Contact Center Solutions Featured Article

November 10, 2008

Restructuring the Contact Center for PCI Compliance

By TMCnet Special Guest
J.R. Sloan, Vice President of Product Management and Marketing, Syntellect


Data security should be a top concern for contact centers handling credit card information (or any other personal information, such as a social security number). The theft or loss of consumer information over the past few years has cost organizations billions of dollars in fines and fixes. In one highly visible case, the loss of credit card information at The TJX Companies cost the company anywhere from $118 million to $1.35 billion, depending on whom you believe.
 
To stem the tide, the Payment Card Industry Data Security Standard (PCI DSS) was developed by the major credit card companies. It is a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security threats. While most organizations focus on the data encryption and network security aspects of the PCI standard, they need to address all the requirements to be in compliance. One important component of the standard is Requirement 7: Restrict access to cardholder data by business need-to-know.
 
Contact centers that allow Customer Service Representatives (CSRs) to access customer credit card data are at risk. A single dishonest CSR (News - Alert) has the potential to steal the confidential information of tens of thousands of callers in a single year. If the identity theft is done on a small scale, where the agent selectively takes information from the customers they come in contact with, the source may never be identified.
 
Luckily, today’s contact center technologies can be used to secure customer information and eliminate the agent breach point. The key is to authenticate callers before they reach the agent and use automated systems to collect credit card and other private data not already on file to resolve issues or complete transactions. Contact centers can utilize computer-telephony integration (CTI (News - Alert)) and interactive voice response (IVR) to implement new call handling procedures that secure customer-agent interactions.
 
CTI is a technology innovative contact centers are already using to personalize service, reduce call time and ensure that the right agent receives the call, the first time. It unites voice and data systems to enable new applications such as agent screen pop, intelligent routing and click-to-dial capabilities. By capturing the phone number from which the customer is calling and checking the database, the customer can be identified and a screen pop of the caller’s record can be sent to the agent along with the call. To meet PCI DSS requirements, a “need to know” screen pop can be configured so that the agent has the ability to collect and view the information needed to assist the caller while blocking highly confidential information.
 
For added security, organizations can implement a multi-factor authentication process. There are three types of authentication factors: something a user knows such as an account number, social security number or PIN, something a user has such as a phone or a one-time password generated by a security token or something unique to a user such as a voice print. Adding an IVR front-end to collect an additional piece of information or voice print to the CTI solution will further mitigate risk and exposure to agent fraud.
 
The combined CTI/IVR solution can handle the authentication of callers and ensure that agents do not have access to customer credit card and personal data from the start. However, there are still times when an agent needs to collect this type of information from the caller to complete a transaction.
 
For example, a customer calls in to book a vacation. They work with the agent to determine the dates and location that best meets their needs. Once complete, the agent would normally ask the customer for a credit card number to hold the reservation. In these cases, adding a secure IVR application to validate credit card information eliminates this breach point. The agent’s desktop would need to be configured with a button to transfer the call directly to the reservation application. The IVR application can be configured to speak confirmation information or automate additional post call work. In this way, the contact center can reduce call time and handle more customers with existing staff.  
 
Providing personal information over the phone can be disconcerting to customers. Consumers no longer know whom to trust, and recent high-profile security breach cases underscore the need for ever higher security measures to protect consumers from fraud. Companies that adopt this type of CTI-IVR solution can provide their customers with the security they crave and protect themselves from a potentially devastating problem. More importantly, those that do it properly will win the respect and loyalty of their customers for a lifetime.
 
Don’t forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users.
 
J.R. Sloan is vice president of product management and marketing at Syntellect, a provider of enterprise-class contact center solutions in Phoenix, Arizona.
 
TMCnet publishes expert commentary on various telecommunications, IT, call center, CRM and other technology-related topics. Are you an expert in one of these fields, and interested in having your perspective published on a site that gets several million unique visitors each month? Get in touch.

Edited by Mae Kowalke


Related Contact Center Solutions Articles

    Interactive Intelligence, One of the Best Places to Work in Indiana

    We in the U.S. know from hard facts the challenges confronting the "Rust Belt" states of Ohio, Indiana, Illinois, Michigan and Wisconsin. They all for a variety of reasons saw their industrial bases decimated and have struggled to find their economic bearings. [ Read More ]
    05/15/2012

    LivePerson Receives 2012 CRM Excellence Award from CIS Magazine

    Commitment to customers and clients and expanding customer relationships lay the foundation for success, and LivePerson, Inc. was honored with Customer Interaction Solutions 2012 CRM Excellence Award from TMC for its effort to improve customer experience with LP Chat. "We are honored to be recognized by Customer Interaction Solutions for the value that our technology provides to our customers' relationships and ultimately their businesses," Robert LoCascio, founder and CEO at LivePerson, sai… [ Read More ]
    05/15/2012

    Customer Interactions Solutions Magazine Honors 24-7 Intouch as Top Teleservices Provider

    Canadian teleservices provider 24-7 Intouch was once again named to Customer Interactions Solutions Magazine's 27th Annual top 50 Teleservices Ranking list. The company ranked fifth in the Interactive category this year after earning the eighth slot in 2011 and the 31st ranking in 2010. 24-7 Intouch also placed fifth as an International Outbound and seventh as a National Inbound provider. [ Read More ]
    05/15/2012

    Domino's Pizza: Powered by the Cloud

    Domino's Pizza is on top of the pizza-delivery market in the UK and other parts of Europe, with over 720 stores across the UK, Republic of Ireland and Germany. Such popular and relied upon businesses need a solid, effective solution to communicating with customers and taking phone-in orders - traditional telecom solutions just don't cut it. [ Read More ]
    05/15/2012

[ View all Contact Center Solutions Articles ]

FOLLOW US

Contact Center Solutions Glossary of Terms

Featured Product Demo

    Contact Center Solutions eBook
    CIC has always been a powerful all-on-one solution for IP business communications. Now with the release of 4.0, CIC provides an architecture that's even more powerful, user tools to make the customer experience even more satisfying, and management tools that improve the performance of any business - dramatically ...

Featured eBook

    Contact Center Solutions eBook
    In this e-book from Interactive Intelligence, you'll learn about emerging contact center technology trends and newer options like self-service technology, analytics and Web 2.0. Here we've compiled a selection of the top news stories, features, white papers, case studies, podcasts ...

Featured Videos

Featured Resources

Ask the Expert

Press Releases