Case Studies

Proving our solutions work

DIY Retailer US
Agent-Assisted payments for PCI DSS compliance and robust, secure payments
Agent-Assisted payments for PCI DSS compliance and robust, secure payments

Profile

Industry: Retail - DIY   Employees: 400,000   Revenue: £78.71 billion

Background: Major US home improvement retailer with a strong online presence and contact centre operation.

Challenge: Easing the demands of PCI DSS compliance and reducing the risks involved in taking customer payments over the phone via their contact centre – without compromising CX

Solution: CallGuard Hosted for simplified PCI DSS compliance and payment security assurance

Benefit:

  • The entire contact centre is de-scoped from the PCI DSS audit, easing the compliance burden
  • Agents are able to remain in contact with the customer throughout the call
  • It’s quick and simple to install needing no system changes

Background

Founded in 1978 and headquartered in Atlanta, Georgia, this Fortune 50 US retailer, dedicated to home improvement supplies, provides tools, construction products and services. It is the world’s largest home improvement retailer with more than 2,200 stores across North America.

Challenge

With a strong web presence and a large contact centre, this retailer needed to lock down their contact centre payments to ensure the security of data, reduce risk and achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS). 

The solution would need to work with their existing internal payment vault because many of the orders received over the phone are shipped at a later date and so important order information was contained in the vault. It would also need to work seamlessly with their newly implemented two-factor authentication provider – Pindrop.

With a number of different stakeholders involved, there was a range of different requirements, such as:

Customer experience manager: Maintaining a great customer experience and demanded that the contact centre agents are able to stay in touch with the customer throughout the entire call, including the payment interaction.

Head of compliance – required that the solution would significantly ease the demands of the PCI DSS audit to avoid continuing to adapt to the environment every time there was a change. The team also wanted to demonstrate that it had addressed ‘the last mile’ when it came to securing contact centre agent payments.

Head of IT – needed a solution that ensured the infrastructure was completely flexible so that they can make changes as needed without disrupting the secure payment solution or process. It was also important to free up valuable in-house resources that had so far been tied up on managing their existing solution’s implementation or management.

Head of finance – wanted a solution that didn’t dictate that they change their current payment pages or processes. They wanted the solution to fit with their business, not with the suppliers.

Solution

Eckoh delivered its patented, hosted CallGuard Audio Tokenisation solution because it fully removes the contact centre from the scope of PCI DSS audit, making their total compliance burden much simpler and ensuring that they remain compliant every minute of every day.

When a customer keys in their card details using their phone keypad, audio tones (DTMF) are generated to match the card number. This could be interpreted by an agent or call recording. So, Eckoh’s solution instantly replaces these tones with different, flat tones known as an audio ‘token’. The token data is entered directly into the agent’s screen. As the token data is not real card data is it completely meaningless and of no value a thief or a fraudster. The data is not seen, heard, stored or transmitted by the business.

The solution removes the whole of the contact centre from PCI DSS scope - Call Recording; Screen Recording; Agents and Desktops; IT Systems; Data LAN; Physical Environment; Internet access restrictions; Building (CCTV, etc.); PBX/ACD/CTI; Telephony Network (Digital or VoiceLAN).

CallGuard ensures that while cardholder data remains isolated from the contact centre environment, the agent and caller can continue the dialogue, providing a seamless customer experience.

With several different stakeholders, the secure payment and PCI DSS compliance need for this retailer were complex. With Eckoh’s CallGuard solution they can meet every one of these demands and be reassured of payment security and compliance – every minute of every day.

Value

Eckoh was able to deliver on all counts and in the timeframe the customer needed.  Comments from contact centre agents as well as customers are all positive.

  • The entire contact centre is de-scoped from the PCI DSS audit, easing the compliance burden
  • Agents are able to remain in contact with the customer throughout the call
  • Reduced risk of fraud and impact of a data breach
  • No data is seen, heard, stored or transmitted by the business
  • Their customers are reassured that all payments made are done so in a secure manner
  • It’s quick and simple to install needing no system changes

  pdf DOWNLOAD CASE STUDY PDF (205 KB)

Get in touch today

Get in touch today and find out how the Eckoh Experience Portal can change your customer engagement for the better.

book a demo

Get In Touch