• PCI Compliance
• PeepSafe Order Entry
• PeepSafe Voice
• PeepSafe Applications
• PeepSafe Mobile and Web Solutions
• Legacy Applications
• PeepSafe E-Mail Gateway
• PeepSafe Analytics
• PeepSafe Printing

PeepSafe Voice Solutions

• Does your organization take payments over the phone?

• Do you have a call center?

• Do you use a voice recorder?

• Do your agents see and hear cardholder data?

• Do you store this data into a local ERP system?

This diagram represents a call center. Calls, which come in through a PBX, are being recorded and agents have access to the internal ERP or call center system. The agent answers the phone and during the call, the customer is asked for their credit card number. Typically, callers speak the credit card number to the agent, the agent enters the number manually into the system, and that information  gets processed. At this point the whole system, including the agents, is in scope. Having agents in scope may be particularly high-risk, as they are often temporary, have a high turnover rate and may even be based at home or outsourced. The agent has the opportunity to remember or write down credit card numbers, and not only has all the details of the card, but also all the other customer details they need to post a fraudulent transaction.

Using multiple technologies, PeepSafe can completely de-scope voice-only environments from PCI DSS, removing the risk of “at home agents”. It can also de-scope entire call centers, ensuring that corporate call recording systems are fully PCI DSS compliant, and greatly reducing the risk of agent fraud. Incorporating a tokenization engine and integrating with any internal application, database and payment gateway, PeepSafe can be quickly implemented with minimal effect on existing business processes. This scenario does involve a small change in business process in that instead of having the customer speak the credit card number, they have to enter the card number via the dial pad on their phone. While it is a slight change in business process,  several studies have shown that it is a positive improvement to the customer experience. These studies show an increase in customer satisfaction, as customers have less frustration at having to repeat themselves. Customers feel that the solution is more secure as they no longer have to speak their card number out loud. In addition, call centers are experiencing an increase in throughput using this method, as agents can handle more calls per hour, which reduces their costs. So the process change has actually turned out to be a win-win-win situation! The agent now has no ability to see, hear or do anything with credit card data.

Voice Solution 1

In our first case study, there is a USB filter device located between the agent telephone and the telephone cable.  There is also a filter sitting in front of the IVR.  The customer calls the agent and at the point of entering the credit card details, the agent asks the caller to enter their details using their telephone keypad.  The DTMF tones are encrypted within the device and uploaded directly to the PeepSafe portal using Datashield technology.  The filter in front of the IVR prohibits those tones from entering and thus being stored within the IVR.  The agent only sees masked numbers on their screen and thus never hears nor sees the cardholder details.  Only authorization tokens are returned to any local application or CRM.  This token can be re-used for future payments by making those repeat or batch payments seamlessly via the PeepSafe portal. This solution is not only compliant but also removes the agent and desktop from scope.

Voice Solution 2

Similar to Case Study 1, study 2 requires that the customer enter their payment only via telephone keypad.  The call is split at the network perimeter and the encrypted DTMF tones are re-directed to an offsite service that processes the payment.  This solution requires a device to be installed in front of the PBX.  The agent never sees nor hears payments and the PeepSafe portal can read that tokenization data and ensure that no cardholder data is re-introduced into any internal application or CRM system whilst enabling the agent to continue with their current business practices with very minimal process changes or integrations.

Key Features of PeepSafe Voice

• De-scopes the desktop of any contact / call center
• Customers enter card data using their telephone keypad
• Cardholder data is encrypted, then passed into the agent PC, and automatically inserted into a virtual terminal within PeepSafe where it is masked from the employee
• Within this secure (and PCI DSS compliant) environment, card details are decrypted, the payment authorization is made and the agent sees the standard confirmation code, message, etc
• Employee and their desktop do NOT handle payment card data and can be considered out of scope for PCI DSS
• Voice mails are encrypted and stored within PeepSafe