Tokenizing Card Numbers in the Call Center

by Mercator Advisory Group 0

PCI requires that every source of credit card numbers be secured. The call center, where live agents talk to real people with active card account numbers, is one of those sources. This announcement couples Semafone’s IVR systems with nuBridges tokenization engine. The accountholder enters the card number (via the telephone keypad) into Semafone’s IVR and the call center operator never sees the full card number – thanks to nuBridges tokenization routines. No doubt more than a little process reengineering is required, but the results reduce PCI scope for a particularly sensitive customer touch point. It just won’t do to have a call center employee be the source of either a data breach or a card number scam.

Semafone’s dual-tone multi-frequency (DTMF) technology works by allowing customers to enter credit card data via their telephone keypad instead of speaking it over the phone. The data is masked by the software and sent directly to the payment portal, which means the customer service agent does not hear it, does not see it and cannot repeat it. Moreover, the information is not held on the organisation’s database systems, which significantly reduces scope for PCI compliance and annual audits. The Semafone technology platform was named the 2010 European Call Centre Product of the Year.

nuBridges Protect Token Manager is part of nuBridges Protect, the industry’s first data security software solution to combine Format Preserving Tokenisation with strong local encryption, centralized encryption key management and logging in one platform-agnostic package. nuBridges Protect is designed for organisations that need to protect payment card numbers as well as volumes of personally identifiable information (PII) and electronic health records (EHR) from theft and accidental loss while reducing complexity and simplifying compliance management for data security standards and privacy laws.

Read the press release here: