John P. Joseph, VP Corporate Marketing, Envox Worldwide You Asked How do the data security requirements for credit card transactions affect my contact center operations?

If your contact center is handling credit card information (or any other personal information, such as a social security number) data security should be a top priority. In the payment card industry (PCI), this is a huge issue. As you are likely aware, the theft or loss of consumer information over the past few years has cost organizations billions of dollars in fines and fixes. In one highly visible case, the loss of credit card information at The TJX Companies cost the company anywhere from $118 million to $1.35 billion, depending on who you believe. The PCI maintains a data security standard (DSS) to prevent the theft of personal information and/or to minimize its impact. While most organizations focus on the data encryption and network security aspects of the PCI standard, you need to comply with all the requirements to be in compliance. So just as important a component is Requirement 7: Restrict access to cardholder data by business need-to-know. Contact centers that allow customer service representative (CSR) access to customer credit card data are at risk. A single dishonest CSR has the potential to steal the confidential information of tens of thousands of callers in a single year.

Today’s contact center technologies, specifically computer telephony integration (CTI) and interactive voice response (IVR), can eliminate the CSR security breach point. One of the major uses of CTI has been to provide CSRs with a screen pop of information to assist in helping callers. It does this by capturing the phone number from which the customer is calling, checking the database and sending the customer’s profile to the agent’s desktop. Historically the benefit of CTI solutions has been that they reduce the call time and help the agent personalize the call The screen pop, however, can also be configured so that the agent has the ability to collect and view the necessary information to assist the caller while blocking highly confidential information - a “need-to-know” screen pop. If collecting or handling sensitive information, such as a credit card or social security number, is required as part of the transaction, organizations can still provide that information to the CSR on a need to know basis by implementing an IVR system to collect the information instead of the CSR. The IVR application can be launched from the agent’s desktop to save time and automate any follow-up work.

Today’s open, standards-based IVR and CTI solutions have significantly lowered the cost of these solutions making them affordable for organizations of all sizes.

Providing personal information over the phone can be disconcerting to customers. Consumers no longer know whom to trust, and recent high-profile security breach cases in the US like those at The TJX Companies underscore the need for ever higher security measures to protect consumers from fraud. Companies that adopt this type of CTI-IVR solution can provide their customers with the security they crave and protect themselves from a potentially devastating problem.

Envox Worldwide