Many businesses take pride in ensuring the highest levels of security for their customers’ data. Whilst all customer data is important, perhaps the most sensitive is payment information – failing to secure it can lead to fraud and significant financial loss for customers. For the organisations that take, process and store payment card data, compliance with the Payment Card Industry Data Security Standard (PCI DSS) is essential.
Compliance in the contact centre
One area of focus for PCI DSS compliance is the contact centre. When we think about the security issues associated with making a payment, often we focus on web-based methods. But many organisations still take a significant number of payments over the phone.
Contact centre environments face a unique challenge – the insider threat. Organisations operating contact centres need to protect customer data from rogue employees, and those that fall victim to blackmailing and other malicious external manipulation.
The most popular way to ensure the security of customer payment data when it’s given over the phone is to use dual tone, multi-frequency (DTMF) technology. With DTMF, customers are routed through to a secure, cloud-hosted platform where they enter their sensitive information via their telephone keypad. The contact centre agents themselves no longer play any part in the collection or processing of the customer’s sensitive data and it never enters the call centre environment.
But whilst widespread adoption of DTMF has been a revolution for contact centre security, it still fails up to 5% of callers who cannot use the telephone keypad. This could include sufferers of rheumatic and musculoskeletal diseases (RMDs) such as arthritis, for whom joint pain, particularly in the hands, is a serious problem. For sufferers, tasks like using a manual phone keypad can be extremely painful, if not impossible.
Striking a difficult balance
Companies should not be disadvantaging these customers, but this has to be balanced with protecting their data and maintaining a secure card data process. The issue, however, is significant; failing to provide a proper level of security for customers who cannot use a DTMF system means failing those most vulnerable.
Until very recently, the options were limited for most companies. In-house security is expensive and difficult to maintain, particularly in line with PCI requirements. It involves creating a ‘white room environment’ where strict controls are enforced on a small group of agents. But whilst rigorous security checks can be put in place, it is impossible to completely eliminate the insider threat.
>See also: The insider threat in the contact centre
Outsourcing the processes is also not the answer. It can be too costly to the business and means the organisation has no control of the customer experience. Routing callers to a third party often means increased on-hold times, inefficient call flow management and unhappy customers.
Cloud-based telephony solutions already play an integral part in best practice contact centre operations. Contact centres use the cloud for call recording, voice biometrics, analytics and fraud detection. Now, leading contact centres are applying cloud-based automatic speech recognition (ASR) technology to extend secure payment capability to callers who are unable to use DTMF systems.
Using voice-to-text technology, these organisations can capture, convert and verify a caller’s payment information without the need for a telephone keypad. Cardholder data is then relayed to the Payment Service Provider (PSP) via a secure private cloud, without the information entering the contact centre.
Significantly, the call is only muted to the operator while the caller gives their details, and strict controls ensure the customer is immediately returned into contact if they take too long, or as soon as their payment details are accepted or denied.
The last piece of the puzzle
Using ASR for phone payments is the last piece of the PCI puzzle for contact centres. It provides a fluid conversation between the caller and the operator, ensures a good customer experience, streamlines the payment process and achieves PCI DSS compliance requirements.
ASR completes a revolution in contact centre payment security that has been brewing for some time. While DTMF provides millions of customers with peace of mind when making payments over the phone, it fails a small but equally important section of society. Those who – for whatever reason – cannot use DTMF should have the same access to data protection and secure payment processes as those who can. ASR now makes this possible.
Sourced by Tom Harwood, chief product officer and co-founder at Aeriandi