pay-By-Phone solution.