The Caravan Club, trading as the Caravan and Motorhome Club describes itself as the largest touring community in Europe. The membership organisation was founded in 1907 and offers everything from campsites, yurts and holiday cottages to events, training, insurance and worldwide holidays. Members are able to pay for their subscriptions and these additional products and services using a variety of methods including direct debit, online payments, face-to-face transactions, or over the phone.
The Caravan and Motorhome Club has a centralised UK contact centre in East Grinstead, West Sussex, that employs around 110 agents to handle customer queries and take payments for products and services. Handling thousands of calls every day and with seasonal variations in demand, mean surges frequently occur in January, when members begin to think about booking their overseas holidays, and in March and October when many call to renew their insurance policies. When members phone in to make an enquiry, it is important to the Club that they are able to make a payment on the same call, without the need to be re-directed to another individual or an automated process.
With so many payment transactions taking place through the contact centre, the Club has to comply with the Payment Card Industry Data Security Standard (PCI DSS). This applies to all payment methods made by card but is particularly challenging when it comes to telephone payments as the Caravan and Motorhome Club records all its phone calls. PCI DSS specifically prohibits the capture of any sensitive card data on call recordings and requires strict security controls on sensitive payment data that passes through the contact centre. The Club had implemented tokenisation, which helped to achieve compliance through other channels, but telephone payments were still in PCI DSS scope.
The Club looked at a number of options to resolve the compliance challenges for telephone payments, including Pause and Resume solutions that stop the call recording while the card numbers were read out by the customer. However, this method was discounted as there was a danger of pausing the recording at the wrong moment. Moreover, the final recording would not constitute a complete record of the call, making it inadmissible as evidence in the case of a dispute. After a thorough review process, the Club chose Cardprotect from Semafone to secure their telephone payments. Using this solution, members input their payment card details directly into their telephone keypad. The numbers are obscured from the contact centre using dual tone multi frequency (DTMF) masking. So, while it’s impossible for agents to hear or see a member’s card details they are still able to remain in full voice communication with callers to help out with any issues that may arise during the payment process. Cardprotect sends payment card numbers straight to the payment service provider (PSP), completely bypassing the club’s internal contact centre IT infrastructure. Fully scalable, the solution can easily cope with the club’s demand peaks to ensure every payment is taken securely.
Cardprotect was installed onto a Gamma platform, integrating with Avaya IPI telephony system. Semafone, Gamma and the Club worked collaboratively to ensure that it all came together smoothly.
“It was sometimes tricky to co-ordinate, and as always, testing highlighted a few issues, but nothing that wasn’t resolved easily,” said Jon Laws, Financial Controller of the Caravan and Motorhome Club. “Semafone’s team was on hand to help and the implementation was relatively incident-free. Training the agents to use the system was straightforward because of its simplicity, and we made sure that everyone received the right support as it went live. With both our agents and members happy using Cardprotect, Semafone got a big thumbs up from our contact centre manager.”
The Caravan and Motorhome Club’s top priority is its members, so one of its biggest concerns was that the new system would be accepted by people making payments. “We were delighted by how fast our members took to it,” said Jon. “We’ve had very few complaints, and I think they are aware the new system is helping to keep their payment data safe. For us, the whole implementation was as much about looking after members’ data responsibly as it was about PCI DSS compliance.” Agent productivity is enhanced by the Semafone system as it allows them to carry out additional tasks, such as filling in notes and updating records while the member is inputting their details. It has also meant that calls are often shorter because the numbers no longer need to be read out loud before being entered. The fact that the system is cloud-based, using Gamma’s SIP infrastructure, not only ensures that no card data ever enters the contact centre, but means that it’s easy to add more agents if needed, to accommodate increased demand.
The Club is looking into further possible applications for Semafone and considering what other personal information the system may be able to protect. Top of the list are bank account details, and the organisation is already in discussions with Semafone about finding ways of securing these in the coming months.
Like many organisations, the Caravan and Motorhome Club has also been working hard to ensure that it is compliant with the European Union General Data Protection Regulation (EU GDPR). While this regulation covers a wide range of customer information, sensitive financial details are a crucial component of it, and organisations are encouraged to hold as little as possible. “The Semafone system isn’t a panacea for the EU GDPR,” concluded Jon Laws, “but it has helped and has certainly taken care of the problem of storing card data.”