This document summarizes a presentation about protecting customer credit card data when making payments over the phone for contact centers. The presentation discusses the challenges of complying with PCI standards while recording calls as required by other regulations. It recommends "de-scoping" contact centers from PCI by using a managed service with patented DTMF clamping technology to remove card numbers from call recordings. A case study of a large insurance broker is presented that implemented this solution, transferring PCI risk and removing their contact center from PCI scope.
2. www.silver-lining.com
Our experience shared as we work with clients
who have two objectives:
1. How to protect customers’ credit card data
when they make a payment over the phone
2. How to deploy a solution that factors in
strategic change
What am I talking
about today?
3. www.silver-lining.com
• 7 Fun facts about London
• The Challenges
• DE-scope your Contact Centre
• DE-risk migration – ISDN - SIP
• DE-crease your PCI footprint
• DE-value employees at your peril
Agenda
4. www.silver-lining.com
• It is illegal to die in the Houses of Parliament.
• Harrods sold cocaine until 1916.
• More than half of the London Underground runs above ground.
• 1000 bodies are buried below Aldgate station in a plague pit.
• There is only one station on the underground that does not have any
of the letters from the word Mackerel in it - St. John’s Wood.
• Over 300 languages are spoken in London – more than any other city.
• The Millennium Dome could fit the Great Pyramid of Giza inside.
London:
7 Fun Facts
5. www.silver-lining.com
• How do I protect my customers’ card data
when my customers call to pay?
• How do I adopt a PCI solution that fits with
other compliance regulations such as FCA
who require me to record calls?
• How do I deploy PCI as part of a wider
strategy that includes contact centre refresh
later in the year?
• What about SIP? ISDN is being phased out?
• Do I go on premise or hosted?
• Pause and Resume or DTMF Suppression?
The Challenges
6. www.silver-lining.com
Pause and Resume (Manual or Automated)
Manual
• Reliant on agent intervention
• Open to abuse
Automated
• Can be difficult to scope and implement
• FCA compliance implications– broken call
• Agents exposed to sensitive information
• Information stored at agent desktop level
“UNFORTUNATELY THE PAUSE AND RESUME SOLUTION ONLY WORKS
INTERMITTENTLY MEANING CARD HOLDER INFORMATION IS STORED IN THE
SYSTEM FROM RECORDED TELEPHONE CONVERSATIONS WHICH IS A COMPLIANCE
RISK” – LARGE UK UTILITIES COMPANY – DEC 2015
The Challenges
How do we keep it simple?
8. www.silver-lining.com
PCI in the News
“Most people we engage with are more concerned at
the impact on their brand, than the threat of a fine”
Allan Packer – Managing Director Silver Lining
9. www.silver-lining.com
Employer – Employee
• Few would argue that the most valuable resource of any
organisation is its people
• Motivation - engagement and retention
• Employee brand is not a label it is an experience - employees
represent the brand
• Understand that it is your employees who are responsible for the
happiness (or otherwise) of your customers
“The higher the level of employee satisfaction, the greater the
commitment and contribution to the employer.”
Ronan Miles, CEO Oracle UK
The Challenges
12. www.silver-lining.com
• Historical card data (where Pause and Resume Failed)
• Upgrading core Voice in 2016
• Increased focus from Worldpay
• SIP Strategy 2016/17 – Contact Centre refresh – Call Recording
• How do we reduce / transfer risk?
• Conflicting regulation between PCI and FCA
• Integration with existing applications (some green screen terminal based)
Case Study:
Challenges
UK leading
insurance broker
18. www.silver-lining.com
Single Managed PCI Contract
• Patent protected “DTMF” solution
• Broker platform integration “CDL”
• Managed Report on Compliance
• Handful of residual controls
Case Study:
Solution
UK leading
insurance broker
19. www.silver-lining.com
The CIO explains:
“The key consideration here was to go with one supplier who
could deliver the entire solution end-to-end. We needed a
solution that removed our Contact Centre from PCI scope and
transferred the risk to a specialist partner”
Case Study:
Testimonial
UK leading
insurance broker
21. www.silver-lining.com
• Not just about achieving compliance!
– Go beyond the baseline need and consider PCI as key part of a
complete security strategy
• Collaboration is critical
– Use all relationships including PCI QSA’s
– Work with a systems integrator that knows more than just PCI
• Half baked solutions won’t cut it
– A DTMF masking technology solution that takes the card number out
of the equation will remove most of the technical landscape within
the Contact Centre from PCI Scope
• Don’t forget the impact on your employees
• Start with the end in mind
5 Key Points
“Takeaway” points