Secure contact center payment solution comes to the cloud
Contact center data security specialist Semafone is making its Cardprotect available as a cloud solution in the US for the first time.
Companies now have the choice of running Cardprotect on premise, as a managed appliance, in a hybrid could or fully cloud solution. The new, cloud version enables a much faster, more scalable, flexible and cost-effective deployment, as there is no need for contact centers to purchase or manage equipment.
Using the software in the cloud means contact centers are able to quickly strengthen payment data security and dramatically simplify compliance with the Payment Card Industry Data Security Standard (PCI DSS).
Cardprotect enables contact centers to securely take payments over the phone using dual-tone multi-frequency (DTMF) masking. This means customers simply enter their payment card numbers or other numerical personally identifiable information (PII) using their telephone keypad. The dual-tone multi-frequency (DTMF) tones are masked with flat tones so sensitive data is never exposed to customer service representatives (CSRs), nearby eavesdroppers, captured on call recordings or entered into non-payment aspects of the organization's information systems.
Companies may have understandable concerns about handling card data in the cloud, but Gary Barnett, CEO of Semafone says:
With enterprise data breaches making headlines every day, it's not surprising that some organizations have security concerns and may be hesitant to make the shift to cloud computing. However, it's important to remember that the challenge is not in the security of the cloud itself. In most cases, data breaches are the result of a user – not the cloud provider -- that has failed to follow or enforce appropriate security policies and controls. As long as an organization enacts proper security policies and trains its employees on the importance of following them, it should have no worries about the cloud adding an additional layer of risk. As Jay Heiser, research vice president at Gartner recently said, "CIOs need to ensure their security teams are not holding back cloud initiatives with unsubstantiated cloud security worries. Exaggerated fears can result in lost opportunity and inappropriate spending."
When organizations deploy Semafone's Cardprotect in the cloud, the secure payment solution sits directly between the telephony carrier and the session border controller (SBC), meaning that no card data is ever passed through the contact center's environment. By keeping sensitive payment card data out of the contact center completely, it dramatically reduces the risk of a data breach and alleviates much of the burden of proving compliance.
Additionally, the cloud solution creates a redundancy in the telephony equipment, actually increasing resiliency by creating a fail-safe/back-up should the main telephony system fail. Semafone employs two geographically redundant data centers -- one in Boston and one in Chicago -- improving resiliency in the extremely rare event that one ever fails.
You can find out more on the Semafone website.