Protecting card data and more in the contact center [Q&A]
Although many transactions are now carried out online, contact centers remain an important tool for businesses.
Call and contact center payment security solutions provider Semafone has had its latest Cardprotect (version 4) product validated by the Payment Card Industry Security Standards Council (PCI SSC) against the latest version of the Payment Application Data Security Standard (PA-DSS). This makes it one of the only companies in the industry to provide this level of certification.
We spoke to Gary E Barnett, newly-appointed CEO of Semafone, to find out more about why protecting contact center data now goes beyond payments and also, increasingly, beyond voice.
BN: How is contact center communication changing?
GB: In contact centers voice remains strong but there are other forms of communication occurring. Chat for example, even video conferencing, SMS, messaging services through Facebook and WhatsApp, those are all becoming mainstream forms of communication. We believe that people will want to have their personal information, whether it's card information or bank or personal information protected in these new forms just as they would in the voice world.
BN: How can contact centers across all industries ensure they comply and stay up to date with an ever changing regulatory landscape?
GB: We capture a lot of very rich data, we know about virtually every transaction that goes through our customers' contact centers. That can be how many calls they receive, how many of those went into secure mode, how many terminated with a successful payment or unsuccessful payment, what type of payment and more. By capturing all this rich information we believe a future step is to add analytics. This can be used not just for reporting but for machine learning, fraud detection, any number of things. We know about every call that comes into the contact center that even has potential for a payment, so we see every piece of traffic as we release our new products this will be true for chat and non-voice too.
This can help not just in financial services but in areas like healthcare -- adhering to the HIPAA requirements for example -- there are any number of ways outside just the payment card industry that our solution can help our customers. It's not just for regulatory purposes, although that's important, but also areas where it's very important for our customer to make sure their customers know that they take security very seriously. And this where the different forms of communication are so important because not all of those transactions are going to be telephone based.
BN: Does this need for protection extend beyond the contact center?
GB: Some of this information, card data for example, needs to be protected outside the contact center. So yes, the contact center is not necessarily the only part of the operation that needs to be able to protect data.
BN: People sometimes seem to feel safer dealing with contact centers than carrying out transactions online. Is that trust perhaps misplaced?
GB: I think it is. People are becoming more and more cognizant of the fact that they do need to be more secure with their data. In the US, for example, we've got to the point where virtually no one -- regardless of who they're dealing with -- is willing to give their social security number to anyone over the phone or in a chat situation. Protecting it even more, I would say, than a credit card number. Those concerns are definitely growing and that’s an area where companies will want to have customers feel very safe giving that information and demonstrate that they are protecting it. People are more fearful about companies being breached and things like social security numbers being stolen, so we don't want to focus just on personal information but payment information as well.
BN: Is there scope for some form of industry authentication, an equivalent of the browser padlock symbol perhaps?
GB: Yes, I think that's an interesting question and it's something we've debated. Even when a consumer calls into a merchant and gives their credit card number in secure mode there's a bit of trust there. So how do the industry give some form of feedback to the consumer that they're in a state where their data is protected? Do you play a tone, something that they could start to understand means they've been put in a mode where they can be trusting and know their information is being protected?
And of course you have to have that trust through voice, chat and all the other forms of communication. We certainly protect the data today but that doesn't necessarily mean that the consumer is trusting. I'm not sure that any of us in the industry yet have even scratched the surface of being able to do this.