Coversure Insurance Services, the UK's only insurance broker franchise, today announced that it will use technology from Callstream to ensure its 100 regional franchise offices comply with the highest PCI-DSS requirements over data security when taking credit card payments, without jeopardising FCA compliance.
Version 3 of the PCI-DSS regulations states that recording and storing credit card details is non-compliant. Meanwhile, the FCA Handbook requires that insurers must store "sufficient" records of all transactions undertaken. Callstream, the call management experts, will enable the Coversure franchises to comply with both sets of apparently conflicting legislation simultaneously.
Callstream's Vault platform is one of the few cloud-based PCI Level 1 certified solution for contact centre environments. Vault allows the caller to enter credit card details via their telephone keypad, but suppresses the tones so they are not audible to call recording systems or call centre agents. The details are then forwarded directly and securely to the Coversure credit card payment gateway. Because data is passed securely to the payment gateway and not stored, Vault achieves PCI Level 1 compliance, whilst at the same time satisfying FCA recommendations of record keeping by continually recording dialogue between caller and contact centre agent.
"We are constantly looking for ways to improve the experience for our customers and franchisees, and confidence in security processes naturally underpins this. We therefore wanted to make compliance easy for franchisees, whilst putting robust processes in place throughout our network," said Nigel Taylor, Group Director, at Coversure Insurance Services. "But simultaneous PCI and FCA compliance is technically and logistically difficult as the two sets of guidelines seemingly conflict. However Callstream's understanding of the regulations, and their extensive experience of working with insurance businesses, provides an excellent solution allowing us to rapidly achieve compliance with both sets of requirements."
Many Coversure customers opt to pay their insurance premiums over the course of several months, requiring Coversure to re-use customers' highly sensitive payment details but without storing the information. Callstream Vault, working with Barclays merchant services, uses tokenisation technology to make this possible, and completely secure.
Phase one of Vault's deployment will be complete by May 2014. At the same time, a new core call management platform, Nucleus, will enable Coversure to offer its customers a single point of contact, with both inbound and outbound call recording. Callstream's hosted call management system also offers business continuity, detailed reporting, and missed call alerts, in addition to complete control and visibility of its inbound calls. This will improve efficiency when dealing with customer enquiries and ultimately increase sales.
"This is an important milestone for Callstream. Working with Coversure further cements our position as the market leading provider of call management services to the UK insurance broker market," said David Haynes, Director of Callstream. "Vitally, for Coversure and its 100 regional offices, our cloud-based platform makes deployment quick and easy - a vital factor when the need for PCI compliance is so immediate," he continued.