Background

dlc is one of the largest debt collection agencies in the UK, serving a diverse customer base. It offers services including outsourced credit control, litigation tracing, debt purchases and debt recovery. Call centres and payment processes are pivotal to the successful delivery of many of these services, so a fully secure and compliant call centre is essential.

The Challenge

dlc records all of its calls to comply with regulations set by the Financial Conduct Authority (FCA). This was causing concern as customers were required to say their card details aloud over the phone when making a payment, which meant that the card numbers would be recorded onto the call recording system. This infringes on the Payment Card Industry Data Security Standards (PCI DSS) regulations which prohibit call centres storing sensitive customer information on call recordings.

To address this, dlc used a pause/resume solution whereby the agent pauses the recording at the start of the payment process, then restarts it after the payment has been made. This method has a number of disadvantages:

  • The technology does not make the organisation PCI compliant
  • Human error can result in the recording being paused at the wrong point, causing accidental recording of the card numbers
  • The recording no longer constitutes a complete legal record of the call

dlc therefore needed a payment solution that:

  • Did not disrupt the recording of the call at any point
  • Removed the agent from the payment process to protect them and the customer
  • Protected the customer from the threat of fraud
  • Enabled them to continue to maintain excellent customer service
  • Ensured that dlc was fully compliant with PCI DSS

The  Solution

After a rigorous process of looking at a number of different solutions, dlc identified Semafone as the right choice for securing telephone payments. Unlike other vendors, Semafone’s technology allows the call and the recording to take place uninterrupted; it leaves no room for agent error/ mis-keying and fully protects the customer. The payment method requires the customer to type their debit or credit card numbers into the telephone keypad whilst remaining in continual voice communication with the dlc agent. When different numbers are pressed on the keypad, each is masked by a flat tone, making it impossible to identify the number just from its sound.

This is done using Semafone’s patented data capture method, which uses Dual-Tone Multi-Frequency (DTMF) masking. DTMF adds another level of security as it disguises the card numbers. When typed into the telephone keypad, the numbers appear as asterisks on the agent’s computer screen, so they are completely hidden. The payment details do not appear on the call recording system and go straight to the bank, avoiding any possible contact with the call centre, its staff, or anyone who might intercept the information.

Implementation

Semafone was integrated with the two other critical parts of the contact centre operations at dlc; its dialler, provided by Noble Systems, and its CRM environment supplied by Sopra. From the perspective of the contact centre agents, the result was a seamless, easy to use technology solution.

The process of delivering this PCI compliant solution involved both dlc’s Qualified Security Assessor NCC and its acquiring bank, Barclaycard. Both of these organisations worked closely with Semafone in the final stages of the project to ensure a successful implementation.

As with any major change in software, there were a few technical glitches when switching from the old system to the highly automated new system. However, Semafone ensured that the process was as seamless as possible and that all dlc agents were familiar and comfortable with the software before going live.

“Semafone’s proven experience in dealing with high volumes of card transactions, along with the industry knowledge of its team, meant that it really stood out from other solutions,” commented Steve Grima, Joint MD – Operations at dlc. “We have been able to remove our contact centre completely from PCI scope while providing our customers with absolute confidence in the security of their card transactions. Delivering a positive customer experience is at the heart of our operations and Semafone is really helping us to achieve this.”

The Results

Feedback from both customers and agents has been very positive and the benefits have been felt throughout the company. Semafone has completely removed dlc’s contact centre from the scope of PCI DSS regulations and has significantly reduced the risk of a data breach, giving customers an added sense of security when giving payments over the phone.

Agents are able to provide an improved level of customer service through the new system because they are free to continue the conversation with the customer throughout the payment process. This is particularly important given the sector in which dlc operates. Debt collection can be a sensitive issue for many people, and having constant communication with the agent provides an added level of reassurance for the customer, making them less likely to drop off the call mid-way through the payment process.

See what dlc’s agents have to say:

“Semafone is really easy for me to use. It saves me from mishearing customer numbers, or having to get them to repeat them, particularly when customers are outside on their mobiles.”

“Customers like being able to speak to us to make their payment. Customers know I am always on the other end of the phone to speak with them. They don’t get lost in a black hole. I’ve had some good feedback from my customers about them feeling safe processing payments this way.”

“This is easier than our old way of processing payments and now the conversations between me and my customers’ just flow. It has made my Team Leader’s job easier to assess my calls now, as they don’t need to look for two parts of a recording.”