PCI DSS in the Contact Centre
About the client: The client is a major direct selling cosmetics organisation with a global network of customers and resellers.
The challenge: The organisation takes a significant number of payments by phone each year, either via its IVR or via contact centre agents. This meant that its contact centre operation was in scope for PCI DSS. The costs of adhering to PCI requirements were significant. Each year the company had to upgrade its infrastructure and retrain its agents in the new requirements. Consequently, it planned to use DTFM masking to descope entirely from PCI DSS and reduce the administrative and financial burden of the annual audit.
Our aim was to try and make the yearly process a lot easier and to reduce the questions on the form we have to complete. To do this we decided to eradicate card details from our infrastructure completely.
The decision to implement CardEasy was driven by the need for a DTMF masking system that would work with its existing systems, enable payments to be taken by both IVR and by agents, work with the in house contact centre and with outsourcers, and provide a seamless experience for callers.
The organisation had a good and robust IVR system that had been in place since 2004 and had a lot of functionality that it was important to not to lose.
It was very important for us to find a solution that would work with our existing IVR. We didn’t want to have to change our IVR system in order to get the benefits of DTMF masking. We also wanted to make sure that the experience of the caller would be consistent and not disjoined. The last thing we wanted was for a caller to be rerouted half way through the call to a different IVR that had been set up just to process payments.
CardEasy was selected because it worked seamlessly with the organisation’s existing on-premise IVR system as well as with its other suppliers’ systems.
“It was very important to us that we selected a solution that would seamlessly integrate with our existing systems. We have vendors that create and manage our IVR. We have different vendors for our telephone systems. CardEasy was able to integrate effectively with multiple vendors’ systems”.
From a caller’s perspective, the only real difference is that we no longer play the card number back to them as we used to do before. Previously, the caller entered their card number, and then we’d confirm it back to them. In the new world, what we’ve done in that particular call flow is just ask them to enter their card number and then move on so it’s speeding up the process slightly. The BIN checking is still being done so the caller can’t get all the way to the end of the process only to find that they’ve entered their card number incorrectly.
One of the good things about CardEasy is that it is payment processor or acquirer agnostic so you have one solution that fits all of your customers. Generally, the amount of effort that Syntec has had to put it in from an integration perspective has been very little, which has been really good. Confidence levels are high. Everything is good.