PCI Pal® supports InsureandGo with payment security and compliance
InsureandGo Insurance Services in the UK, Republic of Ireland and Australia has successfully completed the implementation of a new cloud-based solution for handling its PCI compliance requirements, to deliver greater compliance rigour when handling Cardholder not Present payments.
A cloud-based payment security solution from PCI Pal has been implemented by InsureandGo’s long-standing telecoms partner iNet, to replace a ‘pause and resume’ system for improved compliance. Previously, InsureandGo’s system would automatically ‘start and stop’ call recordings when the customer was verbally providing their payment information to ensure payment data was not captured.
Now, via PCI Pal’s Agent Assist solution, the insurance provider is able to take payments in the contact centre using DTMF masking technology, which enables credit card information to be captured anonymously using the telephone keypad. It has reduced the insurer’s PCI DSS scope, moving it from Level D SAQ to Level A PCI Self-Assessment Questionnaire (SAQ A), as well as providing a seamless and secure payment experience for customers.
With the solution implemented via the Cloud, it has also supported InsureandGo’s staff that have transitioned to homeworking during the pandemic.
John Forrow, Chief Security Officer for MAPFRE, which is the parent company of InsureandGo, said,
“We operate a fairly complicated infrastructure and I was keen to reduce our PCI DSS scope and to move to SAQ A. Plus, a huge benefit that we didn’t foresee was that we can operate this solution remotely. With Covid-19 upon us, we have agents working from home, yet they are handling calls as securely as if they were in the contact centre.
“We have descoped and payment data is off our network, so the timing has been crucial, as this may not have been possible with our previous arrangement and would have presented us with a significant challenge.”
Adds Jason Hanshaw, IT Development Manager for MAPFRE:
“It was really important to ensure the customer journey was not impacted by a change in compliance solution. What really impressed us with Agent Assist was that it was fully integrated within the iNet telephony solution so our customers can continue to communicate with agents throughout the call, even when providing card details. This is done via the telephone keypad; the solution anonymises the DTMF tones and no sensitive payment information is audible or enters our infrastructure. Customers can be assured of a seamless experience and of advanced security.”
PCI Pal is a leading provider of Software-as-a-Service (“SaaS”) solutions that empower companies to take payments from their customers securely, adhere to strict industry governance, and remove their business from the significant risks posed by non-compliance and data loss. PCI Pal’s products secure payments and data in any business communications environment including voice, chat, social, email, and contact centre. It is integrated to, and resold by, some of the world’s leading business communications vendors, as well as major payment service providers. The entirety of PCI Pal’s product-base is available from its global cloud platform hosted in Amazon Web Services (“AWS”), with regional instances across EMEA, North America, and ANZ. PCI Pal products can be used by any size organisation globally, and it is proud to work with some of the largest and most respected brands in the world.
For additional information on PCI Pal view their Company Profile