Major UK DIY Retailer

Profile

Industry: Retail Employees: 7,000 Revenue: £1.3billion

Business: The UK's largest multi-channel supplier of trade tools, workwear, plumbing, and electrical essentials. It has been operating for 30 years dispatching tens of thousands of parcels every week.

Challenge: To achieve PCI DSS compliance to reduce the risk of fraud, and secure sensitive data while not compromising their award-winning customer care.

Solution: Patented CallGuard secure payment solution for achieving and maintaining PCI DSS compliance.

Benefit:

• PCI DSS compliant 24x7x365
• Speedy implementation
• Sensitive data is not exposed
• Significantly reduced risk of fraud
• Agent retains full control

Background

The retailer's contact center handles around 40,000 calls every week, talking to around 2 million customers per year. With an emphasis on putting customers at the heart of their business, the 350 contact center agents take orders, process payments, handle queries and offer advice.

Challenge

Customer Service is a top priority and the business is proud of their award-winning contact center. To ensure continuous service and security, they needed a method to make it PCI DSS compliant. Many customers would pay by phone, verbally relaying credit card details to an agent who typed them into the core systems.

With thousands of calls coming in from customers, it was imperative that the business increase voice channel security without compromising their reliable, personalized, and uninterrupted customer service.

Solution

The retailer chose CallGuard Hosted, which completely removes phone payments from PCI DSS audit scope. CallGuard Hosted is a fully managed service, allowing advisors to accept card payments, without card details entering the contact center environment.

The service enables advisors to remain on the phone with the caller and guide them verbally through the payment process. When a caller types their card details into their handset the DTMF tones are intercepted by CallGuard and replaced with monotones, allowing call recording to continue without implications to PCI DSS compliance. As only masked card numbers are shown on the Advisor's CallGuard web panel, they can stay in contact throughout the call to assist the customer in the event of any difficulty.

Numeric data isn't seen, heard, transcribed, or recorded and agents are able to stay on the phone with customers for the duration of each call.

We wanted to ensure that all our payment processes remain as secure as possible, including transactions through our contact center. CallGuard fulfills this need perfectly and enables us to take payments from customers over the phone in a PCI DSS-compliant way, without compromising the customer experience. Director of Customer Operations, Major UK Retailer

Value

Eckoh rolled out CallGuard in a very short time, ensuring PCI DSS compliance and fraud mitigation. The solution helps to reduce real business risk while providing a secure payment environment for its customers.

Agents are not burdened with data that they do not need to see, and the organization has greater control over the information that their customer-facing staff have access to.

This assures its customers' data is protected. By using Eckoh as their PCI DSS Compliant Service Provider, the business has avoided a long and detailed part of the compliance process. In fact, CallGuard is now the standard solution across the wider group for taking payments over the phone and has been rolled out to a further three contact centers. - more than doubling the number of customer conversations secured.

CallGuard provides a seamless customer experience while adhering to the PCI DSS. Customers can now ask questions about products, services, and delivery and pay securely over the phone.

Looking Forward

As a solution unique to Eckoh, we recognize that this example is likely a challenge many other enterprise organizations struggle with when they begin tackling payment security within their contact centers. Some organizations may even feel like their only option is to either deploy hardware on-premise – likely disrupting long-term cloud transformation strategies – or only achieve partial PCI DSS de-scoping.

As a result, the methodology innovated for The Client is now part of the Eckoh architecture. In fact, multiple other clients have also taken advantage of this solution, allowing them to maintain their existing telephony architecture while maintaining the strictest possible standard for payment security.

To learn more about how Eckoh secures payments across all engagement channels, please contact one of our trusted advisors.