Credit card fraud is an ongoing concern for both businesses and customers. Hundreds of thousands of financial fraud reports are recorded annually, with people finding themselves victims of erroneous charges or even worse, identity theft. And while those who would illicitly access financial data online are encountering new protective measures, others are trying a new tactic: telephone conversations.
It has become common, even standard practice for businesses to record calls with customers for quality assurance purposes. But while a manager may be listening to a recorded conversation to ensure a sales rep is script compliant, someone else may be hacking into that company’s database to access the Personally Identifiable Information (PII) contained in the recording. In order to protect Cardholder Data (CD) and Sensitive Authentication Data (SAD), businesses must adhere to Payment Card Industry Data Security Standards (PCI DSS). Here are a few ways to prevent credit card fraud with speech analytics:
A Non-Recorded Line for Call Segments Containing CD/SAD
To avoid capturing sensitive personal information entirely, there is the option for a business to have agents transfer a call at the point where CD/SAD will be shared to another agent on a non-recorded line. Once the information (payment or otherwise) has been exchanged, the caller can then be transferred back to the original agent, and the call recording can continue. This protects the sensitive personal data in case of a security breach. Not recording personal data is considered a first line of defense in protecting your customers’ data.
A Third-Party Payment Processor
Many companies transfer their calls to an outsourced PCI compliant payment processor to protect CD/SAD. This allows the company to remain completely amenable with PCI DSS requisites. It also guarantees the security of both the customer’s and company’s information. A third-party payment processor is another first line of defense when safeguarding sensitive data.
Blocking CD/SAD with a Call Recording Vendor Service
Similar to the previous solution, a call recording vendor service dynamically stops recording when CD/SAD is mentioned in the conversation. This solution needs to be 100% automatic to ensure audio recordings are completely PCI-compliant. With a call recording vendor service, businesses are able to guard the spoken word along with stored electronic data from credit card fraud or other illegitimate activities.
A Redaction Solution
Many call monitoring providers offer a redaction solution within an automated quality monitoring technology. A redaction solution automatically silences or redacts those moments in conversations where CD/SAD are found, or otherwise redacts the information from the recorded conversation. It is worth noting that this type of solution relies on the quality of the recordings’ audio sources and the recording equipment.
Because of the potential poor quality of the audio recording, a post-call redaction solution by itself may not be fully PCI-compliant. Utilizing speech analytics is most effective when paired with one of the three previous solutions. So, before sending recorded calls to a speech analytics vendor with redaction, companies should first use one of the other options. Doing so will provide better protection against financial or credit card fraud.
However it is achieved, preventing financial fraud is a non-negotiable requirement of businesses that record their phone calls. Using these tips protects both businesses and customers from nefarious activity.