Call Center Security Solutions for Insurance Companies

Keep sensitive customer information out of your call center’s infrastructure, streamline compliance and eliminate risk with Semafone

As an insurance company, you collect, process and store large amounts of customers’ personal information every day. Much of this data comes through your contact center, where your agents work hard to resolve customer issues, take payments, and provide a positive customer experience – all while keeping sensitive information secure.

It’s an important goal to transform these contact centers by creating efficiencies which will reduce costs and increase topline revenue. Semafone’s technology reduces the cost of that transformation and contributes to greater business effectiveness.

“Stop/Start” is No Longer Enough

While you may think your call center is taking the appropriate measures to secure personally identifiable information (PII), like payment card numbers and social security numbers, it’s time to re-evaluate your processes. As you know, most insurers record customer calls. But, what happens when a customer has to read his or her card numbers out loud? Naturally, this information is also recorded, and thereby stored in the call center’s physical and IT infrastructure. To block this information from recordings, many companies use the practice of “stop/start.” However, that is no longer enough.

For insurers who must record 100 percent of calls to demonstrate compliance with industry regulations, using stop/start means that they are not recording the entire call. Therefore, they are not compliant and are opening up opportunities for illicit activity to occur while the call is stopped. Plus, sensitive information is still exposed to the agent (and anyone else who overhears the call), who may it use it for fraudulent activity.

Revolutionizing Customer Experience and PCI Compliance

Semafone’s technology solves this issue. The solution allows contact centers to remain in voice communication throughout the payment process, even while the customer enters card details into their telephone keypad.

The call – and the call recording – continue as normal while the customer enters their credit card information or other Non-Public Information (NPI) such as social security numbers using their telephone keypad. For complete security, Semafone’s patented data capture method masks the Dual Tone Multi-Frequency (DTMF) tones from the cardholder’s telephone and replaces them with a flat tone so they can’t be recognized by the call center agent or recorded on the call recording system.

By ensuring all NPI remains segregated and by removing Sensitive Authentication Data (SAD) before it hits the call recorder and the contact center infrastructure, the contact center is taken out of the scope of PCI DSS

Deploying Semafone can reduce ongoing PCI DSS compliance costs by up to 85%. Semafone removes the need to protect data with traditional IT tools and controls, reducing the amount of technology required – such as hardware, logging tools and security patches, as well as the level of human effort involved in carrying out required checks and controls. Deploying with PCI DSS alone, Semafone can reduce the PCI controls a merchant is responsible for, from over 400 to 15.

Semafone has also been proven to reduce call AHT (Average Handling Time) and provide significant cost savings. One leading insurer reduced their AHT by 30 seconds, while a major US wireless operator reduced theirs by 3% after deploying Semafone.

Semafone can integrate fully with your existing contact center infrastructure, including telephony equipment, voice recording, CRM systems and Payment Service Providers (PSP).  Card details are transmitted securely to the acquiring bank via your chosen PSP.


Semafone’s technology and business processes have been rigorously inspected and we are accredited to the highest standards.

Semafone Protects Your Customers, Your People and Your Reputation

Securing contact center data is a challenge. It only takes one rogue agent to steal one piece of personal customer data, and the damage to the company reputation once in the public domain can be devastating, both financially and for the brand. The impact and risk mitigated by Semafone is even greater for international firms.  With the GDPR (EU General Data Protection Regulation) coming into place in May 2018, forcing companies to report this type of breach to the regulatory bodies within 72 hours and with fines up to 4% of global revenues it’s a great time to ensure Semafone is a key part of your organization’s compliance and security strategy.

Learn More About Semafone

Contact Us Today

If you’re interested in learning more about Semafone’s solutions for US insurance companies, contact us today.