Contact center evolution has resulted in giving customers greater flexibility with when and how they will pay, whether that be through phone, mobile device, or through a Contact Center. One of the key components of a Contact Center software package is the Interactive Voice Response (IVR) component which enables customers to utilize self-service payment options 24 hours a day, 7 days a week without talking to a Contact Center Agent. Customers have the freedom to make payments using their phone whenever they like, which increases customer satisfaction and returning customers. Unfortunately, like any payment today, IVR payments are subject to data exposure when not secured properly.
Traditionally, in an IVR environment, as the consumer reads their payment card information over the phone to complete a payment, this information is digitized and stored within the Contact Center Solution call recordings for quality assurance, remittance, verification, or other reasons. This creates PCI scope issues, and more recently risk issues because call recordings are searchable, for the merchant or service provider which introduces tremendous overhead and cost from a compliance standpoint. To add to the complexity of the situation, most of these types of software packages are tremendously expensive and configured specific to a contact center flow which has proven positive for customers. Changing these environments or purchasing additional modules and components, while possible, generally come at a cost to the merchant or service provider.
Using TokenEx, our customers have been able to reduce PCI scope in varying degrees and absolutely reduce risk by leveraging our platform to tokenize data before it is ingested into other parts of the Contact Center environment or other downstream systems. Customers have leveraged the ability to make web service calls from the IVR environment to tokenize data so downstream applications and systems only receive tokenized data. This only leaves a small number of devices in scope for PCI. For more information and strategies around achieving PCI compliance or reducing risk by eliminating sensitive data sets from IVR environments, please contact TokenEx.