Industry: Business Services Employees: 1,500+ Revenue: £300m
Business: A business services specialist supporting over 75,000 diverse businesses in the UK, Ireland, Australia, New Zealand and Canada, providing employment law, HR, insurance plus health and safety services.
Challenge: PCI DSS compliance and protection of client card data.
Solution: CallGuard Hosted solution that prevents sensitive data from entering or being stored in the contact centre’s systems. Achieving PCI DSS compliance that can be maintained every minute of every day.
- PCI DSS compliance
- The agent remains in touch with the client during the call
- Calls can be safely recorded
- Flexibility to accommodate acquisitions
Peninsula Group was formed in 1983 providing professional services to small businesses across the UK.
Initially specialising in employment law, they have extended their portfolio to include HR, health and safety management, insurance and employee wellbeing among others. The business is now a global leader and has expanded services businesses in Ireland, Australia, New Zealand and Canada.
Today they operate a high-volume contact centre with 60 agents taking Card- not-Present (CNP) payments.
As the business grew, so did the volume of incoming calls and with that the sharp rise in the number of payments being made over the telephone. As a result, they needed to achieve Payment Card Industry Data Security Standard (PCI DSS) compliance which is required by the card companies.
The regular acquisition of other businesses now fuels this telephone payment growth to the extent that Peninsula knew it needed a solution that would not only protect them and their clients from the risk of a data breach or fraud but also be capable of being rolled out to new business as they joined the Group.
Call recording was not possible due to the client reading their payment card details to the contact centre agent. This meant that not only was the client and agent exposed to sensitive data but the Group lost the record of the client engagement history and the insight it would have provided.
Eckoh will deliver its CallGuard Hosted solution which prevents sensitive data from entering the contact centre environment. As such it removes the entire contact centre from the scope of the PCI DSS audit, ensuring compliance every minute of every day. As there is no information in Peninsula Group’s systems, there is nothing there to be stolen.
The CallGuard payment panel is configurable to Peninsula Group enabling their contact centre agents to select the appropriate account for the payment being made.
The solution removes the whole of the contact centre from PCI DSS scope - Call Recording; Screen Recording; Agents and Desktops; IT Systems; Data LAN; Physical Environment; Internet access restrictions; Building (CCTV, etc.); PBX/ACD/CTI; Telephony Network (Digital or VoiceLAN).
CallGuard ensures that while cardholder data remains isolated from the contact centre environment, the agent and caller can continue the dialogue, providing a seamless client experience.
The security of our clients’ payment information is of critical importance to us, as is protecting our agents and our business from the risk of a data breach. Now, with CallGuard, there is no information in our systems so there’s no value to anyone seeking to misuse our data. Carl Lancaster, Group Head of Collections, Peninsula Group
The contact centre agent remains in contact with the client throughout the call – improving the client experience and being able to answer any queries during the payment process. They can also reassure the client that they cannot see or hear any card data and that it is not stored in the contact centre systems. Now, they are able to record all their calls and have the visibility of client engagement.