Industry: Retail Pharmaceuticals Employees: 70,000 UK Revenue: £498 million
Business: High street pharmacy, health and beauty retailer, formed in 1849, with around 2,500 stores, a strong web presence and loyalty scheme. They operate one contact centre.
Challenge: Achieving PCI DSS compliance to secure payments and reduce risk to the business, the contact centre and the customer.
Solution: CallGuard Hosted solution that de-scopes the contact centre from PCI DSS audit.
- Agent and customer stay in contact throughout the call
- PCI DSS compliant every minute, of every day
- No sensitive data is available to steal.
This leading pharmacy-led health and beauty retailer was formed in 1849. With around 2,500 stores in the UK, ranging from local community pharmacies to large destination health and beauty stores it is part of the Retail Pharmacy International Division of a large US organisation which was the first global pharmacy-led health and wellbeing enterprise. Today the business sell their products to the UK and internationally.
Information security is a major focus for this business as they seek to address the rise in data breaches, payment card fraud and other security risks that businesses face today.
Their commitment to tightening security led to them to seek a solution to their contact centre telephone card payments where cardholder data is exposed to the agents and potentially stored in the company’s IT environment. With several hundred agents, operating from their contact centre in Nottingham, the business wanted, as well as needed, to achieve PCI DSS compliance and maintain it, year on year.
Eckoh implemented its fully managed, CallGuard Hosted solution.
When a customer keys in their card details using their phone’s keypad, audio tones (DTMF) are generated which match the card number. Eckoh’s solution instantly replaces these tones with whispered audio ‘tokens’ which are then ‘spoken’ to the agent, who types these into the payment screen. As the token data is not real card information it is completely meaningless to thieves or fraudsters and so can be stored safely. The token data will be switched for the actual cardholder data when it passes through the Eckoh secure platform.
This solution is extremely quick to implement and does not involve complex changes to databases, payment processes, security systems or other IT areas.
With information security playing an important part in this pharmacy-led health and beauty retailer’s business strategy, a PCI DSS secure payment solution was sought that would provide robust and continuous compliance.
This means that the agent never sees or hears, sees or is exposed to the real card data. Neither is the real card data held in any call recordings or storage devices. There is, in effect, nothing meaningful to steal.
- Agent can stay in conversation with the customer
- Customer data is protected
- Agent is not exposed to the data
- Reduce risk to the business, the agent and the customer
- PCI DSS compliance achieved.