Introduction
PCI DSS (Payment Card Industry Data Security Standards) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment.
In addition to the focus on protecting credit card information through PCI Compliance, it has become increasingly important to protect personally identification information (or PII) due to the increase in identity thefts.
Think about the information you enter when making a reservation. Name, card number, expiration date and security code, right? Those four items need to be protected in order to be PCI compliant.
PII is data that could potentially identify a specific individual. A good rule to follow is to never have two identifying items on one person in an unsecured system or area. For instance, full name and phone number, full name and address, full name and email address - you get the idea. It is okay to have personally identifiable items in your call recording, however, you should never write this information down or input them into any system other than a lead form or a property management system.
Obviously, both PCI and PII data come into play during your day-to-day operations. Your staff and in some cases, Revinate staff interact with your guests and this sensitive information every day, therefore it is critical it be protected.
Incorporating the below simple steps into your day-to-day routines will help you protect both PCI and PII data. Some of these items could be a big change from how you typically do your job. However, they are essential and all of us must take them seriously; your company and guests depend on it.
Gathering Guest Information
Do not write any PCI or PII data down on paper. When you receive credit card or personal information through the phone, make sure you are ready to input the information directly into a secure system like a lead form, property management system or booking engine.
Credit Card Retrieval
Do not record PCI data (including card number and security code) into any electronic or physical media other than your property management system. When asking your guest for this information, it is vital that you follow this simple but essential procedure. You will need to pause any portion of your conversation that includes gathering of the card number and security code.
When you are ready to ask the guest for this information, you have two options to pause the recording:
Review client’s chosen PCI Compliance approach –
All Digit Presses-
- Agent advises the guest that “For security purposes I am going to send you to our automated credit card collection prompt. Let me know when you are ready to enter your credit card.”
- In HUB, agent clicks on Credit Card field then selects the orange “Take Payment” button and all the information will appear in HUB
- Click Complete to start the call recording again
Recommended scripting: “For security purposes Mrs. Witherspoon, I am going to have you manually enter your credit card number into your telephone keypad. Let me know when you’re ready.”
All Voice-
-
- In HUB, agent clicks on Credit Card field then selects the orange “Take Payment” button, Capture the credit card information verbally
- Click Complete to start the call recording again.
Voice, with CVV via digit press
- In HUB, agent clicks on Credit Card field then selects the orange “Take Payment” button, verbally collect the credit card number and the expiration date.
- Agent advises the guest that “for security purposes I am going to send you to our automated security code collection prompt. Let me know when you are ready”
- Click “Request Security Code” and the information will appear in HUB
- Click Complete to start the call recording again.
Recommended scripting: “For security purposes Mrs. Witherspoon, I am going to have you enter the security code into your telephone keypad.”
NOTE: Since the call recording will be paused for until you click Complete, it is suggested that any call scoring or important information such as covering the cancellation/payment policy or reservation detail recap happens prior to obtaining the credit card information. This will ensure this information is on the call recording. It is a Revinate best practice to adjust your call flow accordingly to accommodate this.