PCI DSS compliance & payment security for telcos

By Mandy Pattenden, Marketing Communications Director

Today’s telco and cable providers play a key role in enabling their commercial and private customers to connect, communicate and interact with the wider world.

Serving up a rich mix of voice and data services, they’ve steadily extended the range of subscription services on offer, and their networks now power a wealth of digital services that today’s consumers want and need. Everything from home entertainment, to education, home security and e-health.

When it comes to driving up customer satisfaction and retention, giving subscribers the billing and payment options they want, and when and how they want them is paramount to staying one-step ahead of competitors.

Today’s consumers now expect to encounter convenient, intuitive and flexible payment options in every channel they use. Which means that telcos need to be able to securely handle card payment transactions in a variety of ways – on the phone, via SMS and e-mail, as well as online using web chatbots and social media platforms.

Providing customers with a better payment experience paves the way to building lasting customer relationships and re-enforcing a strong brand proposition that’s designed around identified customer needs.

Dealing with ‘new-normal’ service delivery realities

The COVID-19 pandemic highlighted the critical importance that operators and the telecommunications infrastructure play in keeping individuals and societies connected, informed and able to access essential commercial, financial and medical services.

During national lockdowns, providers played a ‘mission critical role’ as people were completely reliant on technology when working or learning from home. While maintaining network resilience and reliability for consumers was a top priority, telcos suddenly found they had to adapt fast to new ways of providing service to their customers.

With stores closed around the globe, telcos had to find new ways to sell products and service to customers, with self-service becoming increasingly important as call centers ramped up to handle increasing call volumes.

Indications are that, despite the re-opening of society, consumer behaviors have changed for the long term by the experiences of the last 18+ months. While physical stores remain important for consumers, today’s hyper-connected customers increasingly expect to resolve issues using online customer care channels. They are also more likely to head online or contact a call center to buy a device or a plan, resolve issues or make changes to an existing plan.

What’s more, they expect to encounter a seamless experience as they move between channels – right up to the point of payment.

Keeping the contact center secure

With 32% of consumers saying they find it difficult and time consuming to buy a device or subscribe to a plan via an operator’s mobile app or online, more and more consumers are making the contact center their first point of call for getting guidance and advice.

In response, telcos are ramping up their on-site contact center manpower and remote workforce personnel numbers to cope with customer demand, oversee digital channels, and manage the widening of support hours.

Which means that finding efficient, easy-to-use and compliant ways to process payments in multiple channels is becoming a top commercial priority.

Protecting against the potential of a payment-related data breach is critical for organizations that process huge volumes of transactions. All of which makes it vital to maintain a full secure and compliant call center in line with the requirements set out in the Payment Card Industry Data Security Standards (PCI DSS) mandates in relation to the handling and storage of cardholder and other sensitive personal data. Regardless of whether customers opt to pay over the telephone or choose to utilize a convenient payment link that’s delivered direct to their device via SMS, email, or an online chat.

Eliminating the risk factors

Complying with rigorous security standards such as PCI DSS is a complex proposition that requires call centers to maintain a careful balancing act between security and functionality and adherence to a raft of other regulatory responsibilities.

When it comes to securely and compliantly handling telephone payments, today’s dual-tone multi-frequency (DTMF) masking solutions like Semafone’s Cardprotect Voice+ allow customers to input their card details using their phone keypad. No sensitive data is ever exposed to the agent, who can only see a censored version of payment progress on their screens.

Since all customer payment data is transmitted directly to the organization’s payment service provider (PSP), telco’s can significantly reduce their PCI DSS burden and ongoing compliance costs as the customer’s payment card details never enter their contact center’s infrastructure.

Similarly, solutions like Semafone’s Cardprotect Relay+ enable agents to quickly generate secure digital payment links that can be delivered to customers through email, SMS, chat bots and other social media channels. When the customer clicks on the link and enters their payment card details into the secure web form that is presented to them, all information is encrypted and securely routed direct to the PSP.

Powering new opportunities

Many telcos now offer contact center as a service (CCaaS) solutions that enable commercial companies to overcome infrastructure challenges and quickly deploy highly optimized omnichannel contact centers via the cloud.

By integrating a secure PCI DSS compliant payment gateway into their CCaaS offering, telcos can help customers to mitigate risk and enable faster, more convenient payment options in multiple channels. That includes making it possible for agents working from home to handle PCI DSS compliant telephone and digital payments.