Semafone provides a solution which takes contact centres out of the scope of PCI DSS regulations for telephone payments. How exactly does it work?Graham Thompson: Semafone ensures that sensitive card data completely bypasses call centre agents, the desktop and the network, taking the entire contact centre out of scope from PCI DSS. It eliminates the risk of fraud because no data is taken /seen by agents, nor is it held on any systems. With Semafone’s secure voice solution customers enter their payment information using the telephone keypad. Semafone masks the DTMF (Dual Tone Multi-Frequency) digits to a flat tone so that they cannot be de-coded by the call centre agent, nor recorded on the call recording system.
When the time comes to take a payment, simply moving to the payment page triggers Semafone’s SecureMode and as the customer taps in their information, the relevant fields are automatically populated (masked by asterisks), meaning the sensitive information does not enter the desktop. The payment details are then sent to the Payment Service Provider, where the payment is processed. Authorisation is sent back to the client’s system to allow the transaction to continue.
This year, your company has won the METAward at the MRC annual conference in Las Vegas. Could you elaborate a bit on the degree of innovation your product delivers?Graham Thompson: Semafone is fast being recognised as the leader in secure voice transactions. The company has taken a new approach to the problem of PCI compliance in the call centre. Instead of attempting to secure every entry point of access to card data, Semafone has instead removed the entire contact centre from the scope of PCI. This not only protects customers’ card data from fraudulent usage but also drastically cuts the cost and burden of PCI compliance.
Semafone is also scalable to meet individual client’s needs and is flexible across multiple system architectures. It integrates with existing contact centre technology, and can be hosted within a company’s telephony infrastructure on-site or through a telecommunication carrier’s cloud. Seamless integration with Payment Gateways ensures rapid deployment and minimum disruption to the business. The product truly delivers the most thorough and cost-effective solution to PCI compliance for the contact centre.
In your opinion, does call centre fraud open a new frontier in cybercrime?Graham Thompson: Fraudsters are finding that gaining access to card data is becoming increasingly difficult as the information security controls mandated by PCI DSS start to have an impact within the industry. SQL injections remain the most common form of attack but they are reaping less and less cards. Fraudsters naturally move to the next lowest hanging fruit - the contact centre presents one of these potential targets.
Fraudulent call centres can be used to commit various fraud types, including …Graham Thompson: Identify theft remains the most common type of fraud within the contact centre. Contact centres are not only privy to card data but they also collect other attributes that can be used for identity theft including date of birth and address. With just a credit card number and date of birth it is possible to change the password on a 3D Secure account (Verify by Visa or MasterCard Secure). Not only are agents exposed to this data but it is also communicated over Voice over IP (VoIP) and can be harvested by the cybercriminal.
Your technology makes a positive impact in the industry because …Graham Thompson: Semafone helps contact centres face the challenges of meeting the rigorous and often complicated compliance regulations for taking payments over the phone. In doing so, they protect both their customers’ card data and themselves from fraudulent card usage. The Semafone technology secures all voice transactions and helps combat the risk of data breaches. It can also reduce call handling times and abandonment rates and improves customer satisfaction; gaining greater efficiencies and effectiveness within the contact centre.
Many consumers admit to being unwilling to share credit card numbers with contact centres, fearing their personal card data will be compromised. Inputting the payment card number and security code themselves gives customers greater peace of mind than just speaking it to an agent. There is also less room for communication or transcription errors. Customer satisfaction increases as callers understand and appreciate that this measure is a much more secure way of sharing card data. Semafone reduces the cost of PCI compliance, in some cases by more than 90%, as card data is no longer stored or recorded and the contact centre is taken out of scope for PCI DSS.
What are your company’s ambitions for the future, both in terms of product development and expansion?Graham Thompson: Today Semafone thwarts both agent fraud and cyber fraud within the contact centre, preventing card data falling into criminal hands. The next step for Semafone is to stop cards that have already fallen into criminal hands being used within the contact centre. Chip and PIN for bricks and mortar together with 3D Secure for e-commerce have stopped fraudsters from using cards within these environments. This has driven them to attempt to use stolen cards through contact centres. Semafone will provide solutions to authenticate the card holder when making a phone transaction to eliminate this avenue for criminal purposes.
This interview was published in one of the special editions of our premium newsletter Online Paypers, focused on online fraud. You can take out a free trial here.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now