The Challenge

Information security is a major focus for this business as they seek to address the rise in data breaches, payment card fraud, and other security risks that businesses face today.

Their commitment to tightening security led them to seek a solution to their contact center telephone card payments where cardholder data is exposed to the agents and potentially stored in the company's IT environment. With several hundred agents, operating from their contact center in Nottingham, the business wanted, as well as needed, to achieve PCI DSS compliance and maintain it, year-on-year.

Our Solution

Eckoh implemented its fully managed, CallGuard Hosted solution.

When a customer keys in their card details using their phone's keypad, audio tones (DTMF) are generated which match the card number. Eckoh's solution instantly replaces these tones with whispered audio 'tokens' which are then 'spoken' to the agent, who types these into the payment screen. As the token data is not real card information, it is completely meaningless to thieves or fraudsters and so can be stored safely. The token data will be switched to the actual cardholder data when it passes through the Eckoh secure platform.

This solution is extremely quick to implement and does not involve complex changes to databases, payment processes, security systems, or other IT areas.

With information security playing an important part in this pharmacy-led health and beauty retailer's business strategy, a PCI DSS secure payment solution was sought that would provide robust and continuous compliance.

The Value

This means that the agent never sees or hears, sees, or is exposed to the real card data. Neither is the real card data held in any call recordings or storage devices. There is, in effect, nothing meaningful to steal.

• Agent can stay in conversation with the customer

• Customer data is protected

• Agent is not exposed to the data

• Reduce risk to the business, the agent, and the customer

• PCI DSS compliance achieved

Looking Forward

As a solution unique to Eckoh, we recognize that this example is likely a challenge many other enterprise organizations struggle with when they begin tackling payment security within their contact centers. Some organizations may even feel like their only option is to either deploy hardware on-premise – likely disrupting long-term cloud transformation strategies – or only achieve partial PCI DSS de-scoping.

As a result, the methodology innovated for the client is now part of the Eckoh architecture. In fact, multiple other clients have also taken advantage of this solution, allowing them to maintain their existing telephony architecture while maintaining the strictest possible standard for payment security.

To learn more about how Eckoh secures payments across all engagement channels, please contact one of our trusted advisors.

Key Outcomes