April 13th, 2018
Last week we announced that we were awarded a US Patent for a PII Data Protection Appliance (DPA) for use in the contact center. Now that the news has hit the wire, you may be wondering how our solution can complement your data security efforts and PCI DSS compliance initiatives in your contact center.
Protecting the sensitive data of customers is not a new push or initiative; however, the urgency of getting it done is at an all-time high. We can thank the increase in fraud attempts and data breaches for sending the industry into the fast and furious frenzy. Thankfully, innovative technologies in the contact center are continually being developed and adopted to help slow the roll of the fraudsters.
Utilizing dual-tone multi-frequency (DTMF) masking technology in the contact center has been a giant step forward in securing customers data. Customers own the input of their data, verbal exchange of sensitive data can be eliminated, agents and their workstations are not exposed to actual numeric details, and pause and resume is no longer that thorn call center managers and quality monitoring systems have to contend with.
However, customers PII is still traversing too many network systems, and audio of the DTMF tones of the customer could still be in play. So, we asked ourselves the following: can we remove all DTMF tones from the communication stream without physically interrupting the voice portion of the call? Could we aid VoIP contact centers in descoping an IVR? Would it be possible to remove more of a contact center from PCI scope? Those were the questions that drove us to seek a solution and develop the PII DPA.
The PII DPA is a silent interceptor of sensitive data. In an attempt to simplify the technical workings of the PII DPA, here is an example of how it works. Let’s assume a customer is calling your contact center to pay his/her bill and selects the option to make a payment in the IVR.
The customer begins entering his/her payment card using their telephone keypad.
The PII DPA intercepts the DTMF values and sends a token value to the IVR to satisfy the data input requirements.
When the IVR data entry is complete, it sends all associated payment data to the PII DPA.
The PII DPA marries the original DTMF values with the non-sensitive data received from the IVR.
The PII DPA then sends the data to the payment processor.
Payment results are passed back to the IVR and communicated to the customer.
The IVR doesn’t know that the PII DPA jumps in and out of the data stream. Customers are not transferred, voice path is not disrupted, and the IVR was never exposed to sensitive data.
Contact centers are highly technical complex environments and there is not one solution that can offer 100% protection of customers PII. There is no magic bullet to defeat fraudsters and prevent data breaches. What we can do is to continue to make it increasingly difficult to access the information and limit the touchpoints sensitive data encounters. The IntraNext PII DPA is a tool your pit-crew can use in the fraud and data breach prevention race.