Home > Columns > Executive Interviews

PCI Pal Executive Interview

 Click the image below to download the ebook

Sheri Greenhaus, Managing Partner, CrmXchange and Jane Goodayle, CMO of PCI Pal, discuss the benefits of PCI Pal’s approach to PCI Compliance and payment security.  

Please provide us with an overview of PCI Pal.

PCI Pal is a global organization with offices in the UK, North Carolina, USA; Toronto, Canada; and Sydney, Australia.

We provide PCI DSS compliant payment solutions for organizations regardless of industry, location or size. PCI DSS is the Payment Card Industry Data Security Standard - which any organization that takes credit or debit cards needs to comply with.

The use case for us in the contact center is agents are enabled to take secure and compliant payments via the telephone and digital engagement channels while remaining in conversation with the consumer throughout. Our technology descopes the organization’s infrastructure from the requirements of PCI DSS. Instead of having a potentially onerous annual audit process, the reduction in scope means improved security and a more efficient approach to PCI Compliance and payment security.   

Fundamentally, we secure payments for business communication channels.

What does the customer see or hear?

PCI Pal provides consumers with a simplified, yet secure payment journey. Previously, there have been two kinds of experiences: 

1. You are asked to read your credit card details over the telephone. Not only can the agent on the other side, as well as anyone around, hear those sensitive details, but that information is also potentially exposed to the contact center infrastructure such as call recordings.
2. The agent asks if you want to make a payment and they transfer you to a secure line.  While better than reading your information aloud, the customer experience is not the best as the customer journey is broken and there is no one there to help should you require additional assistance. 

With PCI Pal Agent Assist, the line is secured when a payment is required. The keypad is used by the consumer to provide their card details. The agent hears a comfort beat in the background (we mask the DTMF tone) as the customer enters their information. The data is not heard by the agent, nor by any internal systems.  The agent remains in conversation with the customer throughout, enabling them to assist the customer through their journey but not be exposed to any sensitive card information.

From an agent perspective, they can track how far along the customer is in the payment journey, allowing the customer to have a seamless experience and remain in contact with the agent the entire time.

How are you able to secure that data?

We mask the DTMF tone and we secure the line, ensuring no one has access to that data. Looking at the telephony journey, when somebody calls into the contact center and they want to make a payment, the line is secured and the call is then diverted via our platform, sending the information directly to the payment service provider for processing.

The data completely bypasses any infrastructure that would normally be within the telephony network of the contact center, therefore removing any visibility to employees and excluding it from the contact center environment.

For many years customers would provide their credit card number to the agent, but with the internet, people have become a bit more cautious. What are some of the biggest threats that you are seeing?

There was a big change with Covid-19.  Almost overnight, contact centers had to move their workforce to a remote working scenario. One of the biggest threats from a security perspective is many organizations utilize different tools in order to be secure. Numerous organizations had to pause taking payments because they couldn't guarantee the security of the transaction outside of the ‘physical’ contact center.  Services were being inundated with calls and with such a high volume of calls came more threats.

If a company wants to engage your services, what are the steps? How long does it take to set up?

Delivery of a project is dependent on the solutions chosen and any specific requirements.  We have delivered projects in as little as 4-6 weeks.  We will always endeavor to deliver projects successfully and on time.

We have proven integrations with many payment service providers throughout the world as well as our vast, global partnership network. Partners include many of the leading CaaS providers such as 8x8, Five9, Genesys, Talkdesk and more. Our experience with contact centers and payments means our onboarding process is efficient and streamlined.

Is there anything I didn't ask you that you think our audience should be aware of?

From a business communications perspective, our solution most definitely works. Agents love it because they don't have to worry about manually pausing and resuming call recordings, or working in a clean room environment.   Customers love it as they are supported throughout the payment journey and organizations love it as their payment conversion rates increase.

An important takeaway is that customers are demanding this now. From our research, we see customers are more aware of what is happening to their data, likely because they are constantly reading headlines of data breaches. I think anyone that's been affected by a breach (which from our research is quite a few) automatically becomes more conscious of their data and the journey it takes. And, securing your customers' data is the right thing to do.  Nobody wants to provide unsecure payments and damage customer experience and trust.