PCI DSS compliance & payment security for insurance

By Mandy Pattenden, Marketing Communications Director

Insurance is one of the world’s largest industries, generating $5 trillion in annual revenue around the globe, with property and casualty (P&C) insurance alone generating $1.6 trillion in premiums annually. Until recently, P&C insurance was viewed as a complex service requiring the use of agents and brokers to help individuals research their options and find the right policies to meet their needs. However, as the process of purchasing insurance has become more digital, consumers have increasingly turned online to buy their policies directly from insurers – often basing their decision on price alone. This has led to the P&C insurance market becoming largely commoditized and increasingly competitive.

To stand out from the crowd and attract and retain customers in this competitive business environment, P&C insurance providers must deliver a superior customer experience across every channel and point of interaction. They must look to modernize the customer journey, creating a seamless and consistent experience across all channels – and do it all without sacrificing security.

As a highly regulated industry, P&C insurance providers are subject to a wide variety of laws and industry standards designed to ensure strong security and protect consumers. Not the least of these is the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is a set of security standards intended to ensure that any organization accepting, processing, storing or transmitting payment card information maintains a secure environment. The standards help protect consumers’ payment data and personally identifiable information (PII) from theft or breach. Failure to comply can result in financial penalties, damage to brand reputation and even the organization losing the ability to accept payment card transactions.

Delivering a secure and convenient, omnichannel customer experience

When it comes to strengthening the security surrounding PII and payment card data, a great place to start is in the call and contact center. Consumers often interact with an insurer through multiple touchpoints as they travel through the customer journey. They may visit the website or mobile app to research policies and ask basic questions to an online chatbot, all while waiting on the telephone to speak with a live agent. No matter what channels and touchpoints they use, the customer contact center is the central hub for all interactions, and it is responsible for providing a consistent, frictionless and secure process every step of the way.

At first glance, it may appear challenging for an insurer to secure all their many omnichannel payment processes and achieve PCI DSS compliance while also maintaining a consistent and positive customer experience. That doesn’t have to be the case! By selecting the right tools and technologies, P&C insurance providers can take the cost and complexity out of PCI DSS compliance while balancing security with a great customer experience.

Descoping the contact center

One of the easiest ways for an insurance provider to reduce the cost and complexity of PCI DSS compliance in their contact center is to remove the handling of the payment card data completely. This is called descoping the contact center.

With technologies like Semafone’s Cardprotect Voice+ and Cardprotect Relay+, insurance providers can securely and easily accept payments over the telephone and through any digital channel – including their website, mobile app, chatbot, SMS text message, QR codes and more – all while ensuring that the sensitive payment card data never touches the organization’s IT network or business infrastructure. Through techniques like dual-tone multi-frequency (DTMF) masking and secure payment hyperlinks, Semafone’s solutions encrypt the sensitive payment card numbers and PII, and securely route the data directly to the payment service provider (PSP) – bypassing the contact center completely. Because the sensitive data is never handled by contact center agents or enters the insurance provider’s network, the contact center can effectively be removed from the scope of compliance for PCI DSS mandates.

Providing a frictionless customer experience

In addition to ensuring the secure handling of sensitive payment data and greatly reducing the cost and complexity of PCI DSS compliance, Cardprotect Voice+ and Cardprotect Relay+ also enable insurers to deliver the type of easy and convenient experience today’s digital consumer expects. Customers simply enter their payment card numbers into their telephone keypad or type them in a secure online interface. No more reading and repeating card numbers aloud to a contact center agent – a process that is often prone to mistakes. Within seconds, consumers simply enter their payment card numbers to complete their transaction, enjoying a frictionless and familiar process no matter what channel they are in.

As the P&C insurance marketplace becomes increasingly commoditized, providers will need to create a superior customer experience in order to stand out from the competition. Secure payment solutions like Cardprotect Voice+ and Cardprotect Relay+ not only improve the customer experience but also streamline the purchase process – driving top-line revenue growth. At the same time, they help the bottom line by reducing the cost of regulatory compliance – a win-win for both customer experience and security!