Client Financial Services

A business services company with an extended portfolio including HR, health and safety, insurance and employee wellbeing.

Profile

Industry: Business Services Employees: 1,500+ Revenue: $388.75m

Business: A business services specialist supporting over 75,000 diverse businesses in the UK, Ireland, Australia, New Zealand and Canada, providing employment law, HR, insurance plus health and safety services.

Challenge: PCI DSS compliance and protection of client card data.

Solution: CallGuard Hosted solution that prevents sensitive data from entering or being stored in the contact center's systems. Achieving PCI DSS compliance that can be maintained every minute of every day.

Benefit:

• PCI DSS compliance
• The agent remains in touch with the client during the call
• Calls can be safely recorded
• Flexibility to accommodate acquisitions

Background

Peninsula Group was formed in 1983 to provide professional services to small businesses across the UK.

Initially specializing in employment law, they have extended their portfolio to include HR, health and safety management, insurance and employee wellbeing among others. The business is now a global leader and has expanded services businesses in Ireland, Australia, New Zealand and Canada.

Today they operate a high-volume contact center with 60 agents taking Card-not-Present (CNP) payments.

Challenge

As the business grew, so did the volume of incoming calls and with that the sharp rise in the number of payments being made over the telephone. As a result, they needed to achieve Payment Card Industry Data Security Standard (PCI DSS) compliance which is required by the card companies.

The regular acquisition of other businesses now fuels this telephone payment growth to the extent that Peninsula knew it needed a solution that would not only protect them and their clients from the risk of a data breach or fraud but also be capable of being rolled out to new business as they joined the Group.

Call recording was not possible due to the client reading their payment card details to the contact center agent. This meant that not only was the client and agent exposed to sensitive data but the Group lost the record of the client engagement history and the insight it would have provided.

Solution

Eckoh will deliver its CallGuard Hosted solution which prevents sensitive data from entering the contact center environment. As such it removes the entire contact center from the scope of the PCI DSS audit, ensuring compliance every minute of every day. As there is no information in Peninsula Group's systems, there is nothing there to be stolen.

The CallGuard payment panel is configurable to Peninsula Group enabling their contact center agents to select the appropriate account for the payment being made.

The solution removes the whole of the contact center from PCI DSS scope - Call Recording; Screen Recording; Agents and Desktops; IT Systems; Data LAN; Physical Environment; Internet access restrictions; Building (CCTV, etc.); PBX/ACD/CTI; Telephony Network (Digital or VoiceLAN).

CallGuard ensures that while cardholder data remains isolated from the contact center environment, the agent and caller can continue the dialogue, providing a seamless client experience.

The security of our clients' payment information is of critical importance to us, as is protecting our agents and our business from the risk of a data breach. Now, with CallGuard, there is no information in our systems so there's no value to anyone seeking to misuse our data. Carl Lancaster, Group Head of Collections, Peninsula Group

Value

The contact center agent remains in contact with the client throughout the call, improving the client experience and being able to answer any queries during the payment process. They can also reassure the client that they cannot see or hear any card data and that it is not stored in the contact center systems. Now, they are able to record all their calls and have visibility of client engagement.

Looking Forward

As a solution unique to Eckoh, we recognize that this example is likely a challenge many other enterprise organizations struggle with when they begin tackling payment security within their contact centers. Some organizations may even feel like their only option is to either deploy hardware on-premise – likely disrupting long-term cloud transformation strategies – or only achieve partial PCI DSS de-scoping.

As a result, the methodology innovated for The Client is now part of the Eckoh architecture. In fact, multiple other clients have also taken advantage of this solution, allowing them to maintain their existing telephony architecture while maintaining the strictest possible standard for payment security.

To learn more about how Eckoh secures payments across all engagement channels, reach out to one of our trusted advisors.