Veritape Blog

Protecting cardholder data in a complex contact centre environment

Recently Veritape exhibited at the PCI London conference in (wait for it….) London. Cameron Ross, Veritape’s Managing Director, gave an educational presentation with Neira Jones. Neira is the Head of Payment Security for Barclaycard, and has recently been voted as one of the Top 10 most influential Information Security people in the UK. This presentation was so popular that the organisers (literally) had to lock people out of the room as it was overflowing.

The presentation focussed on protecting cardholder data in a complex contact centre environment. One of the key difficulties is how to eliminate cardholder data from the screen and audio recordings which are routinely used to monitor staff performance, handle customer complaints, and for regulatory compliance purposes.

This is even tougher for outsource contact centre providers, who may be required to use payment gateways and other IT systems which are owned and operated off-site by the ultimate client, and over which the outsource contact centre has no control.

In the presentation, you’ll see:

• How one company eliminated cardholder data from their call recordings with 4 hours testing to prove CallGuard’s operation, and then 2 hours’ implementation.
• How a large multinational BPO operator with no access or control over the payment systems being provided by their client, easily eliminated cardholder data from recordings and agent screens using CallGuard.
• How a niche market call centre operator reduced Average Handling Times, increased customer service levels and complied with PCI regulations, with a single simple change