As the attended telephony landscape becomes increasingly competitive, companies are always on the lookout for ways to increase revenue and grow their customer base. One effective way to achieve this is by partnering with service providers to resell services. This approach not only helps companies expand their reach but also provides a way to offer more comprehensive solutions to customers. In this blog, we will discuss the importance of using partner channels to resell services, especially when it comes to telephone payments that meet PCI DSS regulations.

Why would this work for you?

Firstly, partnering with other businesses to resell services is an effective way to expand your customer base. By leveraging the partner’s existing network of clients and customers, you can tap into a new market without incurring significant marketing costs. This can be especially beneficial for companies that are just starting and don’t have a large customer base or marketing budget. Partnering with other businesses can help you quickly establish a presence in the market and gain traction.

Partnering with other businesses also allows you to offer more comprehensive solutions to your customers. By reselling services that complement your existing offerings, you can create a one-stop-shop for your customers. For instance, if your company provides a software solution, partnering with a payment provider can help you offer a complete package that includes payment processing. This makes your offering more attractive to customers who prefer to deal with a single provider rather than multiple vendors.

When it comes to telephone payments, partnering with a provider that meets PCI DSS regulations is crucial. PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to protect payment card data. Compliance with these standards is mandatory for businesses that accept credit and debit card payments. Partnering with a provider that meets PCI DSS regulations ensures that your customers’ payment data is secure and that your business is compliant with the standards.

Furthermore, working with a Level 1 PCI DSS compliant partner can provide added benefits. Level 1 compliance is the highest level of PCI DSS compliance and requires regular audits and assessments to ensure ongoing security. This level of compliance demonstrates a strong commitment to security and can provide added reassurance to customers. Another important factor to consider when partnering with a payment provider is training, guidance, and support. Partnering with a provider that offers comprehensive training and support ensures that your team has the knowledge and resources needed to effectively sell and implement the solution. This can help reduce implementation time and ensure a smoother onboarding process for your customers.

Why PCI Telecom?

Finally, pricing is a crucial factor when reselling services. Partnering with a provider that offers the best pricing in the industry can help you achieve improved margins and growth compared to your competitors. This allows you to offer competitive pricing to your customers while still maintaining profitability. Additionally, transparent pricing models can help build trust and credibility with your customers.

In conclusion, partnering with PCI Telecom to resell services can be an effective way to expand your customer base and offer more comprehensive solutions to your customers. When it comes to telephone payments, partnering with PCI Telecom will allow you to meet PCI DSS regulations and offer Level 1 compliance, comprehensive training, guidance, and support, and the best pricing in the industry! By selecting PCI Telecom as your partner and focusing on providing value to your customers, you can achieve sustained growth and profitability for your business. Get in touch with us today

In a period of uncertainty, when costs are rising and businesses are facing extra pressure, every penny counts. Even the smallest increase in revenue or cost cutting can impact company profitability. The good news is that large-scale company overhaul isn’t necessary. It’s often simple, common sense steps that improve the bottom line, especially for small businesses.

While forking out on new systems and processes might seem like unnecessary spend right now, investing in an effective card payment gateway and processing solution could be just what you need to cut your operating costs, boost productivity and save money in the long run. And PCI Telecom can help you do just that – here’s how:

• Bespoke – we create our payment gateway platforms from scratch to suit the exact needs of our clients. While many of our competitors provide all-singing-all-dancing systems off the shelf, with us you only pay for the elements you need without unnecessary and costly extras.
• Reliable – our solutions accept card payments swiftly and effectively, so your team can process more transactions.
• Secure – our solutions process payments securely, masking card data as it is entered and cutting the risk of your business falling victim to card fraud. Being compliant with PCI DSS, you not only benefit from a simplified transaction process, but also from descoping your business of its compliance obligations and passing that responsibility to us, saving you time and staff resource.
• Compatible and flexible – our solutions work alongside all Payment Service Providers (PSPs) so you can shop around for the best option for you. Alternatively, you can benefit from our partnership with Opayo with a deal that suits your exact needs and budget.
• Small business – we are a small business too so we benefit from lower overheads, passing on these cost savings to our customers by keeping our prices low.

At PCI Telecom, we create card payment gateways for payments made over the phone (both to a live operator or via automated IVR), online and link payments (via email, social media or webchat) with the flexibility to be used independently or as part of an omnichannel payment suite. Visit our Solutions page for more information or alternatively contact us to discuss your requirements.

Here at PCI Telecom, we’re always looking at ways to improve our clients’ operations as well as their customers’ experience. The most recent solution added to our suite of payment gateway products is Link Payments, combining the use of both phone and online technology to send customers a secure web link that can be used to make a payment online while remaining on a call, chat or social media or at a later date.

Link Payments offer flexibility and convenience to customers. They remove the need to read card details aloud or enter them via the keypad. They also enable the use of mobile payment technologies such as GooglePay and ApplePay stored on customers’ devices. Not only that, from the vendor perspective, link payments improve productivity, speeding up the payment process so that operators can manage more calls per hour while still maintaining positive person to person customer interaction and card payment security.

Our Link Payments technology can be used alone or as part of a wider multichannel payment gateway provision. All of our payment gateway solutions are compliant with PCI DSS to the highest level so are suitable for businesses of every shape and size, from large customer contact centres to SMEs. Because all of our solutions are built from scratch, our clients benefit from a payment gateway that works to their exact needs at a price that suits their budget – rather than an off-the-shelf solution with unnecessary and costly functionality.

If you would like more information about our card payment gateway solutions, get in touch at [email protected] or call us on 0330 022 0660 to talk through your requirements.

31 March saw the long-awaited launch of PCI Data Security Standard v4.0. Having been developed over the last few years, with much collaboration with members of the card payment industry, the launch of the new standards was delayed from autumn last year due to the pandemic.

A lot has changed since the original standards were created in 2004, with the most recent update taking place in 2015. Major developments in payment channels, smart devices, and open banking as well as new legislation including Strong Customer Authentication (SCA) and GDPR have completely changed the payment landscape and eco-system for consumers as well as businesses.

What is different about PCI DSS v4.0?

The standards have been revised to better align with the developing nature of the payments industry and the fast-changing behaviours and threats posed by cyber criminals. The main aims of PCI DSS v.4.0, compared to previous versions, are:

• To meet the security needs of the payment industry – expanding requirements to implement multi-factor authentication (MFA) and to update password requirements for all access into the cardholder data environment.
• To promote security as continuous process– with clearly defined roles and responsibilities to address each of the standards.
• To add flexibility for different methodologies – to increase flexibility for organisations using different methods to achieve security objectives, adopting payment technology innovation.
• To enhance validation methods and procedures – making the process of reporting on compliance easier and more transparent.

What does your business need to do to comply with new PCI DSS v4.0?

Many businesses opt for self-assessment when it comes to PCI compliance. For those businesses that handle this process internally, the onus will be on them to ensure that their card payment systems adhere to the new standards, which may require technical expertise depending on resources available. The good news is that the PCI SSC are allowing time for organisations to get to grips with the changes and implement updates, with existing standards remaining active and running concurrently with v.4.0 until March 2024.

For businesses that have chosen to outsource their card processing to a third-party Service Provider (like PCI Telecom), the process is a lot more simple. The service provider, with responsibility for PCI compliance, will update their systems accordingly, in line with the new standards, with little input and resource required by the business.

At PCI Telecom we create card payment processing solutions that meet the needs of your business, whatever its size and budget. Our solutions are cloud-based so there’s no need for expensive equipment, and they can be used for all card-not-present payment channels including over the phone to a live agent, via auto IVR, online and webchat. Most importantly, our solutions are PCI DSS v.4.0 ready, with end-to-end encryption, so you can rest in the knowledge that your payment process is always adhering to the guidelines, even when changes are made to them, and protecting the business and your customers from cyber-attack and data breach. Find out more by visiting our Solutions page or get in touch with us here.

The enforcement date for the implementation of Strong Customer Authentication (SCA) in the UK is coming up very soon – 14 March 2022. By this date, which was delayed from last year due to coronavirus, all payments made online will need to comply with the new set of rules, introduced as part of the EU Payments Services Directive (PSD2) launched in January 2018. While the roll-out took place across the EU last year, in the UK the Financial Conduct Authority (FCA) provided a longer lead time for enforcement to minimise the impact on both consumers and businesses.

What are the SCA requirements?

SCA is a set of rules that strengthen the process of confirming the customer’s identity when making purchases online with the aim of reducing the risk of card fraud. It requires ‘multi-factor’ authentication to be applied to all transactions over the value of €30, using at least two of the following:

• Something the customer knows – a PIN or password
• Something the customer has such – smart phone or card reader
• Something the customer is – biometric data such as fingerprint or facial recognition

What should businesses do?

To confirm that SCA has been applied, businesses will need to check with their payment gateway service provider that their system technology has been upgraded with 3D Secure versions 2.1 or 2.2 that enable the two-factor authentication at the time of the transaction. While the prevention of card fraud is important, so too is ensuring a positive customer experience so is also worth exploring which exemptions could be applied to certain payments and also making sure that the correct flagging of transactions (for example, those that are exempt or out of scope) is in place to avoid any unnecessary payment declines.

It’s worth also noting that SCA does not apply to payments made over the phone.

What happens if your system isn’t ready for SCA?

Non-compliant e-commerce transactions that are attempted after 14 March 2022 will be declined, causing inconvenience to the customer and an unnecessary cost to your business. Ensure the smooth transition to multi-factor authentication by checking that your processes and technology are ready today.

Here at PCI Telecom, we create bespoke card payment processing solutions that meet the needs of businesses whatever their shape and size. Our solutions are not only accredited to a Level 1 standard for PCI DSS compliance but are also compatible to meet the requirements of SCA for online transactions.

You can find out more about our online payment processing solutions as well as our over the phone card payment systems by visiting our Solutions page or get in touch to discuss your requirements in more detail.

MOTO payments continue to be an essential piece of the card payment landscape, with around half a billion MOTO payments processed in the UK each year. For many businesses, particularly retailers and food outlets, MOTO payments offer an essential alternative to online channels, enabling more customers to access their products and services. Despite the continued reliance on this payment method, there remain many challenges for businesses in addressing card security, protecting data and complying with PCI DSS.

What is a MOTO payment?

A MOTO (Mail Order/Telephone Order) payment is a debit or credit card payment that is taken over the phone or via postal mail and email. Because the cardholder is not visible to the business, MOTO payments are considered a ‘Card-Not-Present’ (CNP) transaction and, by their very nature, involve risk through the passing of card data from customer to call handler. This type of payment is exempt from the recently introduced SCA (Strong Customer Authentication) requirements because of the limitations of being able to confirm the identity of the customer at the time of the transaction.

When it comes to addressing PCI DSS in MOTO payments, businesses have two options. They can choose to remain ‘in-scope’, retaining responsibility for ensuring that their transaction environment and processing complies with PCI guidelines. Alternatively, they can look to install an external card payment processing solution that handles and manages transactions outside of the business, removing (or ‘descoping’) the whole process from the business’s PCI obligations.

Remaining in-scope

The benefits of keeping card payments in-scope for PCI DSS compliance include keeping costs low and maintaining complete control of the transaction environment. But, without in-house expertise, that does mean increased risk. MOTO payments require cardholders to read sensitive payment card details over the phone that are then either written down or entered directly into a physical terminal by the call handler for processing. To make this process compliant with PCI DSS, the business must demonstrate that it has procedures in place to alleviate the possibility of those card details being lost or stolen. This could include ensuring that any written record of card details is destroyed and prohibiting the storage of data once the transaction is complete.  For larger call centres, a ban on using pens and writing implements while on calls is sometimes put in place.

Having these procedures demonstrates the business’s intent to protect card data that will enable it to achieve PCI compliance via annual self-assessment. However, what they don’t do is offer significant protection and security from human error, malicious intent or cyber-attack. With even the strictest of procedures in place, if a business falls victim to attack that results in a breach of customer card data, it will still be liable for a financial fine and suffer the resulting reputational damage.

Descope from PCI compliance

While there is an obvious appeal to remaining in-scope – reducing cost outlay and keeping control – it is worthwhile considering an external card payment processing solution that ‘descopes’ the transaction environment from within the business’s PCI obligations, onto that of a service provider. This not only cuts out the pressure and resources required to achieve compliance but also significantly increases security, ensuring that customer card data is less likely to fall into the hands of fraudsters. While there is a financial commitment involved in installing the technology, this is offset by a huge reduction in risk.

At PCI Telecom, our PCI Agent solution allows businesses to accept and process card payments over the phone via a uniquely secure and PCI compliant system. The customer is asked to enter their card details via their phone keypad that connects directly with our cloud-based system, with DTMF masking to hide the tones and at no point being visible to the business. The call handler remains on the line to the customer throughout the entire transaction, maintaining personalised interaction and a positive customer experience. Being cloud-based, our PCI Agent solution requires no expensive or intrusive equipment to be installed on site and it can work independently or as part of our wider suite of multi-channel solutions, including AUTO IVR and Online.

You can start the process of descoping your business from PCI DSS and securing your card payments by contacting us today.

If you’re a retailer, you’ll no doubt have begun planning your Christmas sales period. For many, the busiest time of year requires months of organisation to ensure that products and stock are ready and teams fully prepared. But what about your card payment processing?

The number of card-not-present (or CNP) transactions has been on the rise for many years, further compounded more recently by the Covid pandemic forcing consumers away from physical shops to online and mail order/telephone order retailers and service providers. Despite the lifting of Covid restrictions, it is likely that many will choose to continue purchasing over the phone or internet as this Christmas approaches.

With this in mind, does your business have the systems and processes in place to handle this change in consumer behaviour? Is your card payment process fit for purpose and able to adapt to the busy period and the rise in demand? If you’re not sure it is, then now is the time to upgrade it, and here’s why.

Support omni-channel sales

Expand your reach to more customers by increasing the number of ways that they can access and pay for your goods and services. We’ve recently worked with a number of new clients looking at additional and alternative card payment methods such as over webchat and social media as a means of gaining that competitive edge by making your business more easily accessible and improving customer satisfaction. Linking these payment channels under one umbrella system makes them easier to manage, increases the number of transactions processed at a time and ensures the delivery of a standardised, consistent service to customers across the board.

Improve efficiency and productivity

In addition to expanding your reach, you can improve your productivity and efficiency by using your card payment process to integrate with back-end systems such as CRM database, stock monitoring and accounting. This saves you time to focus your attention on delivery of high standard customer service.

Protect your customers from data breach and your business from card fraud

The surge in transactions and sales brings with it increased risk of falling victim to cyber crime. Hackers are on the prowl for weaknesses appearing in systems, taking advantage of businesses that are both too busy and distracted and/or with inexperienced or temporary seasonal staff in place.  According to UK Finance, online fraud against UK retailers totalled an estimated £262.3 million in 2020 while mail or telephone order (MOTO) fraud against retailers totalled £63.7 million. You can protect your business from card fraud and data breach by ensuring that you adhere to guidelines set out in the PCI DSS, or better still, implement a PCI compliant external processing system to make your transaction environment even more robust.

At PCI Telecom, we create card payment processing solutions that are bespoke to the needs of your business, be it for single or multi-channel payment methods – over the phone, auto IVR, online, via webchat, social media or email. Being cloud-based, our solutions are flexible, simple to install and easy to use, plus being PCI compliant to Level 1 standard, you can rest assured that your customers’ card data is protected. And there’s still time to get sorted for Christmas! For more information, visit our Solutions page or get in touch to discuss your needs.

Despite being introduced nearly 15 years ago, PCI DSS, for many businesses, continues to be clouded in mystery and confusion. A lack of time and resources, paired with limited understanding of cybercrime and the risks associated with a data breach, mean that many business owners and managers have chosen to bury their head in the sand and avoid putting the necessary processes in place to secure their transaction environment. So, this month, we attempt to debunk a few of the myths surrounding PCI DSS with a list of Dos and Don’ts of compliance, to help you make the right choices for your business…

DO understand that if you accept payments by card then PCI DSS compliance applies to you. There are no exceptions to this!

DON’T assume that this means costly investment in equipment and extra resources. The extent of your compliance obligations is based on your transaction volume over a 12-month period. This determines which ‘merchant level’ category you fall into and therefore what actions need to be taken to become compliant. While getting the right procedures in place can take time, for many businesses, the compliance process itself simply involves completing an annual Self-Assessment Questionnaire (SAQ).

DO educate yourself and your colleagues on the need for compliance and know the implications if you do not. The more that staff understand and are engaged, the more likely it is that policies will be adhered to.

DON’T assume that you will get away with pleading ignorance should a data breach occur! Without compliance procedures and cyber protection in place, a breach will most certainly lead to a fine for failing to comply, from which the reputational damage to your business could be irreversible. Going through the steps to become compliant will give you a good understanding of the card payment process so you have a better chance of being able to identify gaps and fix weaknesses, making that dreaded data breach much less likely.

DO make compliance and card security a priority and identify an individual or a core team of people responsible for its planning and implementation.

DON’T expect compliance to be achieved in a day. New systems and ways of working take time to bed in, particularly in larger organisations. PCI DSS compliance should be considered as an ongoing exercise and not a one-off tick box so ensure that adequate resources are allocated each year.

DO implement technology and systems that limit the amount of card data visible to staff. Reducing the scope for human error will greatly improve your chances of resisting a data breach.

DON’T assume that because there is human involvement in the payment process that you will not achieve compliance. There are plenty of ways to adhere to PCI DSS while maintaining human interaction and personalised service for your customers. Systems that encrypt card details help to prevent data falling into the wrong hands and there is a wealth of technologies available to support this.

DO investigate ways to outsource your PCI DSS compliance to an external provider. Investing in a PCI compliant card payment solution descopes your businesses from the compliance requirements and moves the obligation and risk from you to them. Not only that, but a new system might also just be what you need to streamline your payment process, increase productivity and, in the long run, cut costs.

DON’T waste money on an off-the-shelf system that does not fit the needs of your business. It is crucial to find the right solution that has the flexibility to integrate with other processes and allows for future changes and growth.

At PCI Telecom we create bespoke card payment processing solutions for businesses of every shape, size, and sector. Our cloud-based solutions are flexible, robust, and cost-effective and enable businesses to accept and process card transactions – over the phone, via IVR, online and over webchat – in a secure environment, compliant with PCI DSS with Level 1 accreditation.  For more information, visit our Solutions page or give us a call to talk through your requirements.

In the post-Covid context, many businesses are looking at how to manage operations, juggling staffing schedules and hybrid office/remote working practices. We’ve noticed an upsurge of interest in our IVR solutions recently, with businesses searching for more automated systems to help them adapt to these new work patterns, while also reducing costs and providing more flexible options to their customers. So, what is IVR and how could it help your business?

What is IVR?

In short, IVR (or Interactive Voice Response) technology enables callers to interact with and purchase through an automated phone system. The system directs callers through a series of options using voice prompts or their phone keypad to reach the service that they require. At the point of payment, the customer is guided through the process of entering their card details into a secure transaction environment.

What are the benefits of IVR?

Undoubtedly, the biggest benefit of IVR is that no call handler is required, freeing up staff resource to work elsewhere in the business while continuing to maintain a consistent and high standard customer experience. The use of IVR for payments improves efficiency, allowing multiple calls and transactions to be handled and processed at the same time while reducing the risk of human error leading to security breaches and maintaining compliance with data protection and PCI DSS.

From the customers’ perspective, IVR offers convenience and flexibility, enabling them to interact and pay outside of usual opening hours and without having to endure a frustrating wait in a caller queue.

How we can help

Here at PCI Telecom, we create bespoke card payment processing solutions that enable businesses to accept and process card-not-present transactions effectively and securely, be it over the phone, online, via webchat and email. Our AUTO IVR™ is cloud based, cost-effective, easy to set up and simple to use, with the added benefit of integrating seamlessly with your database or CRM and other back-end systems. Whatever the size of your business, AUTO IVR™ enables you to capture, integrate and process card payment information with Level 1 PCI DSS compliance accreditation, closing any potential cracks and weaknesses in the payment process and descoping your business from its PCI DSS responsibilities.

For those looking at implementing IVR as part of an omnichannel payment set-up, AUTO IVR™ works effectively as part of our suite of solutions, with ongoing monitoring of transactions across all channels and removing the risk of duplication – particularly useful if you’re dealing with items of limited stock.

If you would like to know more about our AUTO IVR™, visit our Solutions page. Alternatively, get in touch here to talk through your requirements.

In these challenging times many businesses will be looking to cut costs where possible, putting planned expenditure on the back burner and tightening future budgets until Covid disruption blows over.

We know that card payment security and PCI compliance aren’t always at the forefront of minds and therefore have the potential to be on the list of spend items that could be side-lined. But this strategy has its risks – at a time when cyber crime is at an all time high due to weaknesses appearing in IT networks in the move to remote working, as well as the significant increase in card-not-present transactions because of the temporary closure of stores, the need for robust card payment security has never been more vital.

What is it that costs money in achieving compliance? Firstly, the time resource needed to create adequate procedures that set out how card data will be securely handled and establishing them across the organisation. The forthcoming launch of PCI DSS v4.0 moves towards ongoing monitoring of security measures, rather than an annual tick box exercise, so a person’s time will be required on a continual basis to ensure that these procedures are relevant and being adhered to. For those that do not have this time or know-how in-house, buying in expertise from outside the organisation may be needed. Also, investing in new, or improving existing, IT infrastructure will ensure that systems are robust enough to store and process card data securely.

While these might seem like expensive outgoings, they are nothing compared to the financial gamble in side-lining compliance, with potential fines of up to £50,000 per infringement plus the cost of an invasive forensic investigation should a data breach take place.  And, added to this is the inestimable price of potentially irreversible damage to your brand.

The good news is that there are solutions out there that combine all of the costs, protect your business and your customers from cyber criminals AND enable you to increase efficiency and improve customer service all at the same time. Which is exactly what we do here at PCI Telecom, creating and installing card payment processing solutions that are:

• Bespoke – Our solutions are built to suit the exact needs of our customers, unlike those of other service providers who offer an off-the-shelf, one-size-fits-all product. This represents great value for money as you only pay for what you need rather than paying a premium for functions that you won’t use.
• Affordable – To suit the needs of all budgets. We offer affordable monthly license fees and make sure that there is no charge for declined or refunded payments.
• Cloud-based – There is no need to invest in any expensive bits of IT equipment. This also means that staff working at home can access and process payments remotely.
• Omni-channel – Our solutions can be used to process payments made over the phone to a live agent or via an automated IVR as well as online, and via webchat and email so you can offer a variety of payment options to your clients.
• Flexible – Can be adapted for busier periods, new payment channels and products. Our solutions are also fully interactable with other business functions such as your CRM, accounting and stock control.
• Secure – Accredited to the highest Level 1 PCI DSS compliance standard. And by using our solutions, your payment process is descoped from your business’s compliance obligations and placed onto us instead.

You can find out more by visiting our Solutions page or alternatively, give us a call or send us a message to talk through your specific requirements.