Credit card fraud is on the rise! The trend we have been seeing for the past several years is that the total value of credit card fraud continues to increase. This trend has resulted in an increased financial impact from around $45 million in 2015, to over $246 million in 2023 – over 500% increase in consumer credit card fraud during this 9-year period!
Fortunately, there are safeguards in place to maintain data security standards around credit card processing. The Payment Card Industry Security Standards Council (PCI SSC) is a global forum that brings together payment industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide. Cooperative Response Center, Inc. (CRC) follows these standards and remains PCI Complaint.
Payment Security Standards and Resources
PCI SSC standards and resources help protect the people, processes, and technologies across the payment ecosystem to help secure payments worldwide.
PCI SSC helps secure payments by:
- Managing global payment security standards
- Validating and listing products and solutions that meet PCI SSC standards and program requirements
- Training, testing, and qualifying security professionals and organizations
- Providing free best practices and payment security resources
Who Follows PCI Standards?
CRC does! The PCI DSS and other applicable PCI standards are intended for entities that store, process or transmit payment account data, entities accepting or processing payment transactions, and for developers and manufacturers of software and devices used in those transactions. However, while the PCI SCC does develop and maintain standards, they do not directly monitor the implementation of these standards.
What are the General PCI DSS Standards?
CRC’s Payment Processing
CRC is a U.S.-based contact center serving over 550 members and associate members nationwide, primarily electric utilities. At CRC, we take a holistic, defense in-depth approach to our network security and have implemented extra controls specific to our Cardholder Data Environment (CDE) or payment processing systems to assure PCI Compliance.
CRC, as a trusted partner for utility member services, wants you to know that we take the security of our members’ credit cards very seriously. CRC processes nearly 500,000 credit card transactions annually and remains PCI compliant through the evolving PCI DSS standards.
CRC has recertified our PCI Attestation of Compliance (AOC) as recently as March 2024 and will continue to do so on an annual basis. We also complete quarterly scans, performed by a PCI Approved Scanning Vendor (ASV) to examine and assure ongoing efficacy of our PCI security controls and compliance.
For our automated IVR payment processing systems, CRC uses perimeter defense including network segmentation and system hardening to enhance the security of this environment. This allows us to process payments within our automated systems for your membership in a PCI compliant environment that sends encrypted payment information directly to your Payment Service Provider (PSP) through a secured channel.
For our live agent assisted payment platform, we use an additional set of telephony security controls to ensure PCI compliance and the safety of your members’ payment information. Dual Tone Multi-Frequency (DTMF) is the touch tone standard for telephone digitization. CRC uses a third party application to intercept this information and create a secure payment token. This is referred to as DTMF suppression, or masking. This system allows our agents to help a caller make payments without our agent, or our network having direct exposure to the cardholder data by intercepting the credit card data and creating a secure payment token from the DTMF touch tones.
When your member needs to process a payment using CRC’s live agent-assisted services, we have them input the credit card into your PSP system using their telephone’s keypad and DTMF tones.
The process is described in the infographic below:
The CRC agent clicks through the website to the payment area and prompts the member to input the data (using their telephone keypad) into appropriate fields. Our third party payment security application captures the DTMF tones and tokenizes the payment information which it sends directly to your PSP. This allows a seamless member service experience for your member while ensuring the security and integrity of the payment transaction.
We hope this offers you some insight to CRC’s payment processing systems, reassurance of our intentional, ongoing commitment to security within our payment processing environments and our commitment to safeguard our member payment data.
Contact CRC
For more information or to request copies of our PCI Compliance AOC for your records, please reach out to CRC’s Member Solutions and Support team here: membersupport@crc.coop/. If you are not a CRC member or associate member and want more information about CRC’s PCI Compliant call-handling services, email info@crc.coop or call 800-892-1578 and ask to speak to a regional business manager.