Use of Cookies

Welcome to IntraNext Systems. We use cookies to make interactions with our website easy and meaningful. By continuing to use this site you are giving us your consent.

For more information please visit our Terms of Use and Privacy Policy.

May 24th, 2016

Eight Questions to ask your PCI/DTMF Capture Provider

DTMF capture is quickly emerging as the go-to way moving forward for protecting your customers’ personally identifiable information (PII) during payment processing. Instead of the call center agent verbally requesting the customer to read out his/her credit card number over the phone, for example, customers can now securely enter their digits via their telephone keypad and the agent only sees encrypted numbers.  The data is routed directly to a secure PCI server so it is completely protected from unauthorized access.

When selecting a DTMF data capture vendor, it is important to consider several important variables, including:

  1. What technology is the vendor using to ensure the PII is not being captured by the call recording system? This is critical because you do not want the data to reside in the call recorder because it creates a vulnerability point for potential unauthorized data access. Furthermore, the data must completely bypass the call recorder, not simply be masked.

  2. What technology is the vendor using to ensure the PII is encrypted on the agent’s screen? You want to be certain the agent does not ever see the actual digits. They do, however, need to see the entry of encrypted data so they are sure all digits were entered.

  3. Is there a bypass mode in case the caller does not have a telephone keypad (e.g. caller is in the car)? Not everyone has the ability to use their keypad so there needs to be a viable workaround.

  4. Is the solution PA-DSS certified? It must pass the consortium’s rigorous set of standards.

  5. What compatibility does the software have with leading phone systems, CRM applications, billing systems, payment gateways and call recording/quality monitoring systems? If it doesn’t work easily with your existing applications and environment it will be a major undertaking to get it up and running.

  6. Does the software require any proprietary hardware or can it run on commercially off the shelf (COTS) hardware? You want a system that can run on your existing hardware.

  7. How does the system indicate MOD approval so the agent is sure the proper digits were captured? This is important to ensure the card will go through and process properly.

  8. What key performance indicators (KPIs) in the call center has the solution shown to impact/improve? (e.g. average handle time, first call resolution, abandonment rate, etc.)

Don’t hesitate to ask your potential DTMF capture provider any and all of these questions.  The answers you receive will help ensure you are picking the best vendor for your PCI needs.