Our latest research has shown that simply being accused of PCI-DSS non-compliance could see a substantial number of customers looking to move elsewhere.
63% of consumers surveyed would go elsewhere if their insurer or broker was subject to negative coverage on their PCI compliance status
99% of consumers surveyed would be worried if their insurer or broker was subject to negative coverage on their PCI compliance status
All merchants selling insurance policies should already know that they must comply with Version 3 of Payment Card Industry Data Security Standard (PCI-DSS) legislation. PCI Compliance is compulsory for any merchants in the UK who accept, process, store and transmit cardholder data. This includes insurers and brokers taking payments by credit card over the phone. Failure to meet these requirements can leave a merchant liable to a fine of £10,000s.
Of more concern should be results from Callstream’s recent survey of 2,000 consumers who had recently bought insurance through a call centre. The survey explored whether insurers’ and brokers’ PCI compliance status would affect consumers’ buying habits. One of the main headlines of the research is that almost two-thirds of consumers would go elsewhere if their insurer or broker was simply implied as being non-compliant in news coverage.
“Consumers are extremely sensitive to news that suggests fraud may happen – in this case when buying insurance policies from a source that has had some negative publicity. No-one wants to risk their payment card details being taken over the phone in an insecure way” said Mick Crosthwaite, CEO, Callstream. “What is surprising is that two-thirds of respondents said that even implied non-compliance was enough to make them go elsewhere. Add to that the fact that 99% of those surveyed said a negative news item on PCI compliance would make them worry, and you have a clear warning that insurers and brokers need to get compliant systems in place.”
“The insurance industry needs to implement systems ensuring that those credit card details have no contact with internal IT systems or any employees so as to achieve PCI compliance” continued Crosthwaite. “If insurance businesses recognise that every customer is worried by negative compliance reports, and that two-thirds would actually look to move, then I think the £10,000 fine for non-compliance would look very small compared to the amount of lost business.”
Callstream achieves PCI compliance for its customers through Vault – our Level 1 call centre PCI compliance technology for the insurance industry. Callers enter credit card details via their telephone keypads, but Vault suppresses the tones so they are not audible to call recording systems or call centre agents. The details are then forwarded directly and securely to the insurer’s card payment gateway and not stored by the broker. This means that Vault achieves the highest possible PCI compliance levels, whilst at the same time continually recording dialogue between caller and contact centre agent, and therefore satisfying FCA recommendations on call recording.