Background

Since its foundation in India in 1993, Hinduja Global Solutions (HGS) has become a world leader in customer relationship and business process management. The company’s outsourcing services include back office processing, contact centre services and customised IT solutions, with a global client base including several Fortune 500 Companies.

In 2010, HGS moved into Europe with the acquisition of Careline Services, a leading UK provider of outsourced contact centre services. Further expansion into mainland Europe followed in 2011 with operations in France, Germany, Italy and the Netherlands. European customers of HGS include TalkTalk, Unilever and Virgin, as well as public sector organisations including the Department for Business, Innovation & Skills, and the Department of Energy & Climate Change. The organisation handles in excess of 50,000 customer interactions per day on behalf of its clients.

How it all began: The original challenge

As a provider of outsourced contact centre services in Europe, HGS (formerly Careline Services) was handling a high volume of credit card transactions over the phone for a variety of customers. Large quantities of sensitive data had to pass through different touch points within the company’s service delivery infrastructure. When the PCI DSS (Payment Card Industry Data Security Standard) regulations came into being in 2004, the organisation began to find it difficult to meet the challenge of maintaining customer service while complying with the new measures. As Megan Neale, General Manager for HGS UK points out, “At that time, a lot of our clients were just starting to get their heads around PCI compliance; attitudes were very different to what they are now. These days, all of our clients have a PCI strategy and they all have a roadmap. But back then, there was still a lot of education needed around PCI.”

Additionally, for HGS clients accepting telephone payments, sensitive credit card data was stored within the company’s network , placing call recording within the scope of PCI DSS regulations and requiring a number of security controls to ensure PCI compliance. HGS recognised the need for a solution that would support call recording while protecting credit card data.

The solution also needed to be compatible with changing client requirements. It had to account for changes in call volumes due to seasonal fluctuations or promotional campaigns while providing a new technology compatible with a variety of different CRM (Customer Relationship Management) systems and payment gateways.

A solution closer to home

A variety of software solutions were reviewed, but none existed that could solve the problem. One option was data encryption, but this would not allow for the secure capture of credit card CCV codes (the numbers on the back of a card) which was a mandatory requirement. ‘Pause call record’, whereby the call recording is manually paused while the customer states his or her payment card information, was also considered. By losing part of the call, however, it was felt that the quality service delivery would be compromised. Interactive Voice Recognition and other automated systems were discounted as they all removed the customer from agent interaction, with a large negative impact on the quality of communication.

In the end, the answer came from within the company’s own technology team. In a brave move, the company developed an application called Semafone, which allowed customers to enter their own credit card details into the telephone handset, thus removing the contact centre from handling credit card data for telephone payments. Semafone sends sensitive card data directly to the customer’s bank, or to an isolated computer, thus preventing it from pervading the organisation’s IT infrastructure or from featuring in voice recordings.

“One of the key benefits of using Semafone is that we can control the whole environment and it can be scaled according to our customers’ requirements”

Megan Neale, General Manager for HGS UK

Since Semafone operates by licensing per seat, this meant that it could be used across multiple clients. Its usage of open APIs also allowed for flexible integration with different CRM systems and the numerous payment gateways used by HGS’ clients. Additionally, the system could alter with the operational shift patterns; a seat that was using the client’s CRM and a specific payment gateway on weekdays, might be used by an entirely different CRM and payment gateway during the weekend. HGS had the option of using a Semafone hosted payment page, but could easily switch and use its clients’ own system or its own in-house version.

And importantly, since Semafone is PA DSS certified, it allowed HGS to de-scope its security related operations with a solution which met the global security standards, thereby ensuring project adherence to PCI regulations while meeting client requirements.

Implementation

Trials of Semafone ran smoothly and pointed to the viability of the concept. Crucially for HGS’ clients, call recordings demonstrated that the customer experience was positive and had in many cases been improved. This helped to quell initial fears that the public would have difficulty adapting to this new way of making a payment. The call fallout and failure rate was incredibly low – a good indicator that the technology was working.

The first HGS/Semafone customer: the UK Government sector

Following several successful trial implementations, HGS implemented Semafone in its call handling on behalf of the Foreign and Commonwealth Offices’ British Passport Information Helpline. This helpline was set up for British citizens living abroad who wanted to progress their passport applications. HGS provided a 24 hour, seven days a week service in order to cover all of the required territories and different time zones, with roughly 25-30 agents working on the account at any one time, depending on the time of year. As overseas residents who did not pay tax in the UK, callers were not entitled to a free helpline and had to pay for the service. They had the option of using a premium rate telephone number or making a credit or debit card payment during the call via Semafone.

The Foreign and Commonwealth Office’s charges were based on the length of a telephone call, so the first step for HGS was to pre-authorise the customer’s payment card before continuing with the handling of the query or request. At the end of the call, HGS would deduct the correct amount from the caller’s card, based on how long the conversation had taken.

The Results

Agents’ feedback about Semafone was consistently positive, even in the early days. The system was intuitive and agents found it simple to process card payments, eliminating the need for any lengthy training programmes.

As an outsourcer, HGS particularly benefited from Semafone’s flexibility to switch on and off according to customer needs. As a result, the application could be used throughout the whole business, or only for specific teams as dictated by demand.

“One of the key benefits of using Semafone is that we can control the whole environment and it can be scaled according to our customers’ requirements,” comments Megan. “We have observed that most of the technologies used by competitors, who have PCI compliance as standard, are often clunky and cumbersome. Semafone enables us to be responsive to our clients’ needs – offering flexibility as a key differentiator.”

Another highlight was Semafone’s ability to remove the contact centre entirely from the scope of PCI DSS regulations. As Megan points out, “Achieving PCI compliance can be a cumbersome and expensive process. By offering a PCI-compliant solution, Semafone protects the integrity of data shared by our clients, which is an obvious selling point both for HGS and our clients.”

And Semafone has managed to do all this while safeguarding the reputation of HGS and its customers.

“Although the public is becoming more educated about the risk of card fraud, individuals still place absolute trust in brands to protect their data. As a leading contact centre outsourcing business, we have been able to ensure the security of our customers’ sensitive data – Semafone makes that possible”

Megan Neale, General Manager for HGS UK

Innovations to come…

Originally, Semafone was integrated into HGS’s back-end systems. This meant that although credit card information was removed from the call recording and hidden from the agent, it would still be held within the company. HGS is now preparing to move to the latest version of Semafone, working with Gamma to install the application as a hosted solution thereby removing the contact centre completely from the scope of PCI DSS regulations.