Outdated and impractical solutions for achieving compliance to the Payment Card Industry Data Security Standard (PCI DSS) need to be replaced with customer-centric solutions. Pause-and-resume call recording and clean room environments should be upgraded to more advanced technologies using Dual Tone Multi Frequency (DTMF) masking. This view is underlined and supported by the PCI SSC’s guidelines on ‘Protecting Telephone-Based Payment Card Data’. PCI Pal Agent Assist and IVR Payments use DTMF masking technology to suppress the telephone keypad tones entered by a customer during a financial transaction.
What is DTMF Masking?
DTMF is the discordant two-tone signal, or sound, that is generated when you press a button on a telephone’s touch keypad.
In DTMF masking, the consumer enters their card number, expiry date and security code using their telephone keypad, rather than speaking their payment card data. These tones are intercepted by the PCI Pal system and masked with a monotone comfort beep for the agents. The captured card data is then sent straight to the Payment Service Provider (PSP) for processing. This process means the data completely bypasses the contact centre environment.
The use of DTMF masking technology for PCI compliance can eliminate data breaches at the contact centre level. By preventing payment data from entering the environment in the first place, there is no data stored to breach.
DTMF masking technology for PCI compliance removes any need for the agent to see, hear or store sensitive payment data. The best solutions allow the customer and agent to speak at all times during the payment process. The voice flow is therefore uninterrupted as the customer enters their details.
As DTMF masking technology removes spoken card data, there’s no possibility of the contact centre inadvertently recording sensitive financial information. The burden of sensitive data storage rests solely with the payment provider.
Benefits of DTMF Masking technology:
- Improved customer experience – the customer is reassured that their data is handled securely. They are not diverted away from the agent to a ‘payment line’ solution to complete their transaction with no support.
- Scope of PCI DSS is greatly reduced – as no data is being stored, processed or transmitted within the contact centre, the Cardholder Data Environment (CDE) is greatly reduced. Minimising your risk of a data breach.
- Improved agent experience – As the sensitive cardholder data is removed from your contact centre, your agents are not exposed to demotivating compensating controls such as clean room environments and additional security checks. In addition, DTMF masking technology means the agent doesn’t see or hear the sensitive cardholder data reducing the company’s internal threats from bad actors.
Our other technology
Explore the other technologies we utilise to secure your business communications and assist you in adhering to strict industry governance.
Secure payments via digital engagement channels such as Webchat, Whatsapp, SMS, Social Media and Email.
Speech recognition technology is a feature of our Agent Assist and IVR Payments solutions, allowing customers to speak their details in a secure way as an alternative to using their telephone keypad.
The entirety of PCI Pal’s product-base is available from our global cloud platform hosted in Amazon Web Services (AWS)