George McDonough - ContactCenterWorld.com Blog
TOOLS & METHODS
Contact center metrics have really changed over the past 15 years. We now have tools such as screen pops (CTI), workforce management (WFM), speech analytics, desktop analytics, eLearning, Quality Monitoring (QM), Net Promoter Scoring (NPS), Voice of the Customer (VOC) and many others to measure our contact center agents. The return on investment (ROI) for these tools comes in the form of increased revenue per call, reduction in average handle time, increased first call resolution, improved service levels and increased customer satisfaction scores. It’s our job to implement these tools and to ensure the ROI. Now, add PCI compliance which is not necessarily thought of as a ROI tool and as the person in charge of the Care Center, you’re ready to pull your hair out.
To maintain compliance and lower operating costs, many companies want payments to be made through self-care channels which is great for most consumers. The moving trend when they call and speak with an agent is to eventually send them to the IVR for payment, but that negatively affects customer satisfaction, and for certain, first call resolution. Although it is very efficient and certainly frees up your agents, it's contrary to everything we’re measured on. Additionally, it’s not very customer service centric. Roughly 70% of customers are happy making payments through the IVR, but what about the remaining customers? How do you service them securely, efficiently and in a compliant manner? This is where DTMF secure capture fills in the gap. During agent handled calls customers don’t need to be transferred to an IVR, the customer can use their touch-tones to enter sensitive data while remaining on line with the agent.
A NEW OPTION
DTMF (dual tone multi-frequency) data capture can be used in the contact center to securely capture a customer's credit card number, for example, without the agent ever being exposed to the digits. Furthermore, the data never touches the desktops, PC’s, segments of the company's network or even the call recording system. It is discreetly entered in by the caller through his/her telephone keypad and then securely and directly routed to the payment processor. The agent only sees encrypted symbols on his/her desktop.
This solution changes the ballgame when it comes to effectively handling sensitive information from the callers who require live agent assistance. Companies across the globe are already embracing this technology, and you can too.
Publish Date: August 31, 2016 8:37 PM
Publish Date: February 29, 2016 9:55 PM
A primary means today of complying with PCI data privacy regulations for contactcenters is to pause and resume the call recording system so as not to capture parts of the customer call in which sensitive information (i.e. credit card data, social security number, etc.) is being given.
In many cases, this method works in terms of keeping personally identifiable data off the call recorder. But that is where the value stops.
Sure, the call recording system won’t have a recording of the customer verbalizing his/her sensitive information when pause/resume works, but what about the agent hearing the data live? That can be a potential failure point. And what if the pause feature on the call recording system fails or the agent forgets to push the pause button? That’s another potential failure point.
In larger contact centers with bigger budgets, sometimes desktop analytics is added to the call recording system to trigger events based on the agent’s screen navigation, and this can also be set up to prompt a pause in the call recording. For example, if an agent navigates to the credit card payment page, the call recording system can be configured to send a pause command to the recording system. Once the agent navigates away from the payment page, the recording would then be prompted to resume.
Desktop analytics can certainly bring significant value to a contact center, but it also comes with a hefty price tag and substantial upfront and ongoing programming work to make all the triggers work properly. Add to that the fact that every time the agent’s desktop is updated, there may need to be some updates made to the desktop analytics to comply with what’s changed. This can add significant time and money to the call center’s total cost of ownership, especially when you consider that it takes a team working for months with the call recording company to configure all of the triggers. A final note here is that the desktop analytics system is far from fool proof and it can fail to send the pause trigger. When this happens, the company is at risk.
When it comes to compliance with strict regulations like PCI and HIPAA, contact centers can’t afford to play around. PCI-DSS clearly states, for example, that vendors/merchants cannot store recordings containing the verbalization or screen capture of credit card data. Each time there is a failure point with regard to pausing/resuming the call recording system, the company leaves itself vulnerable to severe penalties such as loss of merchant credit card privileges, fines and more.
A more comprehensive list of potential failure points with pause/resume call recording features includes:
- Agent forgetting to pause the call
- Pause/resume feature of the call recording system failing
- Pause/resume trigger in the desktop analytics system failing
- Quality assurance team evaluates one of these calls in number two above
- Agent hears the customer verbalizing their sensitive data
- Agent’s screen is showing the customer’s sensitive data as he/she enters it (passersby in the contact center can see the screen)
- Agent reads back the customer’s sensitive data to verify correct entry (other agents in the contact center can hear the sensitive data being read back to the customer)
- The screen recording component of the call recording system fails to pause the screen recording, and the screen capture of the credit card data entry is accidentally recorded and stored.
With the pausing/resuming of call recordings, quality assurance teams are also not able to get the full picture of the call. Supposes an agent who does nothing but capture payment from customers (via credit card) needs to be evaluated by the quality team. Every one of his/her calls will be incomplete. What happens if the agent makes a navigational error during each call which wastes a lot of time? What happens if the agent is rude during the credit card capture portion of the call? Evaluators would never capture this as those portions of the call would be erased via pause/resume.
What’s more, in a pause/resume scenario, merchants/vendors also need to make sure their contact center is equipped with CTI technology that will at least alert contact center management when pause/resume failure occurs so those recordings can be properly handled. Without such capabilities, these sensitive call recordings can put the company at risk.
A viable solution to this problem is DTMF data capture of sensitive customer data. The customer simply keys in his/her credit card number (for example) via their telephone keypad and the data is captured, encrypted in a server and never touches the agent’s desktop when captured. The data is immediately routed to the payment processor, without ever touching the call recording system. Many call centers today are starting to employ such DTMF technology. As its adoption becomes more ubiquitous, the recurring pause/resume challenge will diminish and no longer be an issue. But, until that time, contact centers need to be aware of their vulnerabilities.
Publish Date: February 4, 2016 5:34 PM