PCI Pal Executive Interview
Jane Goodayle, CMO, PCI Pal
Click the image below to download the ebook
Sheri Greenhaus, Managing Partner, CrmXchange and Jane
Goodayle, CMO of PCI Pal, discuss the benefits of PCI Pal’s approach to PCI
Compliance and payment security.
Please provide us with an overview of PCI Pal.
PCI Pal is a global organization with offices in the UK,
North Carolina, USA; Toronto, Canada; and Sydney, Australia.
We provide PCI DSS compliant payment solutions for
organizations regardless of industry, location or size. PCI DSS is the Payment
Card Industry Data Security Standard - which any organization that takes credit
or debit cards needs to comply with.
The use case for us in the contact center is agents are
enabled to take secure and compliant payments via the telephone and digital
engagement channels while remaining in conversation with the consumer
throughout. Our technology descopes the organization’s infrastructure from the
requirements of PCI DSS. Instead of having a potentially onerous annual audit
process, the reduction in scope means improved security and a more efficient
approach to PCI Compliance and payment security.
Fundamentally, we secure payments for business communication
What does the customer see or hear?
PCI Pal provides consumers with a simplified, yet secure
payment journey. Previously, there have been two kinds of experiences:
- You are asked to read your credit card details over the
telephone. Not only can the agent on the other side, as well as anyone around,
hear those sensitive details, but that information is also potentially exposed
to the contact center infrastructure such as call recordings.
- The agent asks if you want to make a payment and they
transfer you to a secure line. While
better than reading your information aloud, the customer experience is not the best
as the customer journey is broken and there is no one there to help should you
require additional assistance.
With PCI Pal Agent Assist, the line is secured when a
payment is required. The keypad is used by the consumer to provide their card
details. The agent hears a comfort beat in the background (we mask the DTMF
tone) as the customer enters their information. The data is not heard by the
agent, nor by any internal systems. The
agent remains in conversation with the customer throughout, enabling them to
assist the customer through their journey but not be exposed to any sensitive
From an agent perspective, they can track how far along the
customer is in the payment journey, allowing the customer to have a seamless
experience and remain in contact with the agent the entire time.
How are you able to secure that data?
We mask the DTMF tone and we secure the line, ensuring no
one has access to that data. Looking at the telephony journey, when somebody
calls into the contact center and they want to make a payment, the line is
secured and the call is then diverted via our platform, sending the information
directly to the payment service provider for processing.
The data completely bypasses any infrastructure that would
normally be within the telephony network of the contact center, therefore
removing any visibility to employees and excluding it from the contact center
For many years customers would provide their credit card
number to the agent, but with the internet, people have become a bit more
cautious. What are some of the biggest threats that you are seeing?
There was a big change with Covid-19. Almost overnight, contact centers had to move
their workforce to a remote working scenario. One of the biggest threats from a
security perspective is many organizations utilize different tools in order to
be secure. Numerous organizations had to pause taking payments because they
couldn't guarantee the security of the transaction outside of the ‘physical’
contact center. Services were being
inundated with calls and with such a high volume of calls came more threats.
If a company wants to engage your services, what are the
steps? How long does it take to set up?
Delivery of a project is dependent on the solutions chosen
and any specific requirements. We have
delivered projects in as little as 4-6 weeks.
We will always endeavor to deliver projects successfully and on time.
We have proven integrations with many payment service
providers throughout the world as well as our vast, global partnership network.
Partners include many of the leading CaaS providers such as 8x8, Five9,
Genesys, Talkdesk and more. Our experience with contact centers and payments
means our onboarding process is efficient and streamlined.
Is there anything I didn't ask you that you think our
audience should be aware of?
From a business communications perspective, our solution
most definitely works. Agents love it because they don't have to worry about
manually pausing and resuming call recordings, or working in a clean room
environment. Customers love it as they
are supported throughout the payment journey and organizations love it as their
payment conversion rates increase.
An important takeaway is that customers are demanding this
now. From our research, we see customers are more aware of what is happening to
their data, likely because they are constantly reading headlines of data
breaches. I think anyone that's been affected by a breach (which from our
research is quite a few) automatically becomes more conscious of their data and
the journey it takes. And, securing your customers' data is the right thing to
do. Nobody wants to provide unsecure
payments and damage customer experience and trust.