Oak Telecom's CEO Phil Reynolds is urging comms resellers to help businesses comply with tough new rules enforced by the Payment Card Industry (PCI) on securing telesales payments.
As the dust settles on a flurry of activity around new FSA rules in recording calls involving transactions, Oak's CEO Phil Reynolds points out that the latest Payment Card Industry (PCI) standards enforce equally tough compliance rules that, like the FSA rules, cannot be ignored. The PCI regulations came into force in June 2008, replacing a previous set of rules and guidelines that commanded little more than mere lip service. But all that has changed, presenting both challenges and opportunities to the channel.
"This all places a much taller order on call recording and CTI software if SMBs are to be able to take full advantage of the new possibilities presented by the new generation of telecoms applications," said Reynolds. "Whoever it was that said that telecoms applications are becoming commoditised has a pretty one-dimensional picture of the reseller marketplace - and of the opportunities it presents for resellers."
"Smooth payment processing is all part of the service your end users want to provide"
Reynolds reports a sharp rise in demand for installations of Oak's CTI application integration module alongside call recording, and the specifications often include small to medium sized telesales operations where Oak adds value to CRM and other business databases with automated outbound calling and screen popping of customer records. According to Reynolds, integration between business databases and telecoms applications is reaching new levels so it is becoming possible for smaller businesses to drive increasingly sophisticated telesales campaigns that can rival the bigger call centres.
"This in itself creates another superb opportunity for resellers to broaden their relationships with clients, reaching beyond the traditional notions of what constitutes business telecoms," he said. "Smooth payment processing is all part of the service your end users want to provide. So it makes sense for end users to go the last mile and manage transactions seamlessly as well."
Reynolds said that PCI DSS compliance can be summarised under three main headings, collecting and storing (secure collection and tamper-proof storage of all log data); reporting (being able to provide proof of compliance on the spot); and monitoring and alerting (have systems in place such as auto-alerting, to help administrators constantly monitor access and usage of data).
Much of the PCI DSS compliance is down to an organisation's own IT management processes. The challenge in call recording software design is to enable operators to take all customer details smoothly in one call while ensuring that data is not then stored in a single accessible file. Reynolds commented: "As a first line of defence, products such as Oak Record's enable operators to switch off recording while taking down sensitive information and then switch it back on again with a single click at the desktop client. This fast and easy solution is made possible by the full integration between the CTI and recording modules of Oak's Comms Suite, with all of the information presented on screen via a single user interface."
However, this quarter will see the release of a Connect 09 PCI module that will further automate the process, with recording switching off or on whenever the operator clicks into or out of a specified database field. "The new module will interface with the 100-plus databases that Oak Connect is already integrated with, while Oak software development kits will enable developers to customise further or for other proprietary applications," added Reynolds
Far from being a white elephant, the PCI Security Standards Council has teeth, warns Reynolds. It includes heavyweights such as American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. International, and facilitates the broad adoption of consistent data security measures on a global basis.
"The core of the PCI DSS (Data Security Standard) is a group of principles and accompanying requirements, said Reynolds. "And the new rules are not confined to banks and other financial institutions, but apply equally to any business which takes payments either online or over a telephone."