Secure customer credit card data in compliance with PCI DSS directives.
Loans and mortgage company Swift needed to increase the security of customer credit card data in phone calls to meet the latest Payment Card Industry Data Security Standard (PCI DSS). As an FSA regulated mortgage lender, Swift is required to record all phone calls including payments, and these too needed to be made secure. The Council of Mortgage Lenders (CML) encourages its members to be both FSA and PCI DSS compliant, leading to the technical challenges which Semafone has been specifically designed to tackle.
While there are various solutions available, Swift executives were concerned that they needed an electronic payment system that would be efficient and easy to manage as well as one that would be accepted by their staff of trained professionals.
The system needed to be cost-effective, and be able to integrate with Swift’s existing telephone and computer systems with a minimum of disruption.
Specialised software that significantly reduces the scope of PCI DSS compliance for credit and debit card data within the contact centre.
Semafone worked with Swift’s banking partner, Barclaycard, to provide a solution that would reduce PCI compliance directives for its credit and debit card, removing the requirement for costly security measures. It uses software which integrates with Barclaycard’s ePDQ system and masks the DTMF tones from a phone with flat tones. While speaking to an agent, customers input their credit and debit card details via their phone’s keypad; the number is not visible (or audible) to the agent and therefore cannot be recorded.
During the transaction, the agent’s computer displays the customer’s credit and debit card number as asterisks (only the last four digits show), and the payment is processed by the agent via a Semafone-hosted web page.
At Barclaycard we’re constantly looking for the most innovative and cost-effective solutions for our clients. For Swift, Semafone fit the bill perfectly and we were very happy to work with them on their implementation.
– Neira Jones, Head of Payment Security, Barclaycard
I’m confident that we have future-proofed our payment system against any future changes in PCI regulations.
– Peter Brennan, Head of Special Projects, Swift
After an initial period of negotiation and evaluation, Semafone began the implementation of its software system. Staff were provided with full training and given a brief series of instructions to help them through the first few days working with the new functionality. Semafone staff visited the premises and were on permanent call to deal with any potential problems during the installation period and beyond.
Semafone has maintained a relationship with Swift and has advised the company on cost-effective strategies for dealing with its legacy data and the future development of the system.
When we first saw Semafone in action it was very impressive, much better than our previous system. It just works, and is very easy for our staff and customers to use.
– Mark Stubbs, IT Manager, Swift
Reduced costs and risks, with improved efficiency.
Slashed costs: Semafone provided a cost-effective solution that undercut many more established methods of de-scoping or securing credit card data. The average time staff spend processing payment calls was significantly reduced with potential savings for man-hours and recruitment.
Greater efficiency: The simplicity of the new system’s automatic process meant that staff had a short learning curve to undertake. In trials conducted just after the installation, managers found that the time taken to process a payment had been cut by more than half. Since completion, the new system has also proved to be stable with a minimum of downtime experienced.
Tougher security: The potential for fraud by staff is virtually eliminated, since agents no longer have any access to customers’ credit card data at the point of processing the payment.
Better for staff: Staff were impressed with the new system and said so to their managers. Staff satisfaction with the system has led to a happier, more productive payment processing working environment.
Better for customers: Customers are happier because they can spend less time on the phone, and don’t need to say their credit card details aloud, especially where others might be listening. And since the system requires the presence of an agent, there’s still an opportunity for the ‘personal touch’, without the need to abandon customers to a fully automated payment system .
To make voice transactions of credit and debit card payments secure in compliance with PCI DSS guidelines. The system needed to be cost-effective and integrate with the firm’s existing telephony and computer systems. It was also of prime concern that both staff and customers should benefit.
To provide a voice-based electronic payment system that reduces the scope of PCI DSS compliance for voice transactions, reducing cost and potential risk, as well as providing a more efficient and stable payment system.
- Swift greatly reduced the number of PCI directives for its contact centre, ensuring that the company meets the relevant PCI DSS compliance directives cost-effectively
- Semafone’s solution cut Swift’s average call answering time in half which has delivered savings in man-hours, increased efficiency and improved customer experience
- Staff were happy with the change which meant they could work faster, more efficiently and with less hold-ups
- Reduced potential for fraud
- Unique, integrated system that significantly reduces scope of PCI DSS for call centres
- Ease of implementation
- Compatibility with legacy systems
- More efficient for staff
- Faster and more secure for customers