Today, there are more than five billion people in the world that own mobile devices, and according to Statista, that number is projected to increase to 7.33 billion in just three years. In addition to communicating with friends and family, checking emails and a multitude of other activities, consumers are increasingly turning to their mobile phones to make purchases, pay bills and send money to others. In fact, Allied Market Research estimates that the mobile payment market will grow at a CAGR of 33.8 percent from 2017 to 2023, reaching a market size of $4.6 trillion.
Whether it is through SMS, email, online chat or social media, today’s tech savvy consumers expect to encounter a mobile-optimized payment process that is secure, seamless and transparent. Any business that wants to thrive in this increasingly mobile-centric world must know how to accept secure mobile payments, all while providing an exceptional customer experience. Here are our five top tips to help businesses along their path towards ensuring fast, secure and Payment Card Industry Data Security Standard (PCI DSS) compliant mobile payments.
TIP #1: Determine if Your Business Should Accept Mobile Payments
Even though mobile usage will only continue to grow, you will still want to conduct an analysis on whether or not your business is actually ready to provide another payment method to customers. There are many perks to accepting mobile payments — like improving cash flow, reducing overall expenses, customer convenience, etc. However, you will want to outweigh those perks with a few other factors, such as the fees that will be associated with accepting mobile payments, whether or not your business targets the kind of demographic that will take advantage of the mobile payment option, and if your organization can offer mobile payments that are safe, secure and PCI DSS compliant.
TIP #2: Properly Train Staff
If you do decide to start accepting mobile payments, choosing the right technology is of course extremely important, but training your staff on proper data security protocols is equally important.
There are many best practices to help properly train all employees that handle payment information, but few are as critical and all-encompassing as the following:
Thoroughly Vet Employees
It is important for contact centres to conduct thorough background checks on all employees — even temporary employees, third-party contractors and remote workers. There should be no exceptions and no excuses.
One of the important requirements of PCI DSS compliance involves PCI security awareness training. If your organization accepts, manages, or transmits payment cards and the personal information associated with the card, employees must be trained upon hire and annually to be PCI DSS compliant. CSRs are on the front line to protect customers’ payment card information and their understanding of the rules and vigilance is imperative.
Track Progress Through Assessments and Ongoing Updates
Track the progress of employees through assessments that can provide an objective record of each employee’s understanding and completion of the program. Provide regular refresher courses — at least annually, if not quarterly — to ensure that data security and privacy practices stay top-of-mind.
TIP #3: Descope Mobile Payment Technology and CSRs
Protecting customers’ sensitive card data in the mobile channel is essential as mobile fraud continues to grow and become ever-more sophisticated. If you start accepting payments through the mobile channel — or any other channel for that matter — your organization is at risk of a brand-damaging data breach and could face hefty fines if you are not compliant with industry regulations, such as the PCI DSS. However, keeping up with the fast-changing and demanding requirements of the PCI DSS can be a difficult task that comes with a hefty price tag.
In order to mitigate risk and simplify compliance, you need to take inventory of all the CSRs and the technologies that either store, process or transmit cardholder data. For example, when a customer reads their payment card details out loud to a CSR on the telephone, the entire contact centre infrastructure — from the data network to the physical and virtual servers and everything in between — becomes in scope for PCI DSS compliance. This also includes the CSRs and all of the equipment that they use to access and communicate card details, including writing materials, personal mobile devices and public internet tools like webchat and social media. The same is true for any payment transactions conducted via the mobile channel. Fortunately, there are solutions available today that can enable your organization to securely and easily transact with customers in the mobile channel.
TIP #4: Ensure Compliance with Industry Regulations and Certifications
To help minimize security risks and uphold customer trust, businesses that accept payments in all channels, including mobile, must look to the PCI DSS and seek out a PCI certification. The PCI DSS is a global standard that applies to any company that handles cardholder data. While compliance with the PCI DSS by no means guarantees immunity from a breach, taking the steps outlined in the standard can significantly reduce risks and eliminate noncompliance fines, which can range from $5,000 to $500,000 per month.
TIP #5: Take Advantage of Reporting and Analytics
When it comes to providing secure mobile payments, you will want a robust, closed-loop reporting process to provide data on mobile payment hyperlink delivery, open and response times. This will allow your business to evaluate and tweak the best time of the day or day of the week to send out SMS messages, for example, or which wording format works best when it comes to prompting a response. It can even help monitor how many texts and QR codes are successfully sent and analyse live delivery statistics and open times. You should also make sure that the mobile payment solution you choose provides confirmation on when payments are successful and how many unsuccessful payment attempts were made.
Solutions that can provide real-time progress updates on when payment information has been collected, whether the payment was approved by the PSP and other critical steps in the customers’ purchasing journey can also enable a better customer experience. When combined with analytics, real-time payments progress updates can provide your organization with powerful insights into the desires and behaviours of mobile payment customers, the status of collected payments, and the effectiveness of marketing programs.
Providing Seamless, Secure and Compliant Mobile Payments
With billions of people around the world increasingly relying on their mobile phones to conduct their personal and professional matters, consumer demand for mobile payment options will only continue to grow as well. Businesses of all sizes and across all industries can position themselves for continued success and further growth by enabling mobile payments. There are a few considerations to weigh before choosing to offer mobile payments to customers, but by following best practices, your organization can reduce its risk of a data breach and offer an exceptional customer experience by providing seamless, secure and compliant mobile payments.