Target

Profile

Industry: IT - Financial Employees: 673 Revenue: £50 million

Business: A business process outsourcing and operational transformation company operating across lending, insurance, investments, and savings.

Challenge: To achieve PCI DSS compliance in a complex IT environment.

Solution: CallGuard with tokenization.

Benefit:

• Descopes entire contact center from PCI DSS audit
• Easy deployment needed no changes to existing systems and processes
• Existing payment pages can be used as normal, and data is masked
• Complex environment is not an issue, as no integration is needed

Background

Target offers financial and administrative software services to the financial sector - specifically large insurance companies. As well as selling insurance on behalf of clients, they also collect arrears payments for mortgages and loans e.g. car finance, personal loans. Their customers include large FTSE 250 financial institutions.

Target has two contact centers, one in Newport and the other in Chester, with a total of 350 contact center agents. The company had begun working towards PCI DSS compliance as it had become increasingly important to their clients that they had a Report on Compliance (ROC). They also wanted to ensure they were offering the end customer the most secure method of payment and peace of mind.

Challenge

In order to win two significant contracts, Target approached Eckoh to help them meet an extremely challenging deadline. They needed their contact center to be PCI DSS compliant within six weeks of contract signature.

They also specified that the solution did not drastically alter the contact center workflow, increase agent average handling time; or slow down internal IT systems or require an investment in more hardware.

Target short-listed three potential suppliers for their telephone payments security technology expertise. Other suppliers' solutions proved impossible for Target to work with because;

1. they were too complex to integrate into the existing IT framework,
2. implementation would take too long, and demanded too much time from internal resources; and
3. they would be too disruptive to existing payment processes

Eckoh's proposal was the only one that met all Target's requirements in terms of flexibility, ease of implementation and robust security as well as compliance.

Solution

To meet the above challenges, Eckoh offered Target their patented CallGuard solution for taking agent-assisted telephone payments.

CallGuard is revolutionary because it uses a patented system of tokenization to protect the cardholder data and is something quite different from any other solution on the market. It is the only PCI DSS-compliant contact center solution available that removes all areas of the contact center environment from PCI DSS audit scope, and:

• Needs no integration with IT infrastructure or Payment Service Providers (they didn't believe us either but it's true)
• Protects any payment page that agents need to use
• Enabled Target to use their existing systems or processes without needing any IT changes
• True card data is replaced with tokens so it can be stored safely
• Enables Target to make any future tech changes they need without it affecting security
• Protects personal identifiable fields as well as cardholder data

Target was impressed with how easily the tokenization system worked, especially the freedom it gave them to make business changes as usual knowing the security solution wouldn't be disrupted. This is how it works:

• Before card data enters the contact center environment, it's converted into placeholder, or tokenized, data that has no financial value to criminals
• This tokenized data is passed through the contact center systems or IVR in the same way as card data flow today, and
• Seamlessly and transparently, the placeholders are converted back to card data outside the contact center environment, prior to reaching the payment provider.
• The payment provider receives card data transactions as normal, but the contact center systems (including IVR, agents, call recording systems, computers, and phone network) have not transmitted or stored any card data

"The Eckoh team were fantastic, worked calmly under pressure, provided regular updates and exceptional project management. The implementation took just six weeks to implement, beating the eight-week curfew by two solid weeks. We were extremely impressed with their efficiency, dedication, and technical knowledge." Warren Whewell, IT Security Manager, Target

Value

Eckoh's CallGuard has provided Target with a wealth of real accountable cost and time-saving benefits.

The speed of integration, flexibility, and 'light layering' nature of CallGuard is where it sets itself apart from other solutions on the market.

Target quickly realized the benefits of this system for:

• the speed of implementation
• lack of disruption to their IT infrastructure
• the robustness and scope of security for such a light implementation
• the ease of use for both agents and customers

Looking Forward

As a solution unique to Eckoh, we recognize that this example is likely a challenge many other enterprise organizations struggle with when they begin tackling payment security within their contact centers. Some organizations may even feel like their only option is to either deploy hardware on-premise – likely disrupting long-term cloud transformation strategies – or only achieve partial PCI DSS de-scoping.

As a result, the methodology innovated for The Client is now part of the Eckoh architecture. In fact, multiple other clients have also taken advantage of this solution, allowing them to maintain their existing telephony architecture while maintaining the strictest possible standard for payment security.

To learn more about how Eckoh secures payments across all engagement channels, please contact one of our trusted advisors.