Enabled On Any 08 Number
Digital Signature Applied To All Studios
PCI Compliance Overview
We make paying over the phone secure by ensuring that no card information is ever seen or heard by the contact centre agent. The agent and caller remain connected and are able to talk freely throughout the card transaction. This is achieved using our SecureMode which allows the call to continue as normal while the customer enters their credit card information by using their telephone keypad. For complete security we mask the digits the caller enters over the phone so they are not heard by the contact centre agent or recorded by the call recording system.
What Are The Benefits Of Our SIP Solution
Our solution is hosted in the core of our partnering network. The solution will be available to end user served by our licence SIP channels at any time, which could include back office and home workers as well as contact centre agents. Becasuse the solution is in the core of our partnering network there are:
- No call forwarding costs
- No off net call routing with potential negative call quality and SLA impacts
- No transferring or conferencing of calls causing increases to AHT
- No on site hardware or software enabling an SAQ A category for PCI-DSS
- No risk to call delivery, in the unlikely event of an outage, calls continue unaffected
- No carrier interconnects required
- No connection lag time
- No need to change DDIs
- No need for the porting or changing of any telephone numbers
- No impact to the carrier SLAs
What Are The Benefits Of PCI Compliance?
Suspend and Resume enables a call centre agent to stop call recording when a caller is giving their credit card details over the phone, and to resume the recording so that the majority of the call is recorded for training and monitoring purposes.
Why Is PCI Compliance Important?
PCI Compliance refers to a set of standard created by the PCI to protect personal information and ensure security when transactions are processed using a payment card.
Businesses involved in the payment card industry must comply with these standards if they want to accept credit cards. This includes; credit card companies, financial institutions, but also includes merchants.
Failure of merchants (eg online shops) to meet compliance standards can result in fines from credit card companies and banks, and even the loss of the ability to process credit cards.
Why Do I Need To Be PCI Compliant?
On our Inbound platform we tamper-proof call recordings and voicemails. For customers who are required to prove the authenticity of call recordings by the FCA (Financial Conduct Authority), this feature will prove that a recording or voicemail file has not been altered in transit from our network to your premises.
A digital signature is applied to each audio file once it has been created. If you then needs to prove that it has not been altered we can run an authenticity test against the original recording file to prove if it has been changed. We are able to run this check even if the recording has exceeded our standard retention limit of six months.
What Do I Need To Become PCI Compliant?
Transfer your existing 08, 03 or 01/02 numbers to UK IT Networks, and we can provide you with the tools to become PCI compliant. If you are unsure if your numbers are portable, check out our porting page. You could always take a new number from us.
With a large batch of reserved, 0800, 0844, 0871, and 01/02 numbers we will be able to provide a number that suites your business.
Not only will we allow your business to record inbound calls in compliance with the regulators, you will also benefit from all the services available on our inbound platform.
PCI Compliance Solution
Our solution will work within our partner's telephony architecture. Signalling traffic is sent to us with the DTMF tones. When in SecureMode the DFTMF digits, 0-9, are replacved with #, 0 or 1 (the preferred option can be chosen during installation) and then sent to the client, this means that call recordings can record the entire call without riskof credit card data being recorded. SecureMode can be activated by the agent from their telephone keypad. In this mannerno card data is ever communicated downstream of our solution thereby taking all the contact centre environments out of scope for PCI DSS.
Payment Process Flow
At the point of payment, the agent will launch a payment page. On the payment page the Call Reference (CR) will be shown which the agent will enter into their telephone keypad. We will hear the DTMF tones of the CR being entered and will pair the call with the payment page session and place it into SecureMode. An icon will appear on the payment page to show it is now in SecureMode.
The agent will then request the caller to enter their card number using their own telephone handset. As the numbers are entered by the caller the DTMF tones are masked by our platform. In real time we will provide the masked PAN to the payment page and will display the masked PAN to the Agent as asterisks. Note that if desired, the first six digits and last four digits of the PAN can optionally be displayed without bringing the desktop into scope for PCI DSS.
Once the full PAN has been captured, our platform validates the PAN before enabling the contact centre agent to request the card security code (CVC2/CVV2). The same process occurs with asterisks being presented on the screen instead of the actual security code. The agent then prompts the caller for further payment details, such as valid from and valid to dates, and enters these into the payment page. Semafone can then complete the payment transaction with the clients chosen Payment Provider (PSP), returning the transaction results to the agent and desktop application.
At any point during the collection of the PAN, or card security code, the collection process can be restarted. This is achieved by using the “Reset” function. In addition, if the complete process needs to be re-initiated then the “Start Again” function can be used. These functions mean that the customer is in contact with the agent throughout the process and the agent is on hand to assist with any difficulties the customer may have.
Call Flow - Step 1
The customer calls the contact centre. The conversation between the customer and contact centre agent starts as normal.
Call Flow - Step 2
The customer chooses to make a card payment.
Call Flow - Step 3
SecureMode is initiated to tap and mask DTMF tones. Using their phone keypad the customer enters:
- Their card number (PAN)
- Their card security code (CVC2, CW2)
Whilst entering the card details the digits are masked, so they cannot be heard by the agent or the call recording system. At the same time, the customer and agent can converse, making it easier to correct entry-errors if they occur. The agent captures all other details for the payment. We pass the PAN and CVC2 to the Payment Service Provider (PSP). At no point is the call interrupted or redirected via additional call legs.
Call Flow - Step 4
The caller’s card details are processed in the same manner as usual. After the capture of the CVC2 SecureMode is disabled and the call may continue as normal.
PCI Compliance Benefits
A completely secure over-the-phone transaction means call centre agents will never see or hear the caller’s credit card details, virtually eliminating the risk of fraud from the agent community.
24/7 PCI DSS fully managed service support for our cloud solution. This is from a UK based support team with a Service Level Agreement of 99.95% availability as standard.
Unlike other solutions, we help the call centre achieve PCI compliance without drastic impact on other call centre systems and is FCA compliant. We can co-exist or integrate with existing IT & telecoms infrastructure.
Reduced Operational Costs
No need to manage separate call centre teams for card transactions or operate and enforce a costly ‘clean room’ environment where pencils, pens and mobile phones are barred. Outsourced & offshore operations can be made viable where security concerns would previously have excluded them.
Minimal DTMF Masking
We only mask the DTMF during the short period of the call when PAN and security code need to be captured. This means that DTMF tones pass unhindered throughout the rest of the call, which means no impact when navigating IVRs, transferring calls or attending conference calls etc.
When using us the call can be recorded in its entirety, there is no need to pause the call recording becasue sensetive payment information is not verbalised or heard through DTMF tones. A broken call recording can result in customer disputes as important dialogue may be missed during the time the call recording is paused.
No AHT Negative Impact
We reduce the points of failure when taking a payment. There is no longer amu misreading of numbers by customer or agent. There are fewer failed transactions becasue of a BIN and Luhn check taking place in real time during PAN capture. As the customer is entering the payment information now, the agent is free to perform 'wrap-up' tasks during the call. A shorter AHT (Average Handling Time) means happier customers and increased contact centre productivity with more calls being handled by the same number of staff.
Customers intuitively understand that our services have been deployed for their benefit and to protect them from identity theft. They enjoy the added security whilst maintaining the interaction with and assistance from the agent. Agents furthermore prefer operating with us as this removes the difficult task of accurately capturing card details from verbal communications.