Background

With a history stretching back to the 19th Century, AXA has been helping people protect their possessions, themselves and their families for nearly 300 years. Globally, the company operates in 59 countries, specialising in wealth management, insurance and healthcare. In the UK alone AXA services over 10 million customers, employing approximately 10,500 people.

Using ‘pause and resume’ allowed the call recording itself to be PCI DSS compliant, but left the rest of the contact centre infrastructure still ‘in scope’ and meant that the recording no longer constituted a complete record of the call, which contravened FCA requirements.

The Challenge

With more than 1,000 agents taking payments across three contact centres in the UK, AXA required a security solution that ensured all locations were fully protected against fraud, without compromising its renowned high quality customer service. The new security solution also needed to comply with the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS can present a significant challenge for businesses, stipulating more than 400 checks and controls on IT systems, with a breach of the regulations resulting in harsh penalties. As a company working within financial services, AXA was also required to adhere to rules laid down by the Financial Conduct Authority (FCA).

AXA’s previous ‘pause and resume’ solution failed to stand up to the challenge, as it required agents to pause recordings mid-call in order to ensure customers’ payment card details were not captured and stored in the contact centre’s computer system. However, this left the company at risk of payment card numbers being accidentally logged in the system as a result of human error or technology malfunction, which could cause the recording to be paused at the wrong moment. While using ‘pause and resume’ allowed the call recording itself to be PCI DSS compliant, it left the rest of the contact centre infrastructure still ‘in scope’ of the regulations. Using this technology also meant that the recording no longer constituted a complete record of the call, which contravened FCA requirements.

The Solution

After investigating three other security technology providers, AXA implemented Semafone’s awardwinning, patented payment method in June 2015. Semafone worked with integrated communications provider – Adam Phones – to successfully migrate AXA’s 4,000 telephone numbers from one SIP endpoint to a hosted solution. The solution was then rolled out across eleven of the parent group’s brands, encompassing some of the UK’s biggest business names such as Marks & Spencer, Lloyds, Bank of Scotland and British Gas.

Semafone has contributed to a substantial Average Handling Time (AHT) reduction of 30 seconds

Semafone’s solution allows callers to input payment card numbers directly into their telephone keypad. The numbers are obscured using dual tone multi frequency (DTMF) masking, so the contact centre agent cannot see or hear the numbers. The agent also stays in full communication with the customer at all times, to help with any issues that may arise, which improves the quality of customer service. What’s more, Semafone’s solution takes the customer details and transfers them directly to the payment service provider (PSP), bypassing the contact centre environment entirely and thereby de-scoping the centre from PCI DSS.

The Results

While PCI DSS compliance and protection against fraud played a significant role in choosing Semafone, there was also a substantial business case to be made. Data breaches represent a huge risk to companies, with the average cost estimated at £2.37 million in 2015, a 41% increase over the last five years. Implementing Semafone means that AXA is now secured against both internal and external fraud, and protected against the reputational and monetary cost of a data breach.

The solution also presented a number of additional benefits:

  • Semafone’s solution has contributed to a substantial Average Handling Time (AHT) reduction of 30 seconds.
  • Contact centre agents can take notes and attend to other tasks while the customer enters their details, increasing productivity.
  • Call handling for customer service representatives is easier, as the payment process is streamlined and fits alongside AXA’s existing processes and systems.
  • Compliance costs are significantly reduced, as Semafone’s solution is able to transfer payment card data directly to acquiring banks, which completely de-scopes the contact centre in terms of PCI DSS.

AXA IT Director Matt Potashnick said “Since implementing Semafone, we are more productive, our agents are happier and our contact centres are now fully PCI compliant. We also carried out a survey that shows that our customers feel more secure, and that they actually prefer typing their details directly into the telephone keypad, as opposed to reading their details out loud over the phone where they could be easily overheard and stolen.”

Protecting customer data against fraud is becoming harder in the face of increasingly sophisticated attacks by criminals. Semafone’s solution both obscures card numbers using DTMF masking and also sends the details directly to the PSP, ensuring AXA is not storing any data that may put the company or its customers at risk.

“ Since implementing Semafone, we are more productive, our agents are happier and our contact centres are now fully PCI DSS compliant”

Matt Potashnick – IT Director, AXA

AXA
Semafone