AGL is one of Australia’s leading renewable energy companies and is Australia’s largest private owner, operator and developer of renewable generation assets. The company’s Retail Energy division sells and markets natural gas, electricity and energy related products and services to more than 3.8 million residential and small business customer accounts across New South Wales, Victoria, South Australia and Queensland.

The division receives payment from customers via a variety of methods, including direct billing, online, post and telephone. 600 dedicated agents are employed to handle the business of taking payment via AGL’s contact centres and IVR systems. The security of customer details is paramount and AGL complies fully with the Payment Card Industry Data Security Standards (PCI DSS) to protect sensitive credit and debit card details.

The Challenge

A large number of AGL’s customers opt to pay by telephone.  The convenience of a quick telephone call to pay a bill, combined with the knowledge that a service agent is on hand to smooth out any problems, makes it a popular choice.  The challenge for AGL was that this resulted in large volumes of card data flowing through the company’s IT and telephony infrastructure. PCI DSS regulations require extensive security checks and controls to take place regularly wherever card details are stored, so AGL found itself spending a great deal of time and money to simply maintain compliance.

AGL uses some interactive voice recognition systems, which helped to reduce the problem by allowing customers to enter their own card details, but recognised that in many cases customers wanted to speak to a real person rather than an automated recording. Drop-off rates for IVR are generally higher than for transactions managed by an agent, as an anomaly is likely to result in the customer ending the call. Any new system would need to be able to cope with wide fluctuations in transaction volumes; as a utility company, AGL’s business alters significantly according to seasonal variations.

The Solution

A solution was suggested by BEA Systems, AGL’s Qualified Security Assessor, who is responsible for ensuring AGL’s compliance with the PCI regulations. BEA proposed Semafone’s secure payment method, designed specifically to protect card payments made through contact centres.

Semafone’s solution reduces the cost of PCI compliance by removing sensitive card data from the contact centre environment.  When paying bills over the telephone, customers can input their credit and debit card details via their telephone keypad rather than saying them aloud.  The card details are transmitted directly to the bank, avoiding the contact centre infrastructure and thereby reducing the number of checks and controls necessary to meet PCI regulations.  This presented AGL with a very simple solution to the complex problem of eliminating data fraud and complying with PCI DSS.

AGL was also impressed by the way in which Semafone’s solution increased security without compromising customer service.  Semafone masks the tones made by the keypad so that numbers cannot be identified by their sound, leaving the agent free to continue the conversation with the customer throughout the transaction.  Any problems, such as mis-keying of numbers, can be rectified straight away.


Semafone’s system has been installed in AGL’s contact centres in Sydney and Melbourne. Semafone was integrated with a variety of different CRM (Customer Relationship Management) and back office systems including SAP, and with AGL’s payment gateways.

“This is Semafone’s first major implementation in Australia and we can see that AGL is leading the way in securing their payments systems. The organisation has recognised that credit card fraud is a real risk for telephone payments and has taken steps to protect customers. We’re very pleased that we have been able to help the company cut the cost of PCI DSS compliance and improve customer service at the same time.”

-Tim Critchley, CEO of Semafone

The Benefits

Not only has AGL been able to make a dramatic reduction in the cost of compliance, but the company’s customers have also benefitted from Semafone’s payment method.  They no longer need to worry about the risk of saying card numbers out loud in a public place, such as an open plan office and are able to continue their conversation with the agent while they pay their utilities bills.

AGL’s customers have reacted well to the change.  When agents ask a customer to enter their card number into the keypad, it’s immediately clear that this is helping to improve security. This has enabled AGL to maintain the high standard of service that it has always offered, while improving security and cutting the cost of PCI compliance.  Everyone is better off as a result.