Cutting the Data Risk from Voice Response in Payments
The vast majority of companies that collect customer payment information over the phone rely on interactive voice response (IVR) technology to streamline the process and reduce live agent staffing requirements.
Certainly, IVR does provide for expediency in handling most payment scenarios and the security of not exposing live agents to customers personally identifiable information (PII), such as credit card, account or Social Security numbers.
However, the IVR is a supplement to customer care and when the customer needs to speak with an agent, the interaction often requires a verbal exchange of sensitive information to retrieve account information. This exchange exposes the agent to customers PII data, not to mention anyone who may be within earshot of the customer as they speak the numbers. This method introduces the risk of data entry errors and takes up valuable time in repeating and validating the data. It also creates a new challenge within quality monitoring systems, which must be configured to encrypt or pause and resume call recording at the appropriate time to prevent the capture and storage of sensitive data per PCI-DSS regulations.
To overcome these obstacles, a new technology using dual tone multi-frequency (DTMF) signalingthe same touch-tone signals IVR uses to capture dataallows companies to capture PII data while an agent remains on the line, to provide the best of IVR benefits with the personal attention of a live agent to improve customer service.
With this live DTMF system in place, the agent asks the customer to input their PII or payment data using the touch-tone key pad on their telephone. The DTMF system automatically captures and processes the data into the appropriate transaction system, toggling recording off and on if needed, and masking the data from the agentall while the caller and agent remain on the line together. In the event the customer needs assistance, the agent is there to help while the customers data is securely protected by the DTMF capturing system.
For implementation ease and efficiency, DTMF systems can be deployed within computer telephony integration (CTI) software that interfaces directly with Automated Call Distributor (ACD) systems. Because the capture and processing occurs entirely within a secure, encrypted server, this approach eliminates the weak link inherent in desktop filtering systems, which can potentially be disabled or overridden by an agent. CTI-based implementation is also a more economical solution than carrier-side systems that require more vendor resources and greater cost.
This emerging DTMF solution will transform the way companies process customer payments and collect PII, and usher in a new era of much-improved customer confidence and security. Not only does it eliminate the risk of exposing sensitive data to the agent, giving customers added peace of mind, but it also improves customer support by ensuring an agent is available to help. The system can even shorten call time/agent-customer interaction by up to 15 seconds compared to a verbal exchangea benefit for both the customer and the company. Furthermore, this application of DTMF technology can provide enhanced PCI compliance by eliminating the need to pause/resume call recording altogether. Because the data is inherently masked, muted or filtered, there is no risk of it being capture, recorded or stored.
As transaction security becomes a growing concern and outstanding customer service increasingly becomes a competitive differentiator, I expect well see many companies transitioning to this new DTMF technology for payment processing to leverage the ease, efficiency, accuracy and low-cost of this novel approach.
Patrick Brown is president of IntraNext Systems.