
#contactcenterworld, @Semafone
Author: Gary Barnett, CEO, Semafone
At a time when data breaches and fraud are occurring with increasing frequency and severity, one would think that organizations would be especially focused on protecting their sensitive data. And with the growing number of regulations designed to strengthen data security and privacy, businesses must surely be improving their security practices, right? Sadly, that may not be the case. A recently-released report from Verizon examining the state of payments security across industries found that the number of organizations in compliance with the Payment Card Industry Data Security Standard (PCI DSS) has decreased for the second year in a row. Globally, less than 40 percent of the organizations examined were found to be in full compliance. It appears that organizations are backsliding when it comes to meeting the fundamentals of data security. But is it a matter of not caring to comply with industry regulations, or more so a matter of experiencing compliance fatigue?
As the central point of contact for customer engagement, enterprise call and contact centers handle a wide range of sensitive and personally identifiable information (PII) such as names, addresses, birthdates, payment card data, bank account details and more. As a result, they must often comply with an ever-growing number of increasingly complex regulations which includes not only the PCI DSS but also the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Health Insurance Portability and Accountability Act (HIPAA) and many more. Facing such a complex regulatory landscape, many enterprise contact centers are finding themselves in a state of analysis paralysis and therefore unsure of where to begin in order to strengthen security and ensure compliance.
But contact centers cannot afford to wait. The average cost of a data breach is now nearly $4 million. On top of that, the fines and penalties for non-compliance with PCI DSS that card brands and banks often pass along to merchants in the event of a breach can run up to $100,000 per month. Contact centers must shore up their data security processes and procedures immediately, or risk being the next major data breach headline. Fortunately, there are new technologies available that can help businesses strengthen data security and ease compliance by keeping sensitive payment card data out of their network infrastructure in the first place.
For example, dual-tone multi-frequency (DTMF) masking technologies enable contact centers to securely collect numerical PII such as credit card numbers and bank account details over the phone. With DTMF masking technologies, the caller simply enters their details into the telephone’s keypad. The tones are replaced with flat tones so they cannot be deciphered by the agent on the line or captured on call recording systems. The sensitive payment information is then routed directly to the payment processor, never touching the contact center’s network infrastructure. The agent stays in constant communication with the caller throughout the duration of the payment process, helping to create a more frictionless customer experience as well.
Similar technologies are also available for the numerous digital engagement channels that many contact centers now support, such as email, webchat, social media platforms, SMS text messages and more. To securely accept payments through these channels, the business can leverage solutions that generate and send secure payment hyperlinks. Customers simply click the link and enter their payment details. Again, the sensitive information is segregated and securely routed directly to the payment service provider (PSP) for processing.
By keeping sensitive payment data out of the contact center’s network in the first place, organizations can take their contact center out of the scope of compliance for PCI DSS and other standards and regulations. This dramatically reduces the cost and complexity associated with meeting and maintaining compliance in a time when companies are otherwise overwhelmed with compliance fatigue or may mistakenly believe that building out a PCI DSS compliant payment platform for their organization will be prohibitively complex. In reality, there are technology solutions available that are easy to implement and descope multiple channels, to make secure and compliant payments a breeze.
Businesses across all industries should investigate the latest technologies available for securely accepting multi-channel payments while keeping the sensitive payment data itself out of their contact centers. Such solutions will allow businesses to rest easy, knowing that they’ve strengthened security and reduced their organization’s risk of suffering a data breach. After all, no one can hack data you don’t hold.
About Semafone:Semafone provides secure voice transactions for contact centres and retailers taking Cardholder Not Present (CNP) payments. The solution allows a call - and the call recording - to continue as normal whilst the customer enters their credit card information using their telephone keypad. For complete security, Semafone's patented technology masks the Dual Tone Multi-Frequency (DTMF) tones from the cardholder's telephone and replaces them with a flat tone so they can't be recognised by the call centre agent or recorded on the call recording system.
By ensuring all card data remains segregated and by removing Sensitive Authentication Data (SAD) before it hits the call recorder and the contact centre infrastructure, the contact centre is taken out of the scope of PCI DSS, protected against the risk of opportunistic agent fraud and the associated reputational risk.
Published: Wednesday, January 15, 2020
1.) | 3Fiftynine Branches Combines knowledge management with call support as continue improvement. |