PCI Telecom's Partner Channel

What are the benefits of joining our Partner Channel?

As the attended telephony landscape becomes increasingly competitive, companies are always on the lookout for ways to increase revenue and grow their customer base. One effective way to achieve this is by partnering with service providers to resell services. This approach not only helps companies expand their reach but also provides a way to offer more comprehensive solutions to customers. In this blog, we will discuss the importance of using partner channels to resell services, especially when it comes to telephone payments that meet PCI DSS regulations.


Why would this work for you?

Firstly, partnering with other businesses to resell services is an effective way to expand your customer base. By leveraging the partner’s existing network of clients and customers, you can tap into a new market without incurring significant marketing costs. This can be especially beneficial for companies that are just starting and don’t have a large customer base or marketing budget. Partnering with other businesses can help you quickly establish a presence in the market and gain traction.

Partnering with other businesses also allows you to offer more comprehensive solutions to your customers. By reselling services that complement your existing offerings, you can create a one-stop-shop for your customers. For instance, if your company provides a software solution, partnering with a payment provider can help you offer a complete package that includes payment processing. This makes your offering more attractive to customers who prefer to deal with a single provider rather than multiple vendors.

When it comes to telephone payments, partnering with a provider that meets PCI DSS regulations is crucial. PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to protect payment card data. Compliance with these standards is mandatory for businesses that accept credit and debit card payments. Partnering with a provider that meets PCI DSS regulations ensures that your customers’ payment data is secure and that your business is compliant with the standards.

Furthermore, working with a Level 1 PCI DSS compliant partner can provide added benefits. Level 1 compliance is the highest level of PCI DSS compliance and requires regular audits and assessments to ensure ongoing security. This level of compliance demonstrates a strong commitment to security and can provide added reassurance to customers. Another important factor to consider when partnering with a payment provider is training, guidance, and support. Partnering with a provider that offers comprehensive training and support ensures that your team has the knowledge and resources needed to effectively sell and implement the solution. This can help reduce implementation time and ensure a smoother onboarding process for your customers.


Why PCI Telecom?

Finally, pricing is a crucial factor when reselling services. Partnering with a provider that offers the best pricing in the industry can help you achieve improved margins and growth compared to your competitors. This allows you to offer competitive pricing to your customers while still maintaining profitability. Additionally, transparent pricing models can help build trust and credibility with your customers.

In conclusion, partnering with PCI Telecom to resell services can be an effective way to expand your customer base and offer more comprehensive solutions to your customers. When it comes to telephone payments, partnering with PCI Telecom will allow you to meet PCI DSS regulations and offer Level 1 compliance, comprehensive training, guidance, and support, and the best pricing in the industry! By selecting PCI Telecom as your partner and focusing on providing value to your customers, you can achieve sustained growth and profitability for your business. Get in touch with us today

Does your payment gateway reflect the quality of your products?

We’ve all been there. You find the perfect product or a super service and you commit to making the purchase, only to be connected to a clunky, frustrating and disappointing payment process. It impacts your experience as the customer and makes you question the value and quality of your purchase.

As a business, it’s important to make customers feel looked after from the beginning to the end of the transaction. Why does it matter? Because, in an increasingly competitive marketplace, today’s consumers have high expectations. A positive experience is likely to turn into a return visit in future and generate good word of mouth promotion.

Your payment gateway is the stepping stone between your website/ frontline store or phoneline, and the card payment processor. It plays a key role in authorising the payment and making sure that all the correct data has been entered and then preparing the details to pass on to the processor. So, how can you make sure that this core step in the transaction process reflects the quality of your product?

Seamless consistency is key

As a customer, it’s often noticeable when making a card payment either online or over the phone that you’re being moved between systems – the look and feel completely changes and in some of the worst cases results in questioning whether you’re handing over your card details to a legitimate business! Creating a seamless transaction process, that begins at the point of sale right through to post-payment, with features that are a recognisable as being part of your brand, instils confidence and a positive experience for the customer.

Investing in an omni-channel payment gateway solution – standardising the process across all payment channels – means that customers receive the same standard of service however they access your products and pay by card. Creating consistency is crucial to building brand recognition and ultimately generating brand loyalty moving forward.

Robust and reliable

Looking and feeling consistent might offer reassurance or quality but does the system work? Slow or glitchy payment processing is frustrating for the customer and damaging to a business’ credibility. Just as important is security – ensuring all of your payment gateway channels protect customer card data by complying with guidelines set out in PCI DSS. A swift, secure and reliable service will satisfy clients that their custom is valued and prevent them from looking elsewhere.

At PCI Telecom, we create bespoke card payment gateways for payments made over the phone (to a live operator), via IVR, online and email link. Our solutions can be used solo or as part of an omni-channel mix, creating consistency of service no matter how your customers engage with you. Being bespoke, our payment gateway solutions are created to meet the exact needs of your business and put customer experience at the forefront. Get in touch with us today to find out more and to talk through your requirements.

How choosing the right card payment gateway can help reduce your operating costs

In a period of uncertainty, when costs are rising and businesses are facing extra pressure, every penny counts. Even the smallest increase in revenue or cost cutting can impact company profitability. The good news is that large-scale company overhaul isn’t necessary. It’s often simple, common sense steps that improve the bottom line, especially for small businesses.

While forking out on new systems and processes might seem like unnecessary spend right now, investing in an effective card payment gateway and processing solution could be just what you need to cut your operating costs, boost productivity and save money in the long run. And PCI Telecom can help you do just that – here’s how:

  • Bespoke – we create our payment gateway platforms from scratch to suit the exact needs of our clients. While many of our competitors provide all-singing-all-dancing systems off the shelf, with us you only pay for the elements you need without unnecessary and costly extras.
  • Reliable – our solutions accept card payments swiftly and effectively, so your team can process more transactions.
  • Secure – our solutions process payments securely, masking card data as it is entered and cutting the risk of your business falling victim to card fraud. Being compliant with PCI DSS, you not only benefit from a simplified transaction process, but also from descoping your business of its compliance obligations and passing that responsibility to us, saving you time and staff resource.
  • Compatible and flexible – our solutions work alongside all Payment Service Providers (PSPs) so you can shop around for the best option for you. Alternatively, you can benefit from our partnership with Opayo with a deal that suits your exact needs and budget.
  • Small business – we are a small business too so we benefit from lower overheads, passing on these cost savings to our customers by keeping our prices low.

At PCI Telecom, we create card payment gateways for payments made over the phone (both to a live operator or via automated IVR), online and link payments (via email, social media or webchat) with the flexibility to be used independently or as part of an omnichannel payment suite. Visit our Solutions page for more information or alternatively contact us to discuss your requirements.

Global reach: accepting card payments from anywhere in the world

Expanding a business is a daunting prospect for any business owner, especially when it involves crossing borders into new territories and target audiences. The good news is that with developments in technology, widening your reach and accepting international card payments is no longer as difficult as it used to be.

Card-not-present transactions, wherever they take place, create challenges with confirming the identity of the cardholder and international payments have historically added a greater level of risk and complexity. Understandably, businesses want to be sure that they can accept card payments fast and effectively while maintaining consistency of the brand and security for both them and their customers.

PCI Telecom can deliver just that. We create bespoke card payment gateways for businesses of all types and sizes, for payments made through multiple channels including over the phone, via IVR and online. All our solutions are compliant with Level 1 PCI DSS – the security framework created by major card brands and recognised globally – offering you the highest possible protection against card fraud and data breaches. Our solutions ensure that these compliance obligations are met without compromising the checkout experience for the customer and ensuring brand and service consistency wherever in the world your products and services are being accessed.

While our payment gateway solutions can be used with any payment service provider, our partnership with Opayo means that our clients can benefit from being able to accept international payments without needing an entirely separate payment platform to their UK operations. Payments can be made using local currencies via services such as EPS, Giropay, Ideal, JCB, Sofort and China Union Pay. Through our existing clients, we are already processing transactions across Europe, America, Africa and as far as Australia, providing a secure and reliable payment gateway solution to those businesses that are trading across borders and currencies.

If you are looking to expand your services and widen your reach to audiences across the world and would like to know more about how we can help you to create omnichannel payment gateways that meet your exact needs, give us a call today on 0330 022 0660, or drop us an email or note via our webchat.

Add convenience and improve productivity with Link Payments

Here at PCI Telecom, we’re always looking at ways to improve our clients’ operations as well as their customers’ experience. The most recent solution added to our suite of payment gateway products is Link Payments, combining the use of both phone and online technology to send customers a secure web link that can be used to make a payment online while remaining on a call, chat or social media or at a later date.

Link Payments offer flexibility and convenience to customers. They remove the need to read card details aloud or enter them via the keypad. They also enable the use of mobile payment technologies such as GooglePay and ApplePay stored on customers’ devices. Not only that, from the vendor perspective, link payments improve productivity, speeding up the payment process so that operators can manage more calls per hour while still maintaining positive person to person customer interaction and card payment security.

Our Link Payments technology can be used alone or as part of a wider multichannel payment gateway provision. All of our payment gateway solutions are compliant with PCI DSS to the highest level so are suitable for businesses of every shape and size, from large customer contact centres to SMEs. Because all of our solutions are built from scratch, our clients benefit from a payment gateway that works to their exact needs at a price that suits their budget – rather than an off-the-shelf solution with unnecessary and costly functionality.

If you would like more information about our card payment gateway solutions, get in touch at [email protected] or call us on 0330 022 0660 to talk through your requirements.

Our transition from Payment Service to Payment Gateway Provider

We’ve been going through a period of change here at PCI Telecom, developing the business to create stronger, more robust payment solutions for our existing and future clients.

Since our acquisition of RealCredit, we’ve adapted our services to become a Payment Gateway Provider (PGP). What does this mean? We will continue to deliver bespoke card payment gateways – the secure system into which card details are inputted when a customer makes a payment over the phone or online – created to meet the exact needs, specification and branding of our client businesses and their customers. But rather than us processing the payment through our own system, this move to Payment Gateway Provider means that we have the flexibility to work with any Payment Service Provider (PSP) our clients prefer, into whose secure transaction environment the card details will be seamlessly transmitted for processing.

Our solutions will continue to deliver for those businesses looking to accept card payments securely over the phone to a live agent, via an automated IVR system and/or through online platforms and weblinks – all compliant with Level 1 PCI DSS. The system remains cloud-based, so there is no need for intrusive fixtures or equipment on site. Most excitingly, for those that require the full card payment processing package, we’ve built a partnership with UK Payment Service Provider Opayo to create a resilient and cost-effective solution that can grow and adapt as businesses change over time.

If you would like to know more about how PCI Telecom can support your business with accepting card payments, whether you’re starting from scratch or looking to adapt your existing system, please do get in touch via the website, webchat, email or give us a call on 0330 022 0660.

The new PCI DSS v4.0 has arrived

31 March saw the long-awaited launch of PCI Data Security Standard v4.0. Having been developed over the last few years, with much collaboration with members of the card payment industry, the launch of the new standards was delayed from autumn last year due to the pandemic.

A lot has changed since the original standards were created in 2004, with the most recent update taking place in 2015. Major developments in payment channels, smart devices, and open banking as well as new legislation including Strong Customer Authentication (SCA) and GDPR have completely changed the payment landscape and eco-system for consumers as well as businesses.

What is different about PCI DSS v4.0?

The standards have been revised to better align with the developing nature of the payments industry and the fast-changing behaviours and threats posed by cyber criminals. The main aims of PCI DSS v.4.0, compared to previous versions, are:

  • To meet the security needs of the payment industry – expanding requirements to implement multi-factor authentication (MFA) and to update password requirements for all access into the cardholder data environment.
  • To promote security as continuous process– with clearly defined roles and responsibilities to address each of the standards.
  • To add flexibility for different methodologies – to increase flexibility for organisations using different methods to achieve security objectives, adopting payment technology innovation.
  • To enhance validation methods and procedures – making the process of reporting on compliance easier and more transparent.

What does your business need to do to comply with new PCI DSS v4.0?

Many businesses opt for self-assessment when it comes to PCI compliance. For those businesses that handle this process internally, the onus will be on them to ensure that their card payment systems adhere to the new standards, which may require technical expertise depending on resources available. The good news is that the PCI SSC are allowing time for organisations to get to grips with the changes and implement updates, with existing standards remaining active and running concurrently with v.4.0 until March 2024.

For businesses that have chosen to outsource their card processing to a third-party Service Provider (like PCI Telecom), the process is a lot more simple. The service provider, with responsibility for PCI compliance, will update their systems accordingly, in line with the new standards, with little input and resource required by the business.

At PCI Telecom we create card payment processing solutions that meet the needs of your business, whatever its size and budget. Our solutions are cloud-based so there’s no need for expensive equipment, and they can be used for all card-not-present payment channels including over the phone to a live agent, via auto IVR, online and webchat. Most importantly, our solutions are PCI DSS v.4.0 ready, with end-to-end encryption, so you can rest in the knowledge that your payment process is always adhering to the guidelines, even when changes are made to them, and protecting the business and your customers from cyber-attack and data breach. Find out more by visiting our Solutions page or get in touch with us here.

How can businesses bolster their cyber security?

Recent instability in Europe has brought with it the increased threat of cybercrime that has resulted in the UK government advising many businesses to step up their cyber security measures as a precautionary measure. With that in mind, we take a look at steps that businesses can take to protect themselves and their customers.

Understand where the vulnerabilities are

Identifying where weaknesses exist in your IT network is the first step towards being able to secure your systems against the risk of cyber-attack. Through external penetration testing, businesses can view and test their security measures through the eyes of a cybercriminal, replicating the tactics and practices of hackers to highlight flaws and gaps in the network that could be taken advantage of, with particular focus on areas where the most common weaknesses occur, usually at the point that two systems integrate. In addition to this, the process tests the efficiency of firewalls and anti-virus software, and how easy it is to access sensitive data such as customers’ personal information and card payment details.

Invest in strengthened technology

For businesses, particularly those that are smaller, the cost of updating IT systems and networks can be a barrier, with many relying on out-of-date technology and patching when necessary. This creates weaker and more vulnerable systems that are easy to target. Adequate budgeting for regular IT maintenance and updates should be a priority – cost will inevitably be less than the damage caused by cyber-attack.

Plan and implement policies and procedures

Do your employees understand their role in helping to prevent cyber-attacks and know what to do if they see anything suspicious? Setting out clear guidelines and company policies – on topics such as the use of personal IT equipment and mobile devices, the need for strong passwords/multi-factor authentication and ensuring software is up to date – is required to ensure that there is a coordinated approach to maintaining robust systems and that a clear and concise process is in place should these be infiltrated.

These policies and procedures are only effective if they are widely communicated throughout the organisation – ongoing engagement and education of employees will reinforce how their actions make all the difference.

Comply with data protection guidelines and PCI DSS

Data protection legislation and guidelines such as PCI DSS are designed to prevent sensitive personal and payment data getting into the wrong hands and to help you stay one step ahead of the hackers by creating barriers to make their target much harder to reach. Going through the process of achieving compliance will undoubtedly result in the creation of more robust systems and networks, protecting your business and your customers from the threat of cyber-attack.

At PCI Telecom we create bespoke, cloud-based card payment processing solutions that interface seamlessly and securely with other IT functions, enabling you to accept and process payments safely and swiftly over the phone, via IVR and online. Because our solutions are accredited to a PCI Level 1 standard, they provide the highest level of compliance regardless of the size of the organisation. Contact us today to find out more about how we can support your business.

SCA enforcement deadline fast approaching

The enforcement date for the implementation of Strong Customer Authentication (SCA) in the UK is coming up very soon – 14 March 2022. By this date, which was delayed from last year due to coronavirus, all payments made online will need to comply with the new set of rules, introduced as part of the EU Payments Services Directive (PSD2) launched in January 2018. While the roll-out took place across the EU last year, in the UK the Financial Conduct Authority (FCA) provided a longer lead time for enforcement to minimise the impact on both consumers and businesses.

What are the SCA requirements?

SCA is a set of rules that strengthen the process of confirming the customer’s identity when making purchases online with the aim of reducing the risk of card fraud. It requires ‘multi-factor’ authentication to be applied to all transactions over the value of €30, using at least two of the following:

  • Something the customer knows – a PIN or password
  • Something the customer has such – smart phone or card reader
  • Something the customer is – biometric data such as fingerprint or facial recognition

What should businesses do?

To confirm that SCA has been applied, businesses will need to check with their payment gateway service provider that their system technology has been upgraded with 3D Secure versions 2.1 or 2.2 that enable the two-factor authentication at the time of the transaction. While the prevention of card fraud is important, so too is ensuring a positive customer experience so is also worth exploring which exemptions could be applied to certain payments and also making sure that the correct flagging of transactions (for example, those that are exempt or out of scope) is in place to avoid any unnecessary payment declines.

It’s worth also noting that SCA does not apply to payments made over the phone.

What happens if your system isn’t ready for SCA?

Non-compliant e-commerce transactions that are attempted after 14 March 2022 will be declined, causing inconvenience to the customer and an unnecessary cost to your business. Ensure the smooth transition to multi-factor authentication by checking that your processes and technology are ready today.

Here at PCI Telecom, we create bespoke card payment processing solutions that meet the needs of businesses whatever their shape and size. Our solutions are not only accredited to a Level 1 standard for PCI DSS compliance but are also compatible to meet the requirements of SCA for online transactions.

You can find out more about our online payment processing solutions as well as our over the phone card payment systems by visiting our Solutions page or get in touch to discuss your requirements in more detail.

What have we learned about card payments in 2021?

It’s been another challenging year for businesses, compounded by on/off lockdowns and travel restrictions as well as working-from-home advice, the implications from which have led to substantial changes in working practices and consumer behaviour. So, what have we learned from our experiences in 2021 and what can we take forward as we move into the new year?

1. That having agile systems and processes is key to business continuity

As businesses dashed to adapt their systems to remote working, those who already used cloud-based and online networks were able to make the move a lot quicker with minimal disruption to services and enabling them to continue to process transactions despite staff and call handlers being either home-based, office-based or a mixture of the two. For those that didn’t have such agile systems in place, there was a race to set them up, in some cases to the detriment of card and data security and often costing the business in resources and lost sales.

Many organisations are now looking at longer term mixed remote and office-based working so the need for agile and flexible systems continues as we move into 2022.

2. That cyber criminals are always ready to take advantage

While the move to internet-connected networks and systems proved invaluable for business continuity, malicious cyber attackers were ready to take advantage of weaknesses in systems that had been speedily patched together. According to the DCMS Cyber Security Breaches Survey published in March 2021, 39% of all UK businesses reported a cyber breach or attack in 2020/21. The move to home working initiated substantial changes to digital infrastructure with many businesses issuing laptops or tablets to staff. But this has created more endpoints for organisations to monitor leading to difficulties in upgrading hardware and security protection.

These challenges highlight the need for businesses to invest in adequate security measures that are easily adapted to different working practices as well as increase efforts to comply with guidelines such as PCI DSS. Working through these requirements ensures that sufficient policies and procedures are in place to prevent a data breach occurring in the payment process and card transaction environment.

3. That offering omni-channel payment methods is essential

While the working practices of many businesses have changed, so too have the shopping behaviours of the consumer, with a move away from visiting physical shops to making purchases online or over the phone. Forward-thinking organisations have taken this further by expanding to other secure payment channels such as email, webchat and social media as well as using IVR technology to accept and process payments made over the phone 24/7 and without the need for a call operator. Creating new payment channels expands the reach to more customers and in turn generates competitive advantage and, while there are perceived challenges in maintaining consistent customer service, this move to multi-channel payment offering looks set to continue and grow as we move into 2022 and beyond.

At PCI Telecom, we create flexible, bespoke card payment processing solutions that are cloud-based and therefore agile to adapt to whatever changes in working practices or consumer behaviours businesses are faced with. Our solutions are compliant with the latest PCI DSS and can be used for payments made over the phone – either to a live agent or via IVR – as well as online, via email, webchat and social media. For more information, visit our Solutions page or get in touch here to discuss your requirements.

MOTO payments and PCI compliance: in-scope vs descope

MOTO payments continue to be an essential piece of the card payment landscape, with around half a billion MOTO payments processed in the UK each year. For many businesses, particularly retailers and food outlets, MOTO payments offer an essential alternative to online channels, enabling more customers to access their products and services. Despite the continued reliance on this payment method, there remain many challenges for businesses in addressing card security, protecting data and complying with PCI DSS.

What is a MOTO payment?

A MOTO (Mail Order/Telephone Order) payment is a debit or credit card payment that is taken over the phone or via postal mail and email. Because the cardholder is not visible to the business, MOTO payments are considered a ‘Card-Not-Present’ (CNP) transaction and, by their very nature, involve risk through the passing of card data from customer to call handler. This type of payment is exempt from the recently introduced SCA (Strong Customer Authentication) requirements because of the limitations of being able to confirm the identity of the customer at the time of the transaction.

When it comes to addressing PCI DSS in MOTO payments, businesses have two options. They can choose to remain ‘in-scope’, retaining responsibility for ensuring that their transaction environment and processing complies with PCI guidelines. Alternatively, they can look to install an external card payment processing solution that handles and manages transactions outside of the business, removing (or ‘descoping’) the whole process from the business’s PCI obligations.

Remaining in-scope

The benefits of keeping card payments in-scope for PCI DSS compliance include keeping costs low and maintaining complete control of the transaction environment. But, without in-house expertise, that does mean increased risk. MOTO payments require cardholders to read sensitive payment card details over the phone that are then either written down or entered directly into a physical terminal by the call handler for processing. To make this process compliant with PCI DSS, the business must demonstrate that it has procedures in place to alleviate the possibility of those card details being lost or stolen. This could include ensuring that any written record of card details is destroyed and prohibiting the storage of data once the transaction is complete.  For larger call centres, a ban on using pens and writing implements while on calls is sometimes put in place.

Having these procedures demonstrates the business’s intent to protect card data that will enable it to achieve PCI compliance via annual self-assessment. However, what they don’t do is offer significant protection and security from human error, malicious intent or cyber-attack. With even the strictest of procedures in place, if a business falls victim to attack that results in a breach of customer card data, it will still be liable for a financial fine and suffer the resulting reputational damage.

Descope from PCI compliance

While there is an obvious appeal to remaining in-scope – reducing cost outlay and keeping control – it is worthwhile considering an external card payment processing solution that ‘descopes’ the transaction environment from within the business’s PCI obligations, onto that of a service provider. This not only cuts out the pressure and resources required to achieve compliance but also significantly increases security, ensuring that customer card data is less likely to fall into the hands of fraudsters. While there is a financial commitment involved in installing the technology, this is offset by a huge reduction in risk.

At PCI Telecom, our PCI Agent solution allows businesses to accept and process card payments over the phone via a uniquely secure and PCI compliant system. The customer is asked to enter their card details via their phone keypad that connects directly with our cloud-based system, with DTMF masking to hide the tones and at no point being visible to the business. The call handler remains on the line to the customer throughout the entire transaction, maintaining personalised interaction and a positive customer experience. Being cloud-based, our PCI Agent solution requires no expensive or intrusive equipment to be installed on site and it can work independently or as part of our wider suite of multi-channel solutions, including AUTO IVR and Online.

You can start the process of descoping your business from PCI DSS and securing your card payments by contacting us today.

The rise of ‘soft declines’: what they are and how to prevent them

‘Soft declines’ of card payments have become more common of late, causing a bit of a headache for businesses and frustration for customers. So, what is the reason for this rise in soft declines and how can you try to prevent them from happening?

‘Soft’ declines vs ‘hard’ declines

Hard declines of card payments occur due to a permanent authorisation failure. This could be because the bank account has been closed, the card stolen or an invalid card number has been entered. There is no point in retrying these payments as the failure cannot be rectified.

Soft declines, on the other hand, are those that have failed because of something that can be rectified. This could be insufficient funds, details not matching up, unusual activity or the card having expired. The good news is that these failures are usually temporary and can be reattempted for the payment to be processed, occasionally requiring some actions by the customer beforehand.

Why are soft declines on the rise?

Recently there has been rise in the number of soft declines taking place, particularly with recurring payments (also known as ‘continuous authority payments’). This is largely due to new Strong Customer Authentication (SCA) coming into force as of September 2021, applying new requirements across all electronic card payments made in the EEA and the UK. It adds extra layers of security, requiring banks to perform additional checks when consumers make card payments to confirm their identity, usually in the form of two of the following – something they know (such as a password or PIN), something they have (such as a mobile phone, card reader or other device that can generate a one-time passcode) or something they are (such as a fingerprint or facial recognition).

For recurring payments where the amount is always the same, for example monthly subscriptions, only the first payment is subject to SCA. However, if the amount or frequency of the recurring payment differs, then each transaction is subject to the authentication requirements. And this is causing the problem – as the recurring payment is processed, a red flag is waving at the issuing bank that SCA requirements haven’t been met leading to a soft decline.

How can you prevent soft declines?

Soft declines aren’t as problematic as hard declines – the payments generally make it through eventually. But they can be a bit of a pain and a drain on a business’ resources. So, what can be done to prevent them?

SCA is easy to implement on initial payments that are set up online, simply adding a step to the payment process. Added to that, card payments that are made over the phone are out of scope for the regulations. Recurring payments, however, will remain an issue for some businesses. The solution is to implement a means of authentication with the customer to avoid the payment being flagged with the issuing bank.

At PCI Telecom, our Paylink service offers a solution to this problem, enabling customers to confirm their identity when payments are due. This is achieved through a unique URL sent to the customer via email or SMS through which they can authenticate their identity, in the long run saving both the business and the customer the time and hassle of dealing with a soft decline.

The Paylink service forms part of our suite of card payment processing solutions for payments made over-the-phone, IVR, online and via webchat. Our solutions are cloud-based, built to meet the specific needs of your business and compliant with the very latest PCI standards. For more information, visit our Solutions page or get in touch to talk through your requirements.

Too early to mention Christmas?

If you’re a retailer, you’ll no doubt have begun planning your Christmas sales period. For many, the busiest time of year requires months of organisation to ensure that products and stock are ready and teams fully prepared. But what about your card payment processing?

The number of card-not-present (or CNP) transactions has been on the rise for many years, further compounded more recently by the Covid pandemic forcing consumers away from physical shops to online and mail order/telephone order retailers and service providers. Despite the lifting of Covid restrictions, it is likely that many will choose to continue purchasing over the phone or internet as this Christmas approaches.

With this in mind, does your business have the systems and processes in place to handle this change in consumer behaviour? Is your card payment process fit for purpose and able to adapt to the busy period and the rise in demand? If you’re not sure it is, then now is the time to upgrade it, and here’s why.

Support omni-channel sales

Expand your reach to more customers by increasing the number of ways that they can access and pay for your goods and services. We’ve recently worked with a number of new clients looking at additional and alternative card payment methods such as over webchat and social media as a means of gaining that competitive edge by making your business more easily accessible and improving customer satisfaction. Linking these payment channels under one umbrella system makes them easier to manage, increases the number of transactions processed at a time and ensures the delivery of a standardised, consistent service to customers across the board.

Improve efficiency and productivity

In addition to expanding your reach, you can improve your productivity and efficiency by using your card payment process to integrate with back-end systems such as CRM database, stock monitoring and accounting. This saves you time to focus your attention on delivery of high standard customer service.

Protect your customers from data breach and your business from card fraud

The surge in transactions and sales brings with it increased risk of falling victim to cyber crime. Hackers are on the prowl for weaknesses appearing in systems, taking advantage of businesses that are both too busy and distracted and/or with inexperienced or temporary seasonal staff in place.  According to UK Finance, online fraud against UK retailers totalled an estimated £262.3 million in 2020 while mail or telephone order (MOTO) fraud against retailers totalled £63.7 million. You can protect your business from card fraud and data breach by ensuring that you adhere to guidelines set out in the PCI DSS, or better still, implement a PCI compliant external processing system to make your transaction environment even more robust.


At PCI Telecom, we create card payment processing solutions that are bespoke to the needs of your business, be it for single or multi-channel payment methods – over the phone, auto IVR, online, via webchat, social media or email. Being cloud-based, our solutions are flexible, simple to install and easy to use, plus being PCI compliant to Level 1 standard, you can rest assured that your customers’ card data is protected. And there’s still time to get sorted for Christmas! For more information, visit our Solutions page or get in touch to discuss your needs.

Start-ups: speed up the launch of your business by outsourcing PCI compliance

When you are in the process of starting up a business, it’s understandable that you will be giving most of your attention to developing your product/service and keen to get out there to meet your customers. But as eager as you are, there are background functions to get sorted, one of which being the accepting and processing of card payments, both effectively and securely, while complying with data protection and other regulations, such as PCI DSS.

The good news is that there are options out there that mean you don’t have to let these hold you back or slow you down. One of which is outsourcing your card payment processing to an external service provider, such as us.

What is PCI compliance?

PCI DSS is a set of requirements established by the major global payment card brands and applies to every business that accepts, stores, processes or transmits cardholder data, regardless of its size or industry – so every retailer or online seller of goods or services, whether they are based in a shop, an office, at home or in a contact centre, should have policies and procedures in place to secure the transaction environment and protect customer card data.

Compliance with PCI is essential to keep card payment data secure and out of the reaches of cyber criminals, to reduce the risk of a data breach. Crucially for start ups, having this reassurance in place will help to build trust with customers from the outset.

Why you should consider outsourcing your PCI compliance

Building and maintaining PCI compliant card payment processing infrastructure can take a lot of time, expertise and resources, not only in the initial set up but also with ongoing monitoring and penetration testing – something that start-ups often don’t have. You can get your product/service to market faster by employing a provider to do it for you, faster and more effectively and reducing your PCI compliance scope, moving the obligation from you to them.

While outsourcing requires an initial investment, it will enable you to focus on developing your product or service and, in time, save you money. A more efficient system that works exactly how you need it to will in the long run allow you to function in the most productive way. And while your card payment processing needs to be robust, a good system will allow for flexibility and be adaptable as your business grows and changes over time, avoiding the need for regular updates and expensive overhauls.

Most importantly, investing in the right system early on will reduce the risk of becoming a victim of cyber attack resulting in a breach of data. There is a common perception that cyber criminals more often target bigger companies when in fact smaller businesses are just as vulnerable to attack, particularly those with weaker, less established systems in place. A breach of data, for a business at any age or stage, could have a devastating effect on brand reputation.

At PCI Telecom, we create bespoke card payment solutions that suit the needs of businesses of every shape and size and are accredited to a PCI Level 1 standard of compliance. Our solutions are robust, reliable and secure and, being cloud-based, they are flexible and easy to adapt as your business grows. Visit our Solutions page to find out more or alternatively give us a call to talk through your requirements.

The dos and don’ts of PCI DSS compliance

Despite being introduced nearly 15 years ago, PCI DSS, for many businesses, continues to be clouded in mystery and confusion. A lack of time and resources, paired with limited understanding of cybercrime and the risks associated with a data breach, mean that many business owners and managers have chosen to bury their head in the sand and avoid putting the necessary processes in place to secure their transaction environment. So, this month, we attempt to debunk a few of the myths surrounding PCI DSS with a list of Dos and Don’ts of compliance, to help you make the right choices for your business…


DO understand that if you accept payments by card then PCI DSS compliance applies to you. There are no exceptions to this!

DON’T assume that this means costly investment in equipment and extra resources. The extent of your compliance obligations is based on your transaction volume over a 12-month period. This determines which ‘merchant level’ category you fall into and therefore what actions need to be taken to become compliant. While getting the right procedures in place can take time, for many businesses, the compliance process itself simply involves completing an annual Self-Assessment Questionnaire (SAQ).


DO educate yourself and your colleagues on the need for compliance and know the implications if you do not. The more that staff understand and are engaged, the more likely it is that policies will be adhered to.

DON’T assume that you will get away with pleading ignorance should a data breach occur! Without compliance procedures and cyber protection in place, a breach will most certainly lead to a fine for failing to comply, from which the reputational damage to your business could be irreversible. Going through the steps to become compliant will give you a good understanding of the card payment process so you have a better chance of being able to identify gaps and fix weaknesses, making that dreaded data breach much less likely.


DO make compliance and card security a priority and identify an individual or a core team of people responsible for its planning and implementation.

DON’T expect compliance to be achieved in a day. New systems and ways of working take time to bed in, particularly in larger organisations. PCI DSS compliance should be considered as an ongoing exercise and not a one-off tick box so ensure that adequate resources are allocated each year.


DO implement technology and systems that limit the amount of card data visible to staff. Reducing the scope for human error will greatly improve your chances of resisting a data breach.

DON’T assume that because there is human involvement in the payment process that you will not achieve compliance. There are plenty of ways to adhere to PCI DSS while maintaining human interaction and personalised service for your customers. Systems that encrypt card details help to prevent data falling into the wrong hands and there is a wealth of technologies available to support this.


DO investigate ways to outsource your PCI DSS compliance to an external provider. Investing in a PCI compliant card payment solution descopes your businesses from the compliance requirements and moves the obligation and risk from you to them. Not only that, but a new system might also just be what you need to streamline your payment process, increase productivity and, in the long run, cut costs.

DON’T waste money on an off-the-shelf system that does not fit the needs of your business. It is crucial to find the right solution that has the flexibility to integrate with other processes and allows for future changes and growth.


At PCI Telecom we create bespoke card payment processing solutions for businesses of every shape, size, and sector. Our cloud-based solutions are flexible, robust, and cost-effective and enable businesses to accept and process card transactions – over the phone, via IVR, online and over webchat – in a secure environment, compliant with PCI DSS with Level 1 accreditation.  For more information, visit our Solutions page or give us a call to talk through your requirements.

Could PCI Webchat be the missing piece of your card payment puzzle?

Are you looking for ways to expand your reach to customers without having to invest heavily in equipment or extra resources? Or maybe you’re considering ways to maintain customer engagement when your staff are mixing office and remote working? Whatever your current conundrum, PCI Webchat could be the solution that you’re looking for.

The development of online payment technology over the last two decades has changed the way that consumers shop, but for some customers, particularly when buying goods or services that are complicated by nature, the lack of human interaction, can be barrier. PCI Webchat allows customers the convenience of paying online while receiving a personalised, tailored service and communication with a live representative of the business, enabling them to ask questions and receive the reassurance they need.

How does PCI Webchat work?

The PCI Webchat solution is super easy. After engaging with the customer via live chat, the agent simply launches the PCI Webchat solution and populates it with the sales information (or this can be pre-populated by your CRM). The system then generates a unique URL that can be sent to the customer, into which they enter their card details for the payment to be processed quickly and securely. A new encrypted chat window opens so that the customer and agent can continue to ‘chat’ whilst the payment goes through, maintaining live interaction and personalised service throughout.

And it’s not just over standard webchat that this solution can be used.  Agents can use the same method to engage and send payment links via SMS as well as social media, further expanding reach to even more customers.

What are the benefits?

The benefits are many! Firstly, because PCI Webchat utilises your business’ existing website and our cloud-based processing software, there’s no need for additional equipment so the cost outlay remains low. And while staff resource is required to monitor the live chat function, the system enables multiple payments to be processed quickly, effectively and efficiently, improving productivity and saving money in the long run.

As customers remain in contact with the sales representative from the beginning to the end of the transaction, a high standard of customer service can be maintained throughout. This helps to improve the rates of conversion from enquiries through to sales and ensures that customer satisfaction remains high, increasing the possibility of return custom further down the line.

Most importantly, our PCI Webchat, like all of our solutions, is fully compliant with PCI DSS to a Level 1 standard so you and your customers can rest in the knowledge that card payment data is protected. Card details remain hidden from the agent’s view and are processed through our system with end-to-end encryption. PCI Webchat interfaces seamlessly and securely with other payment channels as well as with back-end systems such as stock monitoring and your CRM.

If you’d like to know more about our PCI Webchat solution, or any other of our card payment processing solutions, please do get in touch. Our card payment processing systems are built on a bespoke basis to suit the needs of businesses regardless of their type and size and our clients to date have represented a range of sectors, from tourist attractions and retailers to train companies and insurance brokers.

Could IVR technology support changes to your post-Covid business operations?

In the post-Covid context, many businesses are looking at how to manage operations, juggling staffing schedules and hybrid office/remote working practices. We’ve noticed an upsurge of interest in our IVR solutions recently, with businesses searching for more automated systems to help them adapt to these new work patterns, while also reducing costs and providing more flexible options to their customers. So, what is IVR and how could it help your business?

What is IVR?

In short, IVR (or Interactive Voice Response) technology enables callers to interact with and purchase through an automated phone system. The system directs callers through a series of options using voice prompts or their phone keypad to reach the service that they require. At the point of payment, the customer is guided through the process of entering their card details into a secure transaction environment.

What are the benefits of IVR?

Undoubtedly, the biggest benefit of IVR is that no call handler is required, freeing up staff resource to work elsewhere in the business while continuing to maintain a consistent and high standard customer experience. The use of IVR for payments improves efficiency, allowing multiple calls and transactions to be handled and processed at the same time while reducing the risk of human error leading to security breaches and maintaining compliance with data protection and PCI DSS.

From the customers’ perspective, IVR offers convenience and flexibility, enabling them to interact and pay outside of usual opening hours and without having to endure a frustrating wait in a caller queue.

How we can help

Here at PCI Telecom, we create bespoke card payment processing solutions that enable businesses to accept and process card-not-present transactions effectively and securely, be it over the phone, online, via webchat and email. Our AUTO IVR™ is cloud based, cost-effective, easy to set up and simple to use, with the added benefit of integrating seamlessly with your database or CRM and other back-end systems. Whatever the size of your business, AUTO IVR™ enables you to capture, integrate and process card payment information with Level 1 PCI DSS compliance accreditation, closing any potential cracks and weaknesses in the payment process and descoping your business from its PCI DSS responsibilities.

For those looking at implementing IVR as part of an omnichannel payment set-up, AUTO IVR™ works effectively as part of our suite of solutions, with ongoing monitoring of transactions across all channels and removing the risk of duplication – particularly useful if you’re dealing with items of limited stock.

If you would like to know more about our AUTO IVR™, visit our Solutions page. Alternatively, get in touch here to talk through your requirements.

Is your business ready for the new PCI DSS v4.0? Here are some handy tips on how you can prepare.

PCI DSS is having a shake up this year with the release of PCI DSS v4.0 expected later in 2021. Final details are still to be announced but are expected to include requirements for more frequent testing and more rigorous authentication.

With these changes on the horizon, businesses might be wondering what they can do to prepare. Here we have some handy tips.

Why is a new standard needed?

The card payment landscape has changed dramatically since PCI DSS was launched by the major card providers back in 2006. Contactless payments, most recently via smartphone, as well as advancements in global internet speeds, open banking and cloud-based technologies has revolutionised the industry. While these developments have been great for both businesses and consumers, they have also opened the door to greater risks and vulnerabilities that cyber criminals are exploiting, finding weaknesses in interfacing systems to access personal and payment data.

PCI DSS v4.0 is the first major revision to the standards since 2013.  It’s expected that the 12 core requirements will remain the same with updates to reflect changes in technologies and cyber threats. These include the following high level objectives:

  • To ensure the standard continues to meet the security needs of the payments industry and the businesses that use it.
  • To add flexibility and support that will enable the standard to be applied across the variety of payment methods now available.
  • To promote and encourage businesses to see security and PCI DSS compliance as an ongoing process rather than a one-off tick box exercise.
  • To enhance validation methods and procedures – enforcing encryption and authentication processes to card payments.

What can you do to prepare?

The good news is that the PCI SSC have stated that there will be an extended transition period for organisations to update their systems to PCI DSS v4.0. For 18 months post launch, both PCI DSS v3.2.1 and v4.0 will be active followed by a further period of time (yet to be confirmed) for phasing in new requirements.

However, while 18 months might seem long enough, we all know how time flies by, especially when juggling other roles and responsibilities. There’s no harm in getting a few things in place now to ensure the transition to the new framework is as smooth as it can be. Here are just a few ideas of how you can prepare:

Identify who will be responsible.

A multi-discipline approach including every level of the business from senior management through to IT, HR, sales and marketing, is essential for an effective roll out of revised PCI DSS policies and practices. Assigning responsibility to one person or team early on in the process to oversee the implementation will make this process a whole lot smoother, identifying where expertise and technology is needed and minimising the risk of critical tasks falling through gaps between departments.

What budget is available?

How much you need will depend on the state of your existing card payment processing systems and policies. Investing now to upgrade your systems – improving encryption and authentication and applying it across all payment channels – will better prepare your business for the transition to the new guidelines. At the very least you should be ensuring that budget is allocated to the roll out of updated processes further down the line.

Explore your options

Have you considered investing in an external card payment solution to manage payments? Outsourcing your payment processing to an outside provider descopes your business from PCI compliance, placing responsibility onto the provider instead, including updating to the new v4.0. Explore your options now and get ahead of the game.


At PCI Telecom we create card payment processing solutions that meet the needs of your business, whatever its size and budget. Our solutions are cloud-based so there’s no need for expensive equipment, and they can be used for all card-not-present payment channels including over the phone to a live agent, via auto IVR, online, email and webchat. Most importantly, our solutions are PCI DSS compliant, accredited to Level 1 standard and with end-to-end encryption, so you can rest in the knowledge that your payment process is always adhering to the guidelines, even when changes are made to them, and protecting the business and your customers from cyber attack and data breach.  Find out more by visiting our Solutions page or get in touch with us here.

Worried about the cost of PCI compliance?

In these challenging times many businesses will be looking to cut costs where possible, putting planned expenditure on the back burner and tightening future budgets until Covid disruption blows over.

We know that card payment security and PCI compliance aren’t always at the forefront of minds and therefore have the potential to be on the list of spend items that could be side-lined. But this strategy has its risks – at a time when cyber crime is at an all time high due to weaknesses appearing in IT networks in the move to remote working, as well as the significant increase in card-not-present transactions because of the temporary closure of stores, the need for robust card payment security has never been more vital.

What is it that costs money in achieving compliance? Firstly, the time resource needed to create adequate procedures that set out how card data will be securely handled and establishing them across the organisation. The forthcoming launch of PCI DSS v4.0 moves towards ongoing monitoring of security measures, rather than an annual tick box exercise, so a person’s time will be required on a continual basis to ensure that these procedures are relevant and being adhered to. For those that do not have this time or know-how in-house, buying in expertise from outside the organisation may be needed. Also, investing in new, or improving existing, IT infrastructure will ensure that systems are robust enough to store and process card data securely.

While these might seem like expensive outgoings, they are nothing compared to the financial gamble in side-lining compliance, with potential fines of up to £50,000 per infringement plus the cost of an invasive forensic investigation should a data breach take place.  And, added to this is the inestimable price of potentially irreversible damage to your brand.

The good news is that there are solutions out there that combine all of the costs, protect your business and your customers from cyber criminals AND enable you to increase efficiency and improve customer service all at the same time. Which is exactly what we do here at PCI Telecom, creating and installing card payment processing solutions that are:

  • Bespoke – Our solutions are built to suit the exact needs of our customers, unlike those of other service providers who offer an off-the-shelf, one-size-fits-all product. This represents great value for money as you only pay for what you need rather than paying a premium for functions that you won’t use.
  • Affordable – To suit the needs of all budgets. We offer affordable monthly license fees and make sure that there is no charge for declined or refunded payments.
  • Cloud-based – There is no need to invest in any expensive bits of IT equipment. This also means that staff working at home can access and process payments remotely.
  • Omni-channel – Our solutions can be used to process payments made over the phone to a live agent or via an automated IVR as well as online, and via webchat and email so you can offer a variety of payment options to your clients.
  • Flexible – Can be adapted for busier periods, new payment channels and products. Our solutions are also fully interactable with other business functions such as your CRM, accounting and stock control.
  • Secure – Accredited to the highest Level 1 PCI DSS compliance standard. And by using our solutions, your payment process is descoped from your business’s compliance obligations and placed onto us instead.

You can find out more by visiting our Solutions page or alternatively, give us a call or send us a message to talk through your specific requirements.

Don’t let your card payment process get in the way of business success in 2021

Are you setting your sights on business growth in 2021? Or is your aim to simply to ride out the coronavirus storm? Whatever your objectives, if you’re using an out-of-date card payment processing system, it could hold you back or worse, lead to loss of sales and reputation damage.

Future-proof your business

Your old system might still be working, but is it fit for the future? Card payments are evolving constantly – the progression accelerating because of the pandemic creating new consumer habits and pushing them to alternative remote, or ‘card-not-present’ (CNP), transactions. Recent research predicts that CNP transactions will overtake in-person payments by 2023 – can your existing system handle this adjustment?

And it’s not just CNP transactions that are growing – the choice of payment methods has also increased. In this era of multi-channel communication, the likelihood is that your customers will engage with you through a variety of platforms – and your payment channels need to replicate this. Limiting to one channel might seem like a simpler way to manage payments but it seriously restricts your reach by excluding potential customers who may not have the time or the facilities for your single channel.  You can read more on the benefits of omni-channel payments here.

Advances in payment technology have enabled omni-channel transactions to be processed through one system, making it easier for you to manage and monitor sales while ensuring that the customer experience is consistent across the board, in turn improving satisfaction and brand awareness . This could include payments to a live agent over the phone or via an auto IVR working side by side with online options via your ecommerce site, webchat and email.

Be flexible to adapt to changes in demand and working practices

The ups and downs of the last year highlighted more than ever the need where possible for flexible business practices and processes. With the mass move to remote working, brought on by lockdown restrictions, businesses with cloud-based systems in place fared better, being able to move swiftly to alternative working practices with little interruption to service delivery.

Choosing a flexible, cloud-based card payment system that enables remote access for your staff and that can be adjusted to meet an increase in demand, whether that be adding agents or processing more transactions, will ensure that your business can adapt to whatever sits on the horizon in the post-covid context.

Security is key

The speedy introduction of new working practices unfortunately opened up vulnerabilities and weaknesses in many IT systems and networks and cyber criminals were quick to jump on the chance to take advantage. There was a significant rise in the number of cyberattacks on businesses of every size, compromising the card data and personal details of millions of individuals.

Data protection legislation and guidance, such as PCI DSS, aim to encourage businesses to have effective policies and procedures in place for accepting and processing personal data and card payments securely, whether staff are based in the office or remotely. Failure to follow the guidelines which then results in a breach of data can lead to a substantial fine and, probably worse, irreparable damage to the brand. Opting for a card payment system that adheres to the standards ensures that connections between the transaction environment and the rest of the IT network are secure and robust. And with PCI DSS v4.0 anticipated to be released in mid-2021, introducing greater focus on security as a continuous process rather than a one-off or annual tick box exercise, it’s more important than ever to make sure that adequate processes are in place.

Installing a new system doesn’t need to be complicated or costly. At PCI Telecom, we offer affordable bespoke card payment solutions that fit the needs of your business whatever its shape or size and for a variety of channels. Our solutions are cloud-based, so there’s no need for investment in expensive bits of equipment, and fully integrate with other back end systems such as accountancy and stock monitoring. They’re also compliant to the highest level of PCI DSS, protecting your business and your customers from data breach. For more information, visit our Solutions page or get in touch with us to discuss your requirements.