My dilemma today is online security. After personally being asked for my CVV number when I started a contract with O2 over the phone the other day I am now going to voice my concerns on virtual paper.
If I look at how I collect online payments I use a secure gateway called www.stripe.com and www.gocardless.com both these payment collection services do not allow me to see the customers credit card details let alone their CVV number.
To collect payments I always send an email link where the customer clicks and goes to checkout, this is a more secure way of getting payments and is 100% encrypted.
However to collect payments over the phone in the situation we are in now whilst working from home I think this should not happen and if it does one should not give the CVV number. According to O2 they needed my card to do a credit check, they did not need my CVV number as I was not making a transaction, they just simply wanted to verify who I was yet they asked for it anyway and when I complained they said it was their policy and for me to take it or leave it.
At first I used my main card which has a bit of money on it and quickly thinking I remembered I had a second card with less money on so I used that one instead, but I had a horrible feeling what if my details where cloned/screenshot and used later on perhaps in a few weeks time, how would I expalin to the bank that says never give your pin or your CVV number to anyone. Would I get my money back if my bank account was wiped out overnight because I gave my CVV number out?, I do not think so. In fact an estimated £10 million is mishandled and sensitive client information is leaked across the internet each and every year. The PCI compliant solution ensures that this figure is decreased year on year.
If you are to collect telephone payments you should do it through an encrypted phone line.
So today another company ended on my radar when they phoned a friend of mine for a late payment and wanted to collect payment over the phone and again this company asked for the CVV number( which may I add he did not complain and I took it upon myself to invesitigate further without his knowledge). I thought it was wrong and contacted the company and their response was that it is common practice to ask for the CVV numbers over the phone…… What also was astonishing was that this very same company charged a late payment charge which I would have thought they would waiver considering the situation people are in right now especially as some people like my friend has recently lost his job.
I too have on my terms and conditions and on all my invoices a late payment disclaimer but I only use it as a deterrent and very rarely execute this unless the client is persistently avoiding payment.
So with the present climate am I going to enforce it on my clients who are late paying?, of course I am not, it would be like kicking someone in the teeth when they are down.
I understand if we were working in a normal economy and things were normal, but we are not and we need to be compassionate and think would that charge have gone on food rather than milk the customer dry.
In my opinion I hope the company reimburse my friend any late payments charges as that would be the decent thing to do. Furthermore they should offer my friend smaller re-payments and this goes for every car dealer in the country and insurance company until people start going back to work.
Also what is this £25 insurance refund about, thats insulting to say the least considering cars are not on the roads as much, so the chances of accidents are really slim and most cars are parked outside the residents home so the chances of theft are also remote, hence giving each car owner £25 is laughable but thats another post waiting to be written…….https://www.theguardian.com/money/2020/apr/21/admiral-car-insurance-refunds-coronavirus-lockdown-claims
Do not take advantage of people when they are at their lowest, think that this could happen to you and how would you feel. Just because you are a CEO or Director of a business does not make you invinsible or any different to a consumer.
Treat your customers right and the customers will look after you. Remember it takes years to build a good reputation and minute to ruin one.
My T&C’s has £100 late payment charge but I will not enforce it as I do not believe in taking advantage of people and I would rather help them make smaller payments to bring the account up to date. Besides the government is helping businesses stay afloat so showing empathy and compassion makes you a better person and a better company.
So I have started a ripple effect seeing as I am not associated with this particular company they have now raised a few flags with security data non PCI Compliancy and how they are taking advantage of people with late payments and in this day and age they need businesses like myself to market them to bring them more business.
It is common practice to encrypt calls and if they are not you can report a company to https://www.pcisecuritystandards.org/ if setting a payment over the phone and one is made to hand over a security number to a total stranger, this is deemed a secuity breach. Simply handing over your CVV number to another human is very risky to the consumer and goes with heavy fines for the company if they are caught taking payments over the phone without being PCI compliant.
If you need to collect a card payment send an email with a link that gets encrypted if you do not want to take payments over the phone. Otherwise ensure you are PCI compliant in order not to risk being fined.
I am not saying everyone is dishonest in this world but it only takes one person to clear out your bank account and they may not neccessarily do it on the same day you spoke with them it could be they hand it over to an accomplice or wait a week or two to cover their tracks.
Businesses should evaluate how they collect payments. If a payment has defaulted try getting the payment again, try at least two times and if after that the payment has not been paid then write an email and a letter saying that the account needs to be brought up to date and offer to help and give options especially if the person has run into a problems paying.
Do not slam late payment charges as the person may be in a vulnerable state and you do not know their circumstances. No one likes being in debt and all it takes a bit of communication and your problems get solved as well as theirs. You get the payment albeit it maybe a smaller amount over a longer period but at least you are helping the individual aswell as yourself. Afterall I would not want it on my conscience if someone did something to themselves just because I was hounding them for money.
- Communicate by letter, not everyone likes to talk over the phone.
- Give payment options
- Consider lowering the payments and collecting them over a longer period.
- Do not enforce late payment charges it does not say much about you if you do, especially now with the Coronavirus Covid-19 pandemic and people who have lost their jobs, their self esteem is not very high right now and they should not be worried about paying bills.
- When collecting payments over the phone have a secure encrypted line, did you know that business can be fined if they collect payments over the phone if they are not “PCI Compliant” No business handling payments is exempt from this fine, currently standing at 4% of annual turnover. Ensuring that your business is PCI compliant will stop the 4% fine and any future fines. To read further please go here: https://www.telecomsworldplc.co.uk/pci-compliancy
***I am calling on all businesses regardless of the industry you are in, that if you want to take payments over the phone that unless you are PCI Compliant you are risking getting fined.
Do not take that risk and Stay Safe People!