Contact Center Solutions Featured Article

Restructuring the Contact Center for PCI Compliance

November 10, 2008
By TMCnet Special Guest
J.R. Sloan, Vice President of Product Management and Marketing, Syntellect

Data security should be a top concern for contact centers handling credit card information (or any other personal information, such as a social security number). The theft or loss of consumer information over the past few years has cost organizations billions of dollars in fines and fixes. In one highly visible case, the loss of credit card information at The TJX Companies cost the company anywhere from $118 million to $1.35 billion, depending on whom you believe.
To stem the tide, the Payment Card Industry Data Security Standard (PCI DSS) was developed by the major credit card companies. It is a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security threats. While most organizations focus on the data encryption and network security aspects of the PCI standard, they need to address all the requirements to be in compliance. One important component of the standard is Requirement 7: Restrict access to cardholder data by business need-to-know.
Contact centers that allow Customer Service Representatives (CSRs) to access customer credit card data are at risk. A single dishonest CSR (News - Alert) has the potential to steal the confidential information of tens of thousands of callers in a single year. If the identity theft is done on a small scale, where the agent selectively takes information from the customers they come in contact with, the source may never be identified.
Luckily, today’s contact center technologies can be used to secure customer information and eliminate the agent breach point. The key is to authenticate callers before they reach the agent and use automated systems to collect credit card and other private data not already on file to resolve issues or complete transactions. Contact centers can utilize computer-telephony integration (CTI (News - Alert)) and interactive voice response (IVR) to implement new call handling procedures that secure customer-agent interactions.
CTI is a technology innovative contact centers are already using to personalize service, reduce call time and ensure that the right agent receives the call, the first time. It unites voice and data systems to enable new applications such as agent screen pop, intelligent routing and click-to-dial capabilities. By capturing the phone number from which the customer is calling and checking the database, the customer can be identified and a screen pop of the caller’s record can be sent to the agent along with the call. To meet PCI DSS requirements, a “need to know” screen pop can be configured so that the agent has the ability to collect and view the information needed to assist the caller while blocking highly confidential information.
For added security, organizations can implement a multi-factor authentication process. There are three types of authentication factors: something a user knows such as an account number, social security number or PIN, something a user has such as a phone or a one-time password generated by a security token or something unique to a user such as a voice print. Adding an IVR front-end to collect an additional piece of information or voice print to the CTI solution will further mitigate risk and exposure to agent fraud.
The combined CTI/IVR solution can handle the authentication of callers and ensure that agents do not have access to customer credit card and personal data from the start. However, there are still times when an agent needs to collect this type of information from the caller to complete a transaction.
For example, a customer calls in to book a vacation. They work with the agent to determine the dates and location that best meets their needs. Once complete, the agent would normally ask the customer for a credit card number to hold the reservation. In these cases, adding a secure IVR application to validate credit card information eliminates this breach point. The agent’s desktop would need to be configured with a button to transfer the call directly to the reservation application. The IVR application can be configured to speak confirmation information or automate additional post call work. In this way, the contact center can reduce call time and handle more customers with existing staff.  
Providing personal information over the phone can be disconcerting to customers. Consumers no longer know whom to trust, and recent high-profile security breach cases underscore the need for ever higher security measures to protect consumers from fraud. Companies that adopt this type of CTI-IVR solution can provide their customers with the security they crave and protect themselves from a potentially devastating problem. More importantly, those that do it properly will win the respect and loyalty of their customers for a lifetime.

Don’t forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users.

J.R. Sloan is vice president of product management and marketing at Syntellect, a provider of enterprise-class contact center solutions in Phoenix, Arizona.
TMCnet publishes expert commentary on various telecommunications, IT, call center, CRM and other technology-related topics. Are you an expert in one of these fields, and interested in having your perspective published on a site that gets several million unique visitors each month? Get in touch.

Edited by Mae Kowalke

Article comments powered by Disqus

Related Contact Center Solutions Articles

Contact Center Solutions Week in Review: Interactive Intelligence, BT and Accenture

The future is now, or at least it is coming at us fast in the Contact Center Solutions Community, and there are two great ways to be part of the industry buzz as to what is unlikely to unfold in 2015. The first is to attend ITEXPO East, January 27-30, 2014 at the Miami Beach Convention center. This is a great opportunity to be warm and more to the point, hear, see and discuss contact center issues in person with peers and subject matter experts. [ Read More ]

Customer Experience: The Last True Differentiator

In Ernst & Young's Global Consumer Banking Survey 2014, customers chose "the way I am treated" as the second most important reason for trusting their banking provider, just behind the understandably important "financial stability" of their bank. Customer experience was also cited as the most common reason for opening and closing accounts, more important than fees, rates, locations or convenience. Approximately 40 percent of customers planned to open or close an account in 2014. This means banks … [ Read More ]

Digital Is Driving Businesses to Offer Personal and Intuitive Customer Experiences says Accenture Report

The preoccupation with improving the customer experience (CX) by C-levels around the world has been a trend for several years. In fact, the fastest growing C-level position is Customer Experience Management Officer (CEMO) or some variation on the title. And, as CX becomes ever more important as the means to provide differentiated value, delighting existing customers and for obtaining and keeping new ones, the preoccupation will not only grow more intense in 2015, but so will the investments in t… [ Read More ]

BT Launches New Personalized Video Message Service

When it comes to contact center out-reach there are two trends that everyone needs to literally and figuratively keep an eye on in 2015. They are "personalization" and "video." And, while the first may seem obvious since the goal of marketers is to make customers and prospects feel appreciated with tailored messages uniquely for them, the use of video on the outbound side of things is after many years becoming something more than a novelty. [ Read More ]
Subscribe here for your FREE Contact
Center Solutions


Weekly Live Demo
Contact Center Solutions

Register Today!

Weekly Live Demo
CaaS Small Center

Register Today!