When properly implemented, the methods below are all PCI DSS compliant.
| Feature |
CallGuard |
Turn off recording |
Transfer to IVR |
Auto Pause & Resume |
Central DTMF blocking - in phone network |
Central DTMF blocking - on premises |
Your curent call recording system |
| Works with any call recording system |
 |
|
|
no |
|
|
| Scales from small to large installations |
|
|
|
|
|
|
| Can be deployed to virtual- or cloud-based recording |
|
|
no |
no |
|
|
Customer experience |
| Uses touch-tone data entry (shown to improve customer confidence) |
|
no |
|
no |
|
|
| Can automatically check that customers’ card data has been entered correctly |
|
no |
no |
no |
|
|
| Customers continue to talk with call centre agent throughout call |
|
|
no |
|
|
|
| Customer is able to ask questions during the payment process |
|
|
no |
|
|
|
Agents |
| No change to agents’ existing payment proces |
|
|
no |
|
no |
no |
| Increases agents’ personal security by barring access to card data |
|
no |
|
no |
|
|
| Minimal training required |
|
|
no |
|
|
|
| Agents do not waste time waiting for customer to enter card details to IVR robot |
|
|
no |
|
|
|
Your current payment processor |
| Allows you to keep your current payment processors |
|
|
no |
|
|
|
| No back-end integration with your payment processor required |
|
|
no |
|
no |
no |
| Does not require payment providers to make any changes to their systems |
|
|
|
|
|
|
| Gives the flexibility to switch payment provider in future, with no additional changes |
|
|
no |
no |
possible |
possible |
| Works with web-based payment providers with no integration |
|
|
no |
no |
no |
no |
| Works with application-based payment processes with no integration |
|
|
no |
no |
no |
no |
| Works with thin-client or RDP-based payment processes with no integration |
|
|
no |
no |
no |
no |
Your contact centre IT/telephony environment |
| You can switch telephony, payment and IT systems in the future, with no changes, and maintain PCI DSS compliance for call recordings |
|
|
no |
no |
no |
no |
| Works in PRI/TDM/E1 environment |
|
|
|
|
|
|
| Works in VoIP environment |
|
|
|
|
|
|
| Does not negatively impact average handling time (AHT) |
|
|
no |
|
|
|
| Avoids additional outgoing call charges |
|
|
no |
|
|
|
| Does not require changes to call routing provider |
|
|
|
|
no |
|
Security |
| Can stop agents seeing card data |
|
no |
possible |
no |
|
|
| Can stop agents hearing card data |
|
no |
possible |
no |
|
|
| Can stop screen recording systems capturing card data |
|
no |
possible |
no |
|
|
Outsourced contact centres |
| Protects your clients’ brand integrity by ensuring breaches involving customer data cannot occur |
|
no |
no |
no |
|
|
| Allows you to show clients that your staff have no access to customer sensitive card data |
|
no |
no |
no |
|
|
| A single implementation that works across all your clients’ systems |
|
|
no |
no |
no |
no |
| Works with client-hosted payment processes which cannot be tailored or customised |
|
|
no |
no |
possible |
possible |
Proof of Concept |
| Allows you to do a small scale Proof of Concept easily and quickly, using live systems |
|
|
no |
no |
no |
no |
Installation |
| True plug and play with telephony systems |
|
n/a |
no |
no |
n/a |
|
| True plug and play with desktop/terminals |
|
n/a |
no |
no |
n/a |
n/a |
| No integration required with agent’s payment processes |
|
n/a |
no |
no |
no |
no |
| Simple configuration with any desktop payment process |
|
n/a |
no |
no |
no |
no |
| Implementation time measured in days not weeks |
|
|
no |
no |
no |
no |
| Very low complexity for payment system and IT integration |
|
n/a |
no |
no |
no |
no |
Resilience |
| No additional potential single point of failure introduced to entire payment process |
|
|
no |
|
possible |
no |
| No additional potential single point of failure introduced to telephony/call path |
|
|
no |
|
|
no |
Regulatory requirements |
| Approach is acceptable to financial services regulators like FSA |
|
no |
|
no |
|
|
Further PCI DSS specifics |
| Works with other descoping tools |
|
no |
no |
no |
|
|
| Fulfills PCI SSC’s best practice guidance that agents should not enter card data |
|
no |
|
no |
|
|
| Integrates with tokenisation systems to further eliminate card data from your environment |
|
no |
no |
no |
possible |
possible |
