Companies across the globe, just like yours, resort to pausing and resuming their call recording systems when an agent captures a caller's credit card details. This is done primarily for PCI Compliance purposes and to simply protect the customer's sensitive data. But is this widely used pause-resume approach efficient, effective and even necessary?
I talk to many companies and I’ve heard that they employ teams to review their customer interaction recordings to ensure that there is no credit card data present in the recordings. How much data is found? How costly is this activity? Questions that have painful answers, but the perception is that there isn’t another way.
Call recording and quality monitoring systems are in place for a reason, in order to monitor and gain marketing intelligence, ensure high service levels, regulatory requirements, and to settle disputes. These systems are business critical and aren’t going away any time soon. The problem is, even with pause-resume capabilities, often the customer’s sensitive data has too many exposure points. Customers communicating their data on a crowded bus or in a coffee shop is open air communication and is a risky move by the caller. Open air communication also occurs when an agent repeats the caller’s number back to them out loud to ensure it was properly captured, with other people nearby and the possibility of capturing the data. As you can see, pausing and resuming the call recording isn’t ever going to be good enough. Sensitive data exposure will still occur and so will PCI Compliance infractions, potentially leading to customer mistrust.
In the traditional pause-resume scenario, centralized storage of a consumer’s PCI data can be avoided, but the agents, PC’s, network and business intelligence application still have the potential to be exposed to the sensitive information. There are simply far too many potential failure points to really ensure data security and privacy.
There has to be a way to solve this problem, and now there is. You can employ software today that completely circumvents the pause/resume and data-vulnerability challenges by all but eliminating the PCI data footprint from ever landing in the hands of the agents or any unprotected systems. These solutions put the transmission of credit card data into the hands of the consumer by enabling them to enter their data through their telephone touchpad, while still remaining in contact with the customer service agent. The customer entered data remains in a secure PCI compliant server until it is married up with the transaction amount and then pushed to the payment gateway. The agent sees anonymized representation of the digits on their desktop as the customer enters them via their dial pad keeping them aware of the data entry. This technology has potential to eliminate the ubiquitous pause-resume approach as we know it today.