Facts about DTMF Masking for payment security
DTMF stands for Dual Tone, Multi-Frequency, which is the tone that’s given to each key press of a touchtone telephone keypad. When each key is pressed on your phone, it generates two frequencies. One tone is generated from a high-frequency range of tones and the other from a low-frequency group. This means a voice cannot imitate the tones.
The alternative to asking your customers to speak their card details over the phone is to ask them to type the numbers into the telephone keypad – creating these DTMF tones. While this may have some security advantages these same tones can be interpreted by agents and converted back to real card data. The tones would also be stored in call recordings and systems and so are vulnerable to fraud.
Working with Eckoh
To address this issue of interpreting DTMF tones, Eckoh created CallGuard which changes the sound of the DTMF tones to flat ‘monotones’ as they enter the organization. The tones made by your customer’s telephone keypad are ‘masked’ and cannot be identified by their sound. Any conversation between a contact center agent and your customer can continue uninterrupted.
Also, the DTMF tones don’t appear in your call recordings either and the data that is tapped into the phone populates fields on the agent’s screen and appears as asterisks with only the last four digits showing as an identifier.
Contact center payments
- CallGuard – agent assisted payments
- ChatGuard – Web Chat payments
- e-Wallet Payments – Apple Pay, Google Pay or Paypal
An alternative to DTMF is Tokenization which is a revolutionary approach to securing sensitive date. It converts sensitive digits conveyed as DTMF tones, to non-sensitive placeholders, devaluing card data the moment it enters your environment.
Card-not-Present (CNP) crime in contact centers continues to rise so it remains a top priority to significantly reduce the risk of fraud and the impact of a data breach. Download the eGuide to CNP crime in Contact Centers for advice on how to combat the threat.
PCI DSS Compliance
For a jargon-free guide to PCI DSS compliance for contact centers download the eGuide for the answers in one place.
De-scoping your Contact Center
If you’re not a payment security expert, achieving, let alone maintaining, PCI DSS compliance can be difficult. Why not consider easing your burden by de-scoping as much of your contact center as you can? Download our guide to ‘Building a business case for de-scoping your contact center’ to set you on your way.