PROFILE: Industry: Retail Employees: 1,300 Revenue: £116 mil
BUSINESS: Leading interior retailer, operating across the UK through self-employed advisors and concession operations as well as a170-seat contact centre.
CHALLENGE: To achieve and maintain PCI DSS compliance for secure payments without disrupting the customer experience.
SOLUTION: CallGuard for agent-assisted payments plus EckohPAY for automated self-service payments and PCI DSS compliance.
- Contact centre completely de-scoped from PCI DSS audit
- Agents and customers remain in contact throughout the transaction and entire call is recorded
- No sensitive card data enters Hillary’s systems.
Hillarys is the UK’s leading window dressing retailer with over 40 years’ experience of providing made-to-measure window dressings, principally blinds, curtains and shutters. During that time they have made and fitted over 25 million blinds.
Hillarys serve over 500,000 customers every year through their brands Hillarys, Arena, Web-Blinds and Blinds Supermarket. Their Advisors make 850,000 customer visits per year and 21,000 blinds and shutters are fitted each week. With this many orders, their contact centre and Advisors are pretty busy.
The Hillarys contact centres handle on average 20,000 calls each week. The 170 contact centre agents take orders, process deposits and balance payments, handle queries and offer advice. With a strong focus on excelling in customer service, Hillarys has been consistently listed in the Top 50 Companies for Customer Service.
Hillarys needed a PCI DSS payment solution that could provide their customers with a convenient and secure way of paying over the phone without disrupting their conversation. They chose CallGuard which de-scopes the whole contact centre from PCI DSS except their telephony network.
Hillarys take customer payments in two ways:
- A deposit from customer over the phone with a contact centre agent.
- The balance from the customer at their home using a manual process.
Payments through the Contact Centre
As Hillarys records calls for quality monitoring purposes, card details were being stored along with the conversation. To meet PCI DSS Compliance requirements, Hillarys had implemented a “pause call record” functionality where the agent could manually stop the recording at the point of payment.
Unfortunately, this method was not 100% watertight as there is a chance that card details can sometimes leak through if the agent forgets to stop recording for example.
Hillarys needed a new solution that enabled customers to pay over the phone with the agent but keeps their details from being seen or heard by agents or stored on recordings.
Payments through Advisors
Advisors took balance payments after completing the window covering installation using a chip and pin system. The problem here was that card details were being by the card devices and held within Hillarys internal systems. Also, 30% of customers were not in a good signal area, so cheque or manually entering card details was the alternative.
Hillarys wanted to make this whole process more seamless and secure for both the customer and Advisor by introducing a new system.
PCI DSS Compliance
Hillarys wanted to reduce the cost and complexity of managing a PCI DSS project at this scale and decided to completely outsource the phone payments part of their requirements.
They needed a solution that enabled them to completely outsource their PCI DSS requirement, and focus on their core business. The solution needed to:
- Provide seamless in-call transfer to secure IVR payment capture system for remote Advisors.
- Customer payment card details to remain outside of Hillarys infrastructure.
- Ability to integrate with Hillarys systems and payment providers.
- Full integration with their existing telephony system.
“After evaluating a number of secure payment solutions, we selected Eckoh as a partner because of their clear expertise in implementing payment solutions, their PCI DSS level one status and the flexibility and ease-of-use of their CallGuard solution. It provides our customers who want to make payments over the phone with a convenient and highly secure payment service that delivers an excellent customer experience.” David Lewis, ICT Director, Hillarys
After assessing numerous solutions, Hillarys chose CallGuard for contact centre agent assisted payments; and EckohPAY IVR for payments made through their home-visit Advisors.
Both CallGuard and EckohPAY remove desktops, systems, agents and call recordings from PCI DSS compliance scope.
Eckoh’s technology enables the call and the recording to take place uninterrupted. Unlike the ‘pause and resume’ method, CallGuard and EckohPAY completely protects customer data and leaves no room for human error or mis-keying the numbers.
When a customer pays their deposit over the phone with one of Hillarys Call Centre team, the customer is asked to type their card numbers into the telephone keypad whilst in constant conversation with Hillarys’ agents. When the card numbers are pressed on the keypad, each digit is replaced by a flat tone, so that the number cannot be identified from its tones. This offers total security whilst remaining PCI DSS compliant. The agent cannot see, hear or have access to the customer card data.
When an Advisor takes the balance payment from the customers at their home, they ask the customer to dial a number that takes them to automated card payment service, EckohPAY.
The customer is then taken immediately through several steps, entering their card details using their telephone keypad/ enables customers to make payments over the phone 24/7.
The service securely authenticates the caller using identification and verification before guiding them through to making a payment.
“When you see how many payments we take on an annual basis, PCI DSS compliance is an absolute must for us. We are not a technology business, so needed outside expertise to make it happen.”
Hillarys customers’, agents and Advisors have given extremely positive feedback on both IVR and Agent assisted services. CallGuard and EckohPAY have completely removed Hillarys’ contact centre from the PCI DSS audit scope and has significantly reduced fraud and data breach risk.
Customers are given a greater sense of security knowing that their details are kept secret. As Agents are able to continue voice communication with their customers through the payment process, they can provide an improved level of customer service.
Advisors visiting customers’ homes can also take payment at any time of the day, quickly and efficiently through the automated IVR system.
The Agent simply provides the customer with the automated phone number and asks them to make a payment using the IVR. The Agent then receives confirmation and can provide the customer with a receipt.