Apparel Retailer

Leading US retailer with a growing global market seeking to secure contact center payments and minimize risk.

Profile

Industry: Retail Employees: 58,000 Revenue: $12.41 billion

Background: Leading US retailer with a growing global market seeking to secure contact center payments

Challenge: To achieve and maintain PCI DSS compliance and to secure customer payments through their contact center

Solution: CallGuard, deployed both on-premise and in the cloud

Benefit:

• PCI DSS compliance
• No sensitive data is exposed to agents or call/screen recordings
• Reduced risk of card fraud

Background

A leading US-based, global retailer of apparel and footwear, founded in 1899 and headquartered in Greensboro, North Carolina, moving to Denver in 2019. They have socially and environmentally responsible operations spanning numerous geographies, product categories and distribution channels.

The company's more than 30 brands are organized into four categories: Outdoor, Active, Work and Jeans. And, the company controls 55% of the U.S. backpack market with the Jansport, Eastpak, Timberland and The North Face brands. They have eight data centers in North Carolina, Florida, Kansas, Canada, Tennessee, Texas, Wisconsin and the UK. They operate nine contact centers with 275 agents.

Challenge

Due to the volume of calls that are made to their contact center that requires taking a card payment over the phone, the organization needed to comply with the Payment Card Industry Data Security Standard (PCI DSS) in order to be able to continue taking these payments for their services.

As a leading retail business, they also wanted to be able to give their customers confidence that they handle their payment card data securely. With customer service being a key element in retaining and attracting customers, the company wanted to ensure that their contact center agents could stay in touch with the customer throughout the call.

The business originally sought an on-site solution to satisfy their PCI requirements for processing card transactions while on the phone with their contact center agents. They wanted to de-scope as much of their environment as possible. However, due to their on-premise PBX being non-compliant, VF moved one of their contact centers to the cloud.

Solution

Eckoh implemented its patented CallGuard solution that de-scopes the contact center agent as well as call and screen recordings.

Eckoh was chosen over its nearest competitor due to the simplicity of the CallGuard solution which requires minimal integration with existing systems and so can be easily and quickly deployed. Additional applications can be added easily, and the solution is independent of the Payment Services Provider (PSP) and involved no APIs or vast amounts of coding.

Global apparel retailer chooses Eckoh CallGuard Audio Tokenization to secure its contact center payments and achieve PCI DSS compliance. With increased customer confidence and reduced risks, the company is well-positioned to grow.

Subsequently, due to a non-compliant PBX system, the business moved one of its contact centers to the cloud and CallGuard was able to work exactly the same in the cloud environment as it did on-site — minimizing the risk to agents, customer data and the business.

During the 2020 COVID-19 pandemic the social distancing restrictions meant that the business had to close their brick-and-mortar stores but was able to use the CallGuard solution to ensure that their agents could operate security from home and continue taking secure and compliant payments.

Value

• Agents and customer cardholder data is protected regardless of whether the contact center is on-premise or in a home environment
• Maintained business operations through work-at-home agents during the 2020 COVID-19 pandemic
• Compliance: PCI DSS compliant secure payments and remove a substantial amount of activity from the scope of the PCI DSS audit.
• De-scoped elements: No contact center agents are exposed to sensitive payment card data and it is not stored in, or transmitted through, the contact center environment.
• Reduce risk: No sensitive payment card data is exposed to the agents or the call and screen recordings. This significantly reduces the risk of fraud.

Looking Forward

As a solution unique to Eckoh, we recognize that this example is likely a challenge many other enterprise organizations struggle with when they begin tackling payment security within their contact centers. Some organizations may even feel like their only option is to either deploy hardware on-premise – likely disrupting long-term cloud transformation strategies – or only achieve partial PCI DSS de-scoping.

As a result, the methodology innovated for The Client is now part of the Eckoh architecture. In fact, multiple other clients have also taken advantage of this solution, allowing them to maintain their existing telephony architecture while maintaining the strictest possible standard for payment security.

To learn more about how Eckoh secures payments across all engagement channels, reach out to one of our trusted advisors.