Facts about DTMF Masking for payment security
DTMF stands for Dual Tone, Multi-Frequency, which is the tone that’s given to each key press of a touchtone telephone keypad. When each key is pressed on your phone, it generates two frequencies. One tone is generated from a high-frequency range of tones and the other from a low-frequency group. This means a voice cannot imitate the tones.
As the alternative to asking your customers to speak their card details over the phone is to ask them to type the numbers into the telephone keypad – creating these DTMF tones. While this may have some security advantages these same tones can be interpreted by agents and converted back to real card data. The tones would also be stored in call recordings and systems and so are vulnerable to fraud.
Working with Eckoh
To address this issue of interpreting DTMF tones, Eckoh created CallGuard which changes the sound of the DTMF tones to flat ‘monotones’ as they enter the organisations. The tones made by your customer’s telephone keypad are ‘masked’ and cannot be identified by their sound. Any conversation between a contact centre agent and your customer can continue uninterrupted.
Also, the DTMF tones don’t appear in your call recordings either and the data that is tapped into the phone populates fields on the agent’s screen and appears as asterisks with only the last four digits showing as an identifier.
Contact centre payments
- CallGuard – agent assisted payments
- ChatGuard – Web Chat payments
- EckohPAY – automated payments
- e-Wallet Payments – Apple Pay, Google Pay, Paypal and Pay by Bank app
An alternative to DTMF is Tokenisation which is a revolutionary approach to securing sensitive date. It converts sensitive digits conveyed as DTMF tones, to non-sensitive placeholders, devaluing card data the moment it enters your environment.
Card-not-Present (CNP) crime in contact centres continues to rise so it remains a top priority to significantly reduce the risk of fraud and the impact of a data breach. Download the eGuide to CNP crime in Contact Centres for advice on how to combat the threat.
PCI DSS Compliance
For a jargon-free guide to PCI DSS compliance for contact centres download the eGuide for the answers in one place.
De-Scoping your Contact Centre
If you’re not a payment security expert, achieving, let alone maintaining, PCI DSS compliance can be difficult. Why not consider easing your burden by de-scoping as much of your contact centre as you can? Download our guide to ‘Building a business case for de-scoping your contact centre’ to set you on your way.