Retailer of Flooring

Profile

Industry: Retail Employees: 4,000+ Revenue: $1.39 billion

Business: Multi-channel retailer offering flooring and decorating products to consumer and trade customers.

Challenge: PCI DSS compliance by de-scoping their entire contact center.

Solution: CallGuard Audio Tokenization using Amazon Web Services.

Benefit:

• PCI DSS compliance is achieved and maintained simply
• CallGuard can scale to meet the company's growth plans
• Reduced risk of fraud and impact of a data breach

Background

This large retail company, based in Smyrna, Georgia, is a publicly traded company on the NYSE. They currently have 100 stores in 28 states as well as a robust online retail platform offering tile, wood, laminate and natural stone flooring products as well as other installation accessories. This multi-channel company serves professional installers, commercial businesses and do-it-yourself customers. They plan to open a further 17 retail stores and have budgeted nearly $30 million for improving their e-commerce and technology infrastructure.

Challenge

The company operates a contact center with some 50 agents taking payments from customers over the telephone and web. As a result, they need to be compliant with the Payment Card Industry Data Security Standard (PCI DSS) in order to protect cardholder data and reduce the risk of fraud.

Previously the company had used a pause-and-resume method to protect cardholder data but this was not fully meeting the requirements of PCI DSS. As a result, the company wanted to remove their 50 contact center agents from the scope of PCI DSS to simplify the compliance process.

What they needed was a provider whose solution would work with their new hosted telephony provider, Five9, and that had a strong track record if delivering robust PCI DSS-compliant secure payment solutions. The company also wanted the provider to be able to take their QSA through the entire solution.

Solution

Eckoh proposed its CallGuard solution which is delivered through Eckoh's Amazon Web Services (AWS) and allows the company to take cardholder data securely over the phone without changing their systems or processes.

When a customer keys in their card details using their phone's keypad, this generates audio tones (DTMF digits) which match the card number. The audio tokenization instantly replaces these tones with different tones to create placeholder data. This is then entered into the agent's payment screen. As the placeholder data is not real card information it can be stored safely and is meaningless to anyone trying to steal it.

CallGuard Audio Tokenization is extremely easy to implement as it does not involve complex integrations or changes to databases, processes or security systems.

Eckoh worked closely with Five9, the company, their PSP and an outside consultant to ensure that the solution met everyone's requirements as well as the PCI DSS criteria. The QSA was involved to review the responsibility matrix and sign off the project.

Operating a multi-channel retail operation requires robust solutions to enable payments to be protected without compromising customer service or business growth plans. CallGuard enables both of these and simplifies the whole process by de-scoping the contact center from the scope of PCI DSS.

Value

• The entire contact center is de-scoped from the PCI DSS audit — significantly simplifying the compliance process
• They now have a solution that will scale up to meet their major growth plans
• The risk of fraud is reduced as is the impact of a data breach
• The company can achieve and maintain PCI DSS compliance more simply because CallGuard is the most effective PCI DSS-compliant solution available

Looking Forward

As a solution unique to Eckoh, we recognize that this example is likely a challenge many other enterprise organizations struggle with when they begin tackling payment security within their contact centers. Some organizations may even feel like their only option is to either deploy hardware on-premise – likely disrupting long-term cloud transformation strategies – or only achieve partial PCI DSS de-scoping.

As a result, the methodology innovated for The Client is now part of the Eckoh architecture. In fact, multiple other clients have also taken advantage of this solution, allowing them to maintain their existing telephony architecture while maintaining the strictest possible standard for payment security.

To learn more about how Eckoh secures payments across all engagement channels, reach out to one of our trusted advisors.