With card fraud and identify theft continuing to hit the headlines, Jason Roos, CEO of Cirrus, discusses how call centrescan navigate the options to ensure both PCI DSS compliance and the best possible customer experience
Data breaches continue to challenge and cost businesses
In today’s increasingly cashless society, customers rely more and more on using credit and debit cards for payments. Whether buying goods online or paying bills over the phone, they happily relay accounts and credit card details to a contact centre agent without a second thought, trusting that the company that they are dealing with will manage their card data securely. But how secure are they?
According to UK Finance[i] (the collective voice for the UK banking and finance industry representing more than 250 firms across the industry), the theft of personal and financial data through social scams and data breaches was a major contributor to fraud losses in 2018.
In fact, in 2018 data breaches involving just three well-known brands are reported to have resulted in the attempted compromise of around 6.3 million payment card details. The Information Commissioner’s Office (ICO)[ii] reports that during the second quarter of 2018/19, there was a total of 4,056 data security incidents. Worryingly, information stolen through a data breach can be used for months – or even years – after the event.
PCI DSS compliance – the challenges
Card fraud is a threat that the finance industry cannot tackle alone, which means that it is the responsibility of all companies in the chain to take preventative measures and secure data. If a business loses a customer’s card data i.e. suffers a data breach and is not PCI DSS compliant[iii], they could incur fines for the data and be liable for the costs of fraud incurred and those associated with replacing the accounts. Not to mention the reputational damage that may mean losing even its most loyal customers.
Yet for many businesses, compliance means expense and changes to IT infrastructure that they can ill afford. According to Verizon’s 2019 Payment Security Report[iv], (PSR)there has been a negative trend globally for companies reporting full compliance with PCI DSS. Assessments from other Qualified Security Assessor (QSA) companies also show lower full compliance. Since 2008, Verizon has tracked the percentage of organisations that achieve PCI DSS compliance, and noted in previous editions of the PSRs, that it has varied from a low of 11.1% in 2012 to a high of 55.4% in 2016 and dipping well below 40% (36.7%) in 2018.
While these statistics show improvement, when the PCI Security Standards Council first published the PCI DSS in 2004, it was expected that organizations would achieve effective and sustainable compliance within about five years. Today, less than half maintain programs that prevent PCI DSS security controls from falling out of place within a few months after meeting formal compliance requirements.
One size does not fit all
Depending on the merchant level (i.e. how many card payments are taken), businesses can either self-certify PCI compliance or use a Qualified Security Assessor (QSA) who is accredited by the PCI SSC. Only Level 1 merchants with over 6 million transactions per year or who are a ‘Compromised Entity’ (having experienced attacks before) must have an annual on-site QSA audit rather than one of the self-assessment questionnaires (SAQs) now available in current PCI DSS standards.
Recognising that one size did not fit all, and that smaller and less at-risk companies should not have to complete the same list of requirements as a large multinational, the recent PCI DSS 3.0 Standard has also introduced a number of different types of SAQ (a list and explanation of each SAQ is available from the PCI Security Standards Council[v]).. Many contact centres do not require a full audit with a QSA and self-assessment questionnaires are becoming far more popular.
The view from the contact centre
The need for many contact centres to record calls, for security and training purposes, makes protecting the data more difficult. There is no single right way to handle payments in order to be PCI-DSS compliant, but companies can meet the security levels required by achieving compliance.
There are many methods available that contact centres can employ to prevent card fraud and technology plays an important part in these practices, however, it can be a complex and costly technical process to set up and follow. To reduce these costs and comply with the standards, many organisation’s call centres choose to minimise (often called ‘de-scoping’) or eliminate altogether the customer card data that they hold in their systems. Not holding on to data reduces the risk that customers will be affected by fraud.
Offering different payment options means checking every possible area of security exposure in the payment process. The latest UK Contact Centre Decision-Makers’ Guide (DMG) published by analyst ContactBabel[vi], outlined eleven different ways in which contact centres currently attempt to reduce card fraud. Ranging from technology solutions to physical methods such as clean rooms, where pens, paper and mobiles are prohibited, different ways of processing card payments have their pros and cons:
- Offering pause and resume – or ‘stop-start’ recording, preventing sensitive and confidential data from entering the call recording environment. Cheaper to implement than almost any other option, it offers high levels of customer service but is inherently unreliable and depends on agent compliance with the process.
- Having ‘clean rooms’ (where nothing can be written and no paperwork is allowed on desks) or having dedicated payment teams means agents can sometimes be underutilised or queues can form waiting to make payments, but they do provide the best customer experience. However, they are not considered a particularly pleasant working environment and can be expensive to operate.
- Implementing an Interactive Voice Response (IVR) Payments system is an option that is often used by large contact centres. An automated IVR process takes card details from the customer, cutting the agent risk out of the loop entirely. However, the card data is still within the organisation’s network, so although this approach takes the agent out of scope, it does not in itself ensure PCI compliance, and is a cumbersome user experience.
- Using a third party provider to handle data that is PCI-DSS compliant means that no cardholder data is passed into the contact centre environment, whether infrastructure, agents or storage. As such, this can de-scope the entire contact centre from PCI compliance, but does rely on the security processes and operational effectiveness of the service provider.
New ways to pay with digital channels are ringing the changes
There are also recent new ways to pay that make it even easier for customers. As an example, Cirrus’ new LinkPay+ service (a partnership with Semafone) sends the customer a secure payment link, via any digital channel (such as web chat, WhatsApp, SMS, Facebook Messenger etc.), while they are on the phone or conversing with the contact centre agent or bot using these digital channels. Customers entering card details in a webchat is high risk – in a contact centre quality assessors, team leaders and tech support people could all look up the history of chats and potentially pull out credit card details.
Providing a service like LinkPay+ means the customer can enter their card details on a secure website page with confidence. The agent or bot on the call doesn’t see the card information, but sees a checklist of the steps completed. This means the purchase can be completed during the call or chat, saving the customer the hassle of ringing a different number or visiting a website (with the risk of losing the sale). It’s more convenient for the customer than entering card details over the phone using the keypad and help and advice can be given while on the phone or online.
There are also plans in the future for this technology to tie up with ApplePay and GooglePay, which will make it even easier for customer to pay securely and confident that they are protected from card fraud.
Being compliant with PCI DSS means that companies are doing their best to keep customers valuable information safe and secure and out of the hands of people who could use that data in a fraudulent way. At the end of the day the responsibility for compliance lies with the merchant – the key is to choose the right technology solution that fits the organisation and delivers the best possible customer experience.
[iii]Payment Card Industry Data Security Standard set up the by the five big card providers[iii], the UK Cards Association (now UK Finance)
[vi] Contact Babel The UK Contact Centre’s Decision Makers Guide, 2018-2019 (16th Edition)
This is a Sponsored Feature
Exclusive: AstraZeneca to miss second-quarter EU vaccine supply target by half – EU official
By Francesco Guarascio
BRUSSELS (Reuters) – AstraZeneca expects to deliver less than half the COVID-19 vaccines it was contracted to supply the European Union in the second quarter, an EU official told Reuters on Tuesday.
The expected shortfall, which has not previously been reported, comes after a big reduction in supplies in the first quarter and could hit the EU’s ability to meet its target of vaccinating 70% of adults by the summer.
The EU official, who is directly involved in talks with the Anglo-Swedish drugmaker, said the company had told the bloc during internal meetings that it “would deliver less than 90 million doses in the second quarter”.
AstraZeneca’s contract with the EU, which was leaked last week, showed the company had committed to delivering 180 million doses to the 27-nation bloc in the second quarter.
“Because we are working incredibly hard to increase the productivity of our EU supply chain, and doing everything possible to make use of our global supply chain, we are hopeful that we will be able to bring our deliveries closer in line with the advance purchase agreement,” a spokesman for AstraZeneca said, declining to comment on specific figures.
A spokesman for the European Commission, which coordinates talks with vaccine manufacturers, said it could not comment on the discussions as they were confidential.
He said the EU should have more than enough shots to hit its vaccination targets if the expected and agreed deliveries from other suppliers are met, regardless of the situation with AstraZeneca.
The EU official, who spoke to Reuters on condition of anonymity, confirmed that AstraZeneca planned to deliver about 40 million doses in the first quarter, again less than half the 90 million shots it was supposed to supply.
AstraZeneca warned the EU in January that it would fall short of its first-quarter commitments due to production issues. It was also due to deliver 30 million doses in the last quarter of 2020 but did not supply any shots last year as its vaccine had yet to be approved by the EU.
All told, AstraZeneca’s total supply to the EU could be about 130 million doses by the end of June, well below the 300 million it committed to deliver to the bloc by then.
The EU has also faced delays in deliveries of the vaccine developed by Pfizer and BioNTech as well as Moderna’s shot. So far they are the only vaccines approved for use by the EU’s drug regulator.
AstraZeneca’s vaccine was authorised in late January and some EU member states such as Hungary are also using COVID-19 shots developed in China and Russia.
OUTPUT BOOST DOWN THE LINE?
While drugmakers developed COVID-19 vaccines at breakneck speed, many have struggled with manufacturing delays due to complex production processes, limited facilities and bottlenecks in the supply of vaccine ingredients.
According to a German health ministry document dated Feb. 22, AstraZeneca is forecast to make up all of the shortfalls in deliveries by the end of September.
The document seen by Reuters shows Germany expects to receive 34 million doses in the third quarter, taking its total to 56 million shots, which is in line with its full share of the 300 million doses AstraZeneca is due to supply to the EU.
The German health ministry was not immediately available for a comment.
If AstraZeneca does ramp up its output in the third quarter, that could help the EU meet its vaccination target, though the EU official said the bloc’s negotiators were wary because the company had not clarified where the extra doses would come from.”Closing the gap in supplies in the third quarter might be unrealistic,” the official said, adding that figures on deliveries had been changed by the company many times.
The EU contracts stipulates that AstraZeneca will commit to its “best reasonable efforts” to deliver by a set timetable.
“We are continuously revising our delivery schedule and informing the European Commission on a weekly basis of our plans to bring more vaccines to Europe,” the AstraZeneca spokesman said.
Under the EU contract leaked last week, AstraZeneca committed to producing vaccines for the bloc at two plants in the United Kingdom, one in Belgium and one in the Netherlands.
However, the company is not currently exporting vaccines made in the United Kingdom, in line with its separate contract with the British government, EU officials said.
AstraZeneca also has vaccine plants in other sites around the world and it has told the EU it could provide more doses from its global supply chain, including from India and the United States, an EU official told Reuters last week.
Earlier this month, AstraZeneca said it expected to make more than 200 million doses per month globally by April, double February’s level, as it works to expand global capacity and productivity.
(Reporting by Francesco Guarascio @fraguarascio; Additional reporting by Andreas Rinke and Sabine Siebold; Editing by David Clarke)
Facebook ‘refriends’ Australia after changes to media laws
By Byron Kaye and Colin Packham
CANBERRA (Reuters) – Facebook will restore Australian news pages, ending an unprecedented week-long blackout after wringing concessions from the government over a proposed law that will require tech giants to pay traditional media companies for their content.
Both sides claimed victory in the clash, which has drawn global attention as countries including Canada and Britain consider similar steps to rein in the dominant tech platforms and preserve media diversity.
While some analysts said Facebook had defended its lucrative model of collecting ad money for clicks on news it shows, others said the compromise – which includes a deal on how to resolve disputes – could pay off for the media industry, or at least for publishers with reach and political clout.
“Facebook has scored a big win,” said independent British technology analyst Richard Windsor, adding the concessions it made “virtually guarantee that it will be business as usual from here on.”
Australia and the social media group had been locked in a standoff after the government introduced legislation that challenged Facebook and Alphabet Inc’s Google’s dominance in the news content market.
Facebook blocked Australian users on Feb. 17 from sharing and viewing news content on its popular social media platform, drawing criticism from publishers and the government.
But after talks between Treasurer Josh Frydenberg and Facebook CEO Mark Zuckerberg, a concession deal was struck, with Australian news expected to return to the social media site in coming days.
“Facebook has refriended Australia, and Australian news will be restored to the Facebook platform,” Frydenberg told reporters in Canberra.
Frydenberg said Australia had been a “proxy battle for the world” as other jurisdictions engage with tech companies over a range of issues around news and content.
Australia will offer four amendments, which include a change to the proposed mandatory arbitration mechanism used when the tech giants cannot reach a deal with publishers over fair payment for displaying news content.
Facebook said it was satisfied with the revisions, which will need to be implemented in legislation currently before the parliament.
“Going forward, the government has clarified we will retain the ability to decide if news appears on Facebook so that we won’t automatically be subject to a forced negotiation,” Facebook Vice President of Global News Partnerships Campbell Brown said in a statement online.
The company would continue to invest in news globally but also “resist efforts by media conglomerates to advance regulatory frameworks that do not take account of the true value exchange between publishers and platforms like Facebook.”
Analysts said while the concessions marked some progress for tech platforms, the government and the media, there remained many uncertainties about how the law would work.
“Retaining unilateral control over which publishers they do cash deals with as well as control over if and how news appears on Facebook surely looks more attractive to Menlo Park than the alternative,” said Rasmus Nielsen, head of the Reuters Institute for the Study of Journalism, referring to Facebook headquarters.
Any deals that Facebook strikes are likely to benefit the bottom line of News Corp and a few other big Australian publishers, added Nielsen, but whether smaller outlets win such deals remains to be seen.
Tama Leaver, professor of internet studies at Australia’s Curtin University, said Facebook’s negotiating tactics had dented its reputation, although it was too early to say how the proposed law would work.
“It’s like a gun that sits in the Treasurer’s desk that hasn’t been used or tested,” said Leaver.
The amendments include an additional two-month mediation period before the government-appointed arbitrator intervenes, giving the parties more time to reach a private deal.
It also inserts a rule that an internet company’s existing media deals be taken into account before the rules take effect, a measure that Frydenberg said would encourage internet companies to strike deals with smaller outlets.
The so-called Media Bargaining Code has been designed by the government and competition regulator to address a power imbalance between the social media giants and publishers when negotiating payment for news content used on the tech firms’ sites.
Media companies have argued that they should be compensated for the links that drive audiences, and advertising dollars, to the internet companies’ platforms.
A spokesman for Australian publisher and broadcaster Nine Entertainment Co Ltd welcomed the government’s compromise, which it said moved “Facebook back into the negotiations with Australian media organisations.”
Major television broadcaster and newspaper publisher Seven West Media Ltd said it had signed a letter of intent to strike a content supply deal with Facebook within 60 days.
A representative of News Corp, which has a major presence in Australia’s news industry and last week announced a global licensing deal with Google, was not immediately available for comment.
Frydenberg said Google had welcomed the changes. A Google spokesman declined to comment.
Google also previously threatened to withdraw its search engine from Australia but later struck a series of deals with publishers.
The government will introduce the amendments to Australia’s parliament on Tuesday, Frydenberg said. The country’s two houses of parliament will need to approve the amended proposal before it becomes law.
(Reporting by Colin Packham and Byron Kaye; additional reporting by Renju Jose, Kate Holton and Douglas Busvine; Writing by Jonathan Barrett; Editing by Sam Holmes and Mark Potter)
Oil rises on positive forecasts, slow U.S. output restart
By Bozorgmehr Sharafedin
LONDON (Reuters) – Oil prices rose on Tuesday, underpinned by the likely easing of COVID-19 lockdowns around the world, positive economic forecasts and lower output as U.S. supplies were slow to return after a deep freeze in Texas shut down crude production.
Brent crude was up 36 cents, or 0.5%, at $65.60 a barrel by 1212 GMT, and U.S. crude rose 39 cents, or 0.6%, to $62.09 a barrel.
Both contracts rose more than $1 earlier in the session.
“Vaccine news is helping oil, as the likely removal of mobility restrictions over the coming months on the back of vaccine rollouts should further boost the oil demand and price recovery,” said UBS oil analyst Giovanni Staunovo.
Commerzbank analyst Eugen Weinberg said optimistic oil price forecasts issued by leading U.S. brokers had also contributed to the latest upswing in prices.
Goldman Sachs expects Brent prices to reach $70 per barrel in the second quarter from the $60 it predicted previously, and $75 in the third quarter from $65 forecast earlier.
Morgan Stanley expects Brent crude to climb to $70 in the third quarter.
“New COVID-19 cases are falling fast globally, mobility statistics are bottoming out and are starting to improve, and in non-OECD countries, refineries are already running as hard as before COVID-19,” Morgan Stanley said in a note.
Bank of America said Brent prices could temporarily spike to $70 per barrel in the second quarter.
Disruptions in Texas caused by last week’s winter storm also supported oil prices. Some U.S. shale producers forecast lower oil output in the first quarter.
Stockpiles of U.S. crude oil and refined products likely declined last week, a preliminary Reuters poll showed on Monday.
A weaker dollar also provided some support to oil as crude prices tend to move inversely to the U.S. currency.
(Reporting by Bozorgmehr Sharafedin in London, additional reporting by Jessica Jaganathan in Singapore; editing by David Evans and John Stonestreet)
Analysis: Bubbles, bubbles bound for trouble?
By Marc Jones and Thyagaraju Adinarayan LONDON (Reuters) – The $6.2 billion-an-hour rise in the value of world stocks since...
Exclusive: AstraZeneca to miss second-quarter EU vaccine supply target by half – EU official
By Francesco Guarascio BRUSSELS (Reuters) – AstraZeneca expects to deliver less than half the COVID-19 vaccines it was contracted to...
Northern Irish Brexit issue is two-way street, says EU’s Sefcovic
BRUSSELS (Reuters) – Britain must show it is fully using the avenues available under the Brexit divorce deal to minimise...
Oil holds near year-long highs as COVID lockdowns seen easing
By Bozorgmehr Sharafedin LONDON (Reuters) – Oil prices were steady on Tuesday, trading close to more than year-long highs on...
Thomson Reuters to stress AI, machine learning in a post-pandemic world
By Kenneth Li and Nick Zieminski NEW YORK (Reuters) – Thomson Reuters Corp will streamline technology, close offices and rely...
Dollar mixed after Powell, pound hits three-year high
By Kate Duguid NEW YORK (Reuters) – The dollar reversed earlier gains on Tuesday morning after a dovish speech from...
Tesla shares in the red for 2021 as bitcoin selloff weighs
By Julien Ponthus LONDON (Reuters) – Shares in Tesla were set to plunge into the red for the year on...
Facebook ‘refriends’ Australia after changes to media laws
By Byron Kaye and Colin Packham CANBERRA (Reuters) – Facebook will restore Australian news pages, ending an unprecedented week-long blackout...
Calabrio charts record year-on-year UK growth as demand for cloud technology soars during lockdown
Digital transformation acceleration drives cloud contact centre adoption of Calabrio workforce engagement management technology Calabrio, the workforce engagement management (WEM)...
Gastric Electric Stimulators Market Size Worth US$ 188.4 Mn by 2026 – Future Market Insights
The worldwide uptake of gastric electric stimulators is anticipated to witness hefty demand in 2019, representing a rigorous 6.6% y-o-y...