Foreign Exchange Business

A company, with two contact centers, providing foreign exchange services, prepaid credit cards, and international payments.

Profile

Industry: Financial Services Employees: 6,500 Revenue £721.5m

Business: A London-based foreign exchange company operating two contact centers in the UK providing foreign exchange services, prepaid credit cards, and international payments.

Challenge: To meet their growing business needs and to handle more payment transactions as well as making their Disaster Recovery processes simpler and more effective.

Solution: CallGuard to secure payments and prevent agents from seeing or hearing cardholder data.

Natural language call routing to simplify the ability to switch incoming calls between contact centers.

Benefit:

• Agents see no data
• Agents hear no data
• No data is stored in the business
• There is no data available to steal
• Switching between contact centers is simple

Background

This foreign exchange company founded in 1976 and headquartered in London focuses its businesses on international payments, bureau de change, and issuing prepaid credit cards for use by travelers. It is the world's largest foreign exchange bureau.

Today they have 1,500 outlets based in tourist locations and in over 100 airports across 26 countries. They provide customers with over-the-counter currency exchange as well as prepaid cards which travelers receive before they travel. They have developed a growing network of over 1,100 ATMs at both on-airport and off-airport locations around the world and their mobile foreign exchange platform handled 1.4 million mobile and online transactions in 2016.

Their UK contact center operation has roughly 100 agents handling customer queries and processing payments over the telephone for foreign currency.

Challenge

Working with the exchange of currency, the business is a target for fraudsters. In response to this, they have built into some robust processes, involving many layers, to help prevent a breach or any fraudulent activity occurring in the contact center. These processes include extra training for agents that requires them to listen out for the rustling of papers when the customer is asked for their card details as this could signify that the customer is not holding an actual card but is searching acquired paperwork for a card number which would indicate that this customer is not the legal cardholder.

This very real threat to both the business and reputation, as well as the end-customer's card security meant that further measures were needed to protect all stakeholders.

At present they use a NICE call recording platform and, at the point where payment needs to be taken, their agents pause the call recording so that no sensitive details are not recorded or stored. While this had provided a degree of protection and contributed to their PCI DSS compliance, the number of payments their agents were taking continued to rise, requiring a more stringent and secure solution.

In conjunction with their drive to find a simpler and more reliable way to achieve PCI DSS compliance, the business has a top priority to have Disaster Recovery (DR) practices in place. They also have a secondary contact center site that can be used in the event of a failure at their primary contact center. However, one of the toughest challenges is that the trigger to switching between sites was not simple to put into action. In order to ensure business continuity, they sought a more reliable and effective solution to this element of their service.

Solution

• For PCI DSS compliance and securing payments: Eckoh's patented CallGuard solution was implemented, using the company's existing payment pages. This was a critical requirement as they had already undergone some deep-level integration to their multiple CRM systems which they wished to maintain. The simplicity of Eckoh's CallGuard means that very limited work needs to be done to implement the solution and also will not affect the current integrations that are in place.
• For DR and business continuity: EckohROUTE - a natural language call routing solution - allows the business to take control of where calls are delivered via a simple-to-use online interface. Eckoh will help the business build a pre-configured routing so that, at the click of a button, they can instantly route all the incoming calls to the contact center into their DR site.

The business aims to make money easy to spend and send. That brings some challenges and risks but Eckoh's secure payment solution and call routing means they have been able to reduce that risk significantly. That brings major benefits to the business and their customers.

Value

• Agents no longer hear the cardholder data being read out. The customer enters their card details into their telephone handset keypad
• The agent no longer sees the cardholder data. They only see asterisks or hashes (*/#) in place of the card data on their screen
• The card data is not stored anywhere in the company's contact center environment nor in call recordings
• The entire contact center is removed from the PCI DSS audit scope - simplifying their compliance process.
• The business can be sure that they are, and remain, fully PCI DSS compliant every minute of every day
• The risk from a data breach is significantly reduced, as there is no data available to steal
• Easy switching between contact centers means that they can demonstrate their DR, business continuity, and sustainability credentials

Looking Forward

As a solution unique to Eckoh, we recognize that this example is likely a challenge many other enterprise organizations struggle with when they begin tackling payment security within their contact centers. Some organizations may even feel like their only option is to either deploy hardware on-premise – likely disrupting long-term cloud transformation strategies – or only achieve partial PCI DSS de-scoping.

As a result, the methodology innovated for The Client is now part of the Eckoh architecture. In fact, multiple other clients have also taken advantage of this solution, allowing them to maintain their existing telephony architecture while maintaining the strictest possible standard for payment security.

To learn more about how Eckoh secures payments across all engagement channels, please contact one of our trusted advisors.