Comair

A long established scheduled airline operating 28 aircraft to 11 destinations in South Africa.

Profile

Industry: Aviation Employees: 2,100 Revenue: $437.2 million

Business: A long-established airline operating 28 aircraft to 11 destinations in South Africa. It has contact centers with a total of 210 agent seats in Johannesburg and Cape Town.

Challenge: To achieve PCI DSS compliance to enable card payments over the phone and web. Securing payments to reduce the risk of fraud for their business, agents and customers.

Solution: CallGuard secure payment solution to prevent card details from being seen or heard by agents.

Benefit:

• Significant reduction in risk
• Agents remain in touch throughout the call
• Calls are securely recorded for legal, training and quality

Background

Comair is a South African-based aviation company founded in 1946. Its headquarters are in Kempton Park, Gauteng, Johannesburg from where It operates scheduled services on domestic routes as a British Airways franchisee and part of the Oneworld Alliance. It also runs as a low-cost carrier under its own kulula.com brand. The main base is OR Tambo International Airport, Johannesburg.

Challenge

Comair has a 90-seat contact center in Johannesburg and a 120-seat contact center in Cape Town. They manage calls and bookings from both customers and agents.

Within this busy operation, thousands of calls come in from customers relaying credit card details. Comair needed a method that would comply with Payment Card Industry Data Security Standards (PCI DSS), prevent the storage of credit card data on their call recorders and maintain their high level of customer service. They wanted to change the process of capturing credit card numbers from being spoken by the caller and then entered by the agent, to being keyed into the phone's handset by the caller.

Comair needed the solution to:

• Enable further enhancements to customer data security
• Be compatible with Comair's existing call recording system
• Have zero effect on Comair's green-screen reservation system
• Manage screen recording as well as call recording
• Be quick to implement with minimal impact on the business

Solution

Comair chose Eckoh's CallGuard solution to secure their agents and call recordings from being exposed to sensitive customer card data.

A Tone Device was installed on each agent desktop and phone which encrypts the card details before they enter the agent's screen. The agent only hears the sound of the numbers being keyed in (DTMF tones).

A filter was also installed next to the call recorder to remove the DTMF tones made through the keypad and replace them with flat tones. This means call recording can continue as it only picks up the flat tones.

Finally, CallGuard Remote was uploaded onto the agents' desktops to mask the card data from appearing on the screens as the Tone Device interprets the pressed keys into numeric data entry. These fields cannot be accessed by agents and ensure that the information cannot be communicated, stored or written down.

The biggest challenge we had to overcome was finding a solution that would allow us to continue to offer 100% caller and agent interaction as well as 100% call recording of payment calls. We found the answer in CallGuard. The solution was easy to install and the Eckoh team was responsive to our needs throughout the project.

Comair

Value

• The sensitive payment card data is completely omitted from call recordings
• The telephone call is recorded without the card data
• The agent retains full two-way control of the call
• No need to change existing telephony and IT structures
• Quick implementation
• Delivers PCI DSS compliance
• Staff training is made simpler

Looking Forward

As a solution unique to Eckoh, we recognize that this example is likely a challenge many other enterprise organizations struggle with when they begin tackling payment security within their contact centers. Some organizations may even feel like their only option is to either deploy hardware on-premise – likely disrupting long-term cloud transformation strategies – or only achieve partial PCI DSS de-scoping.

As a result, the methodology innovated for The Client is now part of the Eckoh architecture. In fact, multiple other clients have also taken advantage of this solution, allowing them to maintain their existing telephony architecture while maintaining the strictest possible standard for payment security.

To learn more about how Eckoh secures payments across all engagement channels, reach out to one of our trusted advisors.