Your customers want to hear a human voice - But are you putting their data at risk? - Semafone sponsored article

And yet, as the Harvard Business Review pointed out, many of us still want to speak to another human being. Research from business delivery solutions provider Whistl found that over 33% of UK customers still prefer to talk to a service representative over the phone and live chat is equally appreciated.

This shouldn’t come as a surprise to anyone. Humans are still far quicker on the uptake in a conversation than a chatbot and communicating with a machine can be deeply frustrating for a query that doesn’t already have a standard response. AI may one day replicate human interaction convincingly, but it isn’t there yet.

Chatting to your customers on the phone has some unique challenges when it comes to payments, however. How can you ensure the security of their credit card details when there’s a real, fallible, person at each end of the phone line? And you need to comply with the Payment Card Industry Data Security Standard (PCI DSS), with its stringent rules for handling payment card details. To remain compliant, you must protect not only the card numbers themselves, but also the agent who hears them, the customer who speaks them, and most problematic of all, the systems that record them.

What’s more, the guidance from the Payment Card Industry Security Standards Council defining how the PCI DSS must be applied for payments over the phone has been updated for the first time since 2011. The review came about in response to the recent dramatic advances in technology – including the increased use of Voice over IP, which has meant more overlap between voice and all of the new data channels.

Arguably the most striking part of the new guidance is that it steers merchants still further away from asking customers to read their card details out loud. This has always been problematic, not simply because of the obvious security risk, but because PCI DSS prohibits the recording of card digits. The new guidance effectively rules out the old “pause and resume” workaround, whereby call recordings are briefly stopped while customers read out their payment card data.

The only solutions that the guidance recommends are those that reduce or eliminate card data from the contact centre altogether. These include payment methods based on dual-tone multi-frequency (DTMF) masking solutions, such as Semafone’s Cardprotect, whereby callers can enter their card numbers themselves via their telephone keypad. The tones emitted by the keys are masked with flat “bleeps”, so numbers cannot be identified by their sound and the conversation with the customer can continue uninterrupted.

There’s no doubt that until we ourselves are replaced by robots, businesses still need to offer customers a human voice. And as the one part of the contact centre that can’t be 100% automated, it’s vital that we treat our customers – and their financial details – with respect.

This is now considered to be inherently risky, so anyone carrying out this practice will be required to undergo extensive auditing to prove that no numbers have been inadvertently captured.