Industry: Financial Service-ForEx Employees: 6,500 Revenue £721.5m
Business: A London-based foreign exchange company operating two contact centres in the UK providing foreign exchange services, prepaid credit cards and international payments.
Challenge: To meet their growing business needs and to handle more payment transactions as well as making their Disaster Recovery processes simpler and more effective.
Solution: CallGuard to secure payments and prevent agents from seeing or hearing cardholder data.
Natural language call routing to simplify the ability to switch incoming calls between contact centres.
- Agents see no data
- Agents hear no data
- No data is stored in the business
- There is no data available to steal
- Switching between contact centres is simple
This foreign exchange company founded in 1976 and headquartered in London focuses its businesses on international payments, bureau de change and issuing prepaid credit cards for use by travellers a. It is the world’s largest foreign exchange bureau.
Today they have 1,500 outlets based in tourist locations and in over 100 airports across 26 countries. They provide customers with over the counter currency exchange as well as prepaid cards which travellers receive before they travel. They have developed a growing network of over 1,100 ATMs at both on-airport and off-airport locations around the world and their mobile foreign exchange platform handled 1.4milion mobile and online transactions in 2016.
Their UK contact centre operation has roughly 100 agents handling customer queries and processing payments over the telephone for foreign currency.
Working with the exchange of currency, the business is a target for fraudsters. In response to this, they have built into some robust processes, involving many layers, to help prevent a breach or any fraudulent activity occurring in the contact centre. These processes include extra training for agents that requires them to listen out for the rustling of papers when the customer is asked for their card details as this could signify that the customer is not holding an actual card but is searching acquired paperwork for a card number which would indicate that this customer is not the legal cardholder.
This very real threat to both the business and reputation as well as the end-customers card security meant that further measures were needed to protect all stakeholders.
At present they use a NICE call recording platform and, at the point where payment needs to be taken, their agents pause the call recording so that no sensitive details are not recorded or stored. While this had provided a degree of protection and contributed to their PCI DSS compliance, the number of payments that their agents were taking continues to rise which required a more stringent and secure solution.
In conjunction with their drive to find a simpler and more reliable way to achieve PCI DSS compliance, the business has a top priority to have Disaster Recovery (DR) practices in place. They also have a secondary contact centre site that can be used in the event of a failure at their primary contact centre. However, one of the toughest challenges is that the trigger to switching between sites was not simple to put into action. In order to ensure business continuity, they sought a more reliable and effective solution to this element of their service.
- For PCI DSS compliance and securing payments: Eckoh’s patented CallGuard solution was implemented, using the company’s existing payment pages. This was a critical requirement as they had already undergone some deep-level integration to their multiple CRM systems which they wished to maintain. The simplicity of Eckoh’s CallGuard means that very limited work needs to be done to implement the solution and also will not affect the current integrations that are in place.
- For DR and business continuity: EckohROUTE – a natural language call routing solution - allows the business to take control of where calls are delivered via a simple-to-use online interface. Eckoh will help the business build a pre-configured routing so that, in the click of a button, they can instantly route all the incoming calls to the contact centre into their DR site.
The business aims to make money easy to spend and send. That brings some challenges and risks but Eckoh’s secure payment solution and call routing means they have been able to reduce that risk significantly. That brings major benefits to the business and their customers.
- Agents no longer hear the cardholder data being read out. The customer enters their card details into their telephone handset keypad.
- The agent no longer sees the cardholder data. They only see asterisks or hashes (*/#) in place of the card data on their screen
- The card data is not stored anywhere in the company’s contact centre environment nor in call recordings
- The entire contact centre is removed from the PCI DSS audit scope – simplifying their compliance process.
- The business can be sure that they are, and remain, fully PCI DSS compliant every minute of every day
- The risk from a data breach is significantly reduced – as there is no data available to steal
- Easy switching between contact centres means that they can demonstrate their DR, business continuity and sustainability credentials.