PROFILE: Industry: Telecommunications Employees: 30,,000 Revenue: £25.05 bn
BUSINESS: Telecommunications business providing wireless and internet services.
CHALLENGE: Need for PCI DSS compliance by de-scoping as much of the contact centre as possible.
SOLUTION: CallGuard Audio Tokenisation On-site.
- PCI DSS compliance achieved
- Customer payments made secure
- Robust solution that’s simple and fast to deploy.
Founded in 1899, this client provides wireless services. They are the 4th largest mobile network operator in the US with 54 million customers and is an internet service provider. They also offer wireless voice, messaging and broadband services through various subsidiaries and wholesale access to its wireless networks. They have two data centres, two contact centres (Kansas and Arizona) and 22,000 contact centre agents.
As the two contact centres take card payments over the phone and via their IVR, they needed to comply with the Payment Card Industry Data Security Standard (PCI DSS) and ensure their business could grow.
They were seeking a solution that would significantly reduce the burden of compliance by removing as much of their contact centre from the scope of the PCI DSS audit as possible and meet their very short production installation timelines. The client particularly wanted to include their session border controllers in the de-scoping of their contact centre.
Eckoh delivered its patented CallGuard Audio Tokenisation On-site solution, with full CTI integration.
When a customer keys in their card details using their phone keypad, audio tones (DTMF) are generated.
Eckoh’s solution instantly replaces these tones with an audio ‘token’ audio ‘token,’ which is automatically placed directly into the payment field on the agent’s screen. As the token data is not real card data it is completely meaningless and of no value a criminal.
The client chose Eckoh’s solution because it is the most secure solution available to de-scope data from PCI DSS scope. It also has zero impact on the client’s internal processes and third-party token vault process.
In addition, because Eckoh does all of the “heavy lifting” for the implementation, Eckoh could guarantee their desired go-live date would be met. CallGuard is also much quicker to install as there is no need for API and application development changes.
- PCI DSS compliance – achieved and all of their call centre transactions are de-scoped
- CallGuard becomes the default payment capture method input for their permanent token provider when capturing new payment data information
- No sensitive data is seen or heard by agents, captured in the call recording, stored in systems or traverses their networks – not even their session border controllers. As there’s no data in the system, there is nothing to steal.
- The contact centre agents can take card payments from their customers over the telephone and via their IVR in a secure manner.