Contact Center Solutions Featured Article

Restructuring the Contact Center for PCI Compliance

November 10, 2008
By TMCnet Special Guest
J.R. Sloan, Vice President of Product Management and Marketing, Syntellect

Data security should be a top concern for contact centers handling credit card information (or any other personal information, such as a social security number). The theft or loss of consumer information over the past few years has cost organizations billions of dollars in fines and fixes. In one highly visible case, the loss of credit card information at The TJX Companies cost the company anywhere from $118 million to $1.35 billion, depending on whom you believe.
To stem the tide, the Payment Card Industry Data Security Standard (PCI DSS) was developed by the major credit card companies. It is a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security threats. While most organizations focus on the data encryption and network security aspects of the PCI standard, they need to address all the requirements to be in compliance. One important component of the standard is Requirement 7: Restrict access to cardholder data by business need-to-know.
Contact centers that allow Customer Service Representatives (CSRs) to access customer credit card data are at risk. A single dishonest CSR (News - Alert) has the potential to steal the confidential information of tens of thousands of callers in a single year. If the identity theft is done on a small scale, where the agent selectively takes information from the customers they come in contact with, the source may never be identified.
Luckily, today’s contact center technologies can be used to secure customer information and eliminate the agent breach point. The key is to authenticate callers before they reach the agent and use automated systems to collect credit card and other private data not already on file to resolve issues or complete transactions. Contact centers can utilize computer-telephony integration (CTI (News - Alert)) and interactive voice response (IVR) to implement new call handling procedures that secure customer-agent interactions.
CTI is a technology innovative contact centers are already using to personalize service, reduce call time and ensure that the right agent receives the call, the first time. It unites voice and data systems to enable new applications such as agent screen pop, intelligent routing and click-to-dial capabilities. By capturing the phone number from which the customer is calling and checking the database, the customer can be identified and a screen pop of the caller’s record can be sent to the agent along with the call. To meet PCI DSS requirements, a “need to know” screen pop can be configured so that the agent has the ability to collect and view the information needed to assist the caller while blocking highly confidential information.
For added security, organizations can implement a multi-factor authentication process. There are three types of authentication factors: something a user knows such as an account number, social security number or PIN, something a user has such as a phone or a one-time password generated by a security token or something unique to a user such as a voice print. Adding an IVR front-end to collect an additional piece of information or voice print to the CTI solution will further mitigate risk and exposure to agent fraud.
The combined CTI/IVR solution can handle the authentication of callers and ensure that agents do not have access to customer credit card and personal data from the start. However, there are still times when an agent needs to collect this type of information from the caller to complete a transaction.
For example, a customer calls in to book a vacation. They work with the agent to determine the dates and location that best meets their needs. Once complete, the agent would normally ask the customer for a credit card number to hold the reservation. In these cases, adding a secure IVR application to validate credit card information eliminates this breach point. The agent’s desktop would need to be configured with a button to transfer the call directly to the reservation application. The IVR application can be configured to speak confirmation information or automate additional post call work. In this way, the contact center can reduce call time and handle more customers with existing staff.  
Providing personal information over the phone can be disconcerting to customers. Consumers no longer know whom to trust, and recent high-profile security breach cases underscore the need for ever higher security measures to protect consumers from fraud. Companies that adopt this type of CTI-IVR solution can provide their customers with the security they crave and protect themselves from a potentially devastating problem. More importantly, those that do it properly will win the respect and loyalty of their customers for a lifetime.

Don’t forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users.

J.R. Sloan is vice president of product management and marketing at Syntellect, a provider of enterprise-class contact center solutions in Phoenix, Arizona.
TMCnet publishes expert commentary on various telecommunications, IT, call center, CRM and other technology-related topics. Are you an expert in one of these fields, and interested in having your perspective published on a site that gets several million unique visitors each month? Get in touch.

Edited by Mae Kowalke

Article comments powered by Disqus

Related Contact Center Solutions Articles

What it Takes to Deliver a Superior Customer Experience

For enterprises large and small around the world for the past several years "Improving the Customer Experience" has become a C-level priority. Some might even say customer experience (CX) has become a preoccupation. The challenge for everyone who is a stakeholder in developing ways to improve CX is in divining the answer to a straightforward but devilish question, "What does it take to deliver a superior customer experience?" [ Read More ]

Big Data: Changing the Recruitment Process

Big data is having an impact on every aspect of business today, and recruitment is no exception. Many HR managers are increasingly turning to big data to find the right people for the right position. This idea of using big data for recruitment is called people analytics, and has been adopted extensively by many companies, especially those in the call center industry. In fact, call centers have been one of the biggest beneficiaries of people analytics because of its high attrition rates and the d… [ Read More ]

Mobile UC Benefits From 'Interactive Virtual Queuing' For Efficient Customer Care

A recent study commissioned by Nuance of 1,000 American consumers, confirmed the changing needs and concerns for customer service brought about by smartphones and online self-service applications for information and simple business transactions ("mobile apps"). Eighty-two percent of consumers only contact customer service when they can't resolve their needs online by themselves. [ Read More ]

How to be the 'Squeaky Wheel' of Customer Service

Sometimes getting customer service can be tougher than anyone might expect. It's easy to think that, particularly these days, businesses will go to just about any lengths to get and keep customers, but when it comes to customer service, that's not always the case. However, there are ways that customers can, at least somewhat, force the issue, and get great customer service out of a company, even when it would seemingly rather not provide that service. Squeaky wheels, after all, get the grease, a… [ Read More ]
Subscribe here for your FREE Contact
Center Solutions


Weekly Live Demo
Contact Center Solutions

Register Today!

Weekly Live Demo
CaaS Small Center

Register Today!