Industry: Retail Employees: 4,000+ Revenue: £1.076 billion
Business: Multi-channel retailer offering flooring and decorating products to consumer and trade customers.
Challenge: PCI DSS compliance by de-scoping their entire contact centre.
Solution: CallGuard Audio Tokenisation using Amazon Web Services.
- PCI DSS compliance achieved and maintained simply
- CallGuard can scale to meet the company’s growth plans
- Reduced risk of fraud and impact of a data breach
This large retail company, based in Smyrna, Georgia, is a publicly traded company on the NYSE. They currently have 100 stores in 28 states as well as a robust online retail platform offering tile, wood, laminate and natural stone flooring products as well as other installation accessories. This multi-channel company serves professional installers, commercial businesses and do it yourself customers. They plan to open a further 17 retail stores and have budgeted nearly $30 million for improving their e-commerce and technology infrastructure.
The company operates a contact centre with some 50 agents taking payments from customers over the telephone and web. As a result, they need to be compliant with the Payment Card Industry Data Security Standard (PCI DSS) in order to protect card holder data and reduce the risk of fraud.
Previously the company had used a ‘pause and resume’ method to protect card holder data but this was not fully meeting the requirements of PCI DSS. The company therefore wanted to remove their 50 contact centre agents from the scope of PCI DSS to simplify the compliance process.
What they needed was a provider whose solution would work with their new hosted telephony provider – Five9s – and who had a strong track record if delivering robust PCI DSS compliant secure payment solutions. The company also wanted the provider to be able to take their QSA through the entire solution.
Eckoh proposed its CallGuard Audio Tokenisation Hosted solution which is delivered through Eckoh’s Amazon Web Services (AWS) and allows the company to take cardholder data securely over the phone without changing their systems or processes.
When a customer keys in their card details using their phone’s keypad, this generates audio tones (DTMF digits) which match the card number. The audio tokenisation instantly replaces these tones with different tones to create placeholder data. This is then entered into the agent’s payment screen. As the placeholder data is not real card information it can be stored safely and is meaningless to anyone trying to steal it.
CallGuard Audio Tokenisation is extremely easy to implement as it does not involve complex integrations or changes to databases, processes or security systems.
Eckoh worked closely with Five9s, the company, their PSP and outside consultant to ensure that the solution met everyone’s requirements as well as the PCI DSS criteria. The QSA was involved to review the responsibility matrix and sign off the project.
Operating a multi-channel retail operation requires robust solutions to enable payments to be protected without compromising customer service or business growth plans. CallGuard enables both of these and simplifies the whole process by de-scoping the contact centre from the scope of PCI DSS.
- The entire contact centre is de-scoped from the PCI DSS audit – significantly simplifying the compliance process
- They now have a solution that will scale up to meet their major growth plans
- The risk of fraud is reduced as is the impact of a data breach
- The company can achieve and maintain PCI DSS compliance more simply because CallGuard is the most effective PCI DSS compliant solution available