News : Semafone Guides Contact Centers Through Changing Regulatory Compliance Landscape
Semafone(R), a provider of data security and compliance solutions for contact centers, shares advice for navigating the ever-changing regulatory landscape. The company urges contact centers to be alert and aware of the long list of evolving international, federal, regional and state regulations in order to protect customer data, avoid fines and reduce the risk of a brand-damaging breach.
"Contact centers handle, process and store vast amounts of personally identifiable information (PII), such as credit card numbers, social security numbers, bank account details, birthdates and addresses, making them prime targets for hackers and fraudsters," said Tim Critchley, Semafone CEO. "With data breaches on the rise, compliance must be an integral part any organization’s security strategy – although that is often easier said than done."
The challenge, according to Semafone, is the lack of a single, all-encompassing global data security and privacy mandate. While the European Union General Data Protection Regulation (EU GDPR) is a step in this direction – as it applies to any business that handles an EU citizens’ data, no matter where the company is located – organizations must still adhere to a patchwork of other regulations. This becomes even more complicated when call recordings are involved. For example, the Payment Card Industry Data Security Standard (PCI DSS) prohibits the recording and storing of Sensitive Authentication Data (SAD) for credit and debit cards. Yet, in the U.S., the Electronic Funds Transfer Act (EFTA) requires the recording and retention of telephone conversations that authorize electronic funds transfers.
Sponsor message - content continues below this message
Employee Engagement Awards NOW OPEN!
Enter your center,and compete for this prestigious award to attract new staff and show investors and customers you are #1 in your nation!!
Content continues ….
Such complexities lead contact centers to adopt "pause and resume" or "stop/start" solutions which allow agents/customer service representatives (CSRs) to pause a recording while PII is read aloud and resume it once the information is captured. However, these systems are prone to failure. A CSR may forget to pause the recording, capturing PII on a recording that may then be breached; or, they could forget to resume the recording, leaving out vital information for mitigating potential transactional disputes.
"The enactment of the EU GDPR signals a new era for data security and privacy regulations," Critchley continued. "While we will likely see more countries follow in the EU’s footsteps, we are still years away from a truly global mandate. In the meantime, contact centers should seek new ways to simplify compliance, protect customer data, avoid fines and keep their names out of the news headlines as victims of a major cybersecurity incident. This begins with treating all PII as ‘toxic’ and removing as much of it as possible from their business’ IT infrastructure."
Semafone encourages contact centers to simplify compliance through descoping technologies, like dual-tone multi-frequency (DTMF) masking solutions. These technologies allow callers to enter numerical PII (like credit card and bank numbers) directly into their telephone keypad. The keypad (DTMF) tones are masked with flat tones, so CSRs and even eavesdroppers are never exposed to the sensitive data, nor is data captured on call recordings. This eliminates the need for pause and resume solutions and allows contact centers to record full conversations when needed.
Unlike interactive voice response (IVR) systems, DTMF masking solutions can allow agents to remain in full voice communication with callers, ensuring a positive customer experience. Once PII is captured, it is sent directly to the appropriate third party (such as a payment processor), bypassing the contact center’s network. As a result, the entire contact center is out of the scope of compliance for the PCI DSS and many other regulations. More importantly, PII no longer resides in desktop applications and call recording systems where it is vulnerable in the event of a breach.
Today's Tip of the Day - Right Metrics?
More Editorial From Semafone
Semafone provides secure voice transactions for contact centres and retailers taking Cardholder Not Present (CNP) payments. The solution allows a call - and the call recording - to continue as normal whilst the customer enters their credit card information using their telephone keypad. For complete security, Semafone's patented technology masks the Dual Tone Multi-Frequency (DTMF) tones from the cardholder's telephone and replaces them with a flat tone so they can't be recognised by the call centre agent or recorded on the call recording system. By ensuring all card data remains segregated and by removing Sensitive Authentication Data (SAD) before it hits the call recorder and the contact centre infrastructure, the contact centre is taken out of the scope of PCI DSS, protected against the risk of opportunistic agent fraud and the associated reputational risk.
Published: Tuesday, June 5, 2018
Eckoh is a global provider of Secure Payment and Customer Engagement solutions via our Eckoh Experience Portal as well as Third Party Support. We’ve an international client base and offices in the UK ...
Concentrix, a wholly-owned subsidiary of SYNNEX Corporation (NYSE: SNX), is a business services company. We focus on customer engagement and improving business outcomes for over 450 global clients acr...
Genesys® powers 25 billion of the world’s best customer experiences each year. Our success comes from connecting employee and customer conversations on any channel, every day. Over 10,000 companies in...
Cisco provides Unified Customer Contact solutions that extend customer care beyond simple phone transactions and the traditional contact centre to unique content-rich customer centric experiences. The...