Callstream research shows that ignoring new PCI legislation will
cost insurers more than just fines
Research from call management experts Callstream has shown that failing to comply with PCI-DSS regulations could be more costly than realised: 63% of consumers surveyed would avoid a broker whose contact centres were clearly not PCI compliant in the way they took payment details; and 75% of consumers surveyed would go elsewhere if the insurer or broker had actually been fined for non-compliance.
As of 1st January 2015, all contact centres – including those selling insurance policies – must comply with Version 3 of Payment Card Industry Data Security Standard (PCI-DSS) legislation. PCI-DSS requires handlers of debit and credit card cardholder information to take prescribed steps to reduce risks of fraud. Compliance is compulsory for any merchants in the UK who accept, process, store and transmit cardholder data, which includes insurers and brokers taking payments by credit card over the phone. Failure to meet these requirements can leave a merchant liable to a fine of £10,000s.
Callstream surveyed 2,000 consumers who had recently bought insurance through a contact centre on whether insurers’ and brokers’ lack of PCI compliance would affect their buying habits:
- 71% of respondents expect insurers and brokers to be compliant immediately as of the 31st December 2014 deadline. Of the remainder, the majority (17%) would only allow a maximum of three months’ grace before expecting compliance.
- Three quarters (75%) of respondents said they would actively avoid an insurer or broker if it had been fined for not being PCI compliant.
- Even if the broker had not been fined, almost all (96%) consumers said they would be worried about a non-compliant contact centre handling their data. 63% stated that they would actually take their business elsewhere.
This follows on from Callstream’s research into PCI-DSS compliance released in July last year. This market analysis discovered that, with only months to go to the deadline, 99% of contact centres were failing to take the necessary steps to follow the rules and protect their customers’ payment details.
“Consumers are better informed about security legislation than we may think. Even if they don’t know the exact rules, they know the risks of giving their payment card details through insecure channels, such as verbally to a call centre agent – and they are voting with their feet,” said Mick Crosthwaite, CEO, Callstream. “For those brokers that are not compliant, the question is no longer ‘if’ they will lose customers, but ‘when’ and by how much this attrition will affect new business.”
“Most of the insurance industry is failing to minimise the risk of a security breach by ensuring that those credit card details have no contact with IT infrastructure or staff and to achieve PCI compliance,” continued Crosthwaite. “Consumers are now too aware of the risks and insurers’ requirements to tolerate such poor service. If the threat of fines and penalties has historically failed to encourage compliance, surely the real danger of lost new business will make the industry sit up and take notice?”
Callstream achieves PCI compliance for its customers through Vault – its Level 1 call centre PCI compliance technology for the insurance industry. Callers enter their credit card details via telephone keypads, but Vault suppresses the tones so they are not audible to call recording systems or call centre agents. The details are then forwarded directly and securely to the insurer’s card payment gateway and not stored by the broker. This means that Vault achieves the highest possible PCI compliance levels, whilst at the same time continually recording dialogue between caller and contact centre agent, and therefore satisfying FCA recommendations.
Callstream provides cloud-based call management technology to the UK insurance, travel and retail markets. For 15 years, Callstream has developed and integrated bespoke call management technology with clients’ broker, CRM and payment platforms.
For additional information visit Callstream’s Website