Everyone talks about moving to the cloud, and doing so can certainly deliver benefits in a contact center environment. It creates ease of scalability and heightens the security of callers’ personally identifiable information (PII) against external threat actors, such as fraudsters, as well as internal ones — that is, agents who could potentially use that sensitive information for nefarious purposes.
However, for companies that have invested years and dollars building their own systems around the particular requirements and flows of their business, the migration becomes much less attractive, as those things can be difficult to duplicate in the cloud.
For companies in this position, migrating to the cloud calls for a total system overhaul, and that’s neither cheap nor easy. And if the company wants to duplicate its former requirements and flows in its own private cloud, that adds even more expense and effort to the transition.
IntraNext CEO Patrick Brown said software is the answer to serving those long-established businesses as they are, rather than forcing them to rearchitect entire call centers by moving to the cloud.
Brown said IntraNext has been awarded a U.S. patent for a sensitive data protection software. The CEO told Karen Webster how it works, what makes it different from other products delivering a similar endpoint and why it’s a viable alternative for companies that aren’t ready to (or can’t afford to) migrate to the cloud.
The Unique Solution
The patented PII Data Protection Appliance enables VOIP contact centers to secure PII data at the point of entry without disrupting the telephony voice path. With the new patented appliance, PII data — such as credit card numbers, Social Security numbers and birth dates — can be safely extracted from telephone interactions between telephony systems, customers and call center agents, enabling contact center agents and workstations to be free of PII data exchanges.
In addition, the appliance makes it possible to descope premise-based interactive voice responses (IVRs) for PCI DSS compliance initiatives.
Brown said, “The patent reinforces our commitment to data security in [a] contact center environment, while preserving our customer’s infrastructure investments.”
The Customer’s View
IntraNext takes a no-interrupt approach that enables the caller and agent to continue interacting while data is being entered by the customer.
Thus, said Brown, there’s no impact to the flow of conversation — instead, a call center agent simply asks a customer to enter the sensitive information via telephone keypad, explaining that this is being done for the caller’s security. The customer can type and talk or listen simultaneously.
Brown said not only is this method more secure, it’s also faster and more accurate than having callers recite their data, preventing potential mishearings.
Plus, he added, avoiding vocal recitation of PII can protect customers who are not calling from the privacy of their own homes. If customers call from a shared office space or while riding public transit, bystanders or eavesdroppers could easily pick up any PII they say out loud.
The Agent’s View
The agent never hears the caller’s Social Security number, credit card information or birthdate. He never even hears the audio tones associated with the numbers the customer is pressing — the tones are either muted or normalized so they all sound the same.
Previously, those tones required a pause-and-resume process for recording systems, said Brown. The leading switches didn’t inherently offer the ability to alter the tone. For IntraNext with this new appliance, the secret sauce is the ability to transform all PII into abstracted, flat or even silent audio tones so they can’t be deciphered or duplicated.
And that doesn’t stop at audio, Brown added: Anything displayed on the agent’s screen is either shown with pound signs in place of the numbers or is illustrated with a progress bar that lets the agent know when to prompt the next entry — say, asking for the caller’s two-digit month and two-digit year of expiration after the credit card number has been typed.
Behind the Scenes
Information is encrypted and can be tokenized, through vendors like TokenEx, as soon as it enters the system, Brown explained. Providing the ability to tokenize data at the point of capture limits vulnerable data exposure within contact center systems and networks.
IntraNext holds onto all PII, while the agent sees only the customer’s name, account number and the amount she owes.
When it’s time to process the payment, the agent submits it to IntraNext’s process (residing in the call center’s data center), and it is IntraNext — not the agent or the company he or she represents — that forwards it to the credit card processor.
Brown noted the token can be reintroduced to the network in this way without raising PCI compliance concerns, since no actual information is being shared.
Other Roads to Rome
There are a handful of similar solutions on the market today; however, Brown said each of these players is taking a different approach. One is tackling the challenge from the carrier’s side, while another is device-driven at the desktop. None of the others are leveraging a software/data interaction like IntraNext, he said.
The CEO said IntraNext already has a product, iGuard™, that protects callers while sensitive information is being shared. However, that product uses existing automatic call distribution (ACD) interfaces, whereas the company’s just-patented software supplements iGuard™ in VOIP environments. A unique feature of the patented appliance is that PII can be extracted without requiring a physical interrupt to the voice call. The PII Data Protection Appliance may be placed upstream from call processing systems, eliminating the transmission of sensitive data further into a contact center’s infrastructure.
Brown explained this moves the call closer to entry into a specific data center, removing opportunities for risk along the way.
“Whenever contact centers can effectively prevent PII from unnecessary exposure, data security and fraud prevention measures can be positively impacted,” Brown said.
Another Cloudless Day
Expense is a top concern when organizations think about migrating call center operations to the cloud — and the more established the company, the harder and pricier it will be. Transitioning to the cloud is basically like throwing away everything the company has already invested in and starting from scratch.
“Customers are looking for ways to keep investment in premise-based equipment viable,” Brown said. “With software, you can do everything the cloud promises but keep it in your own environment.”
Brown said time and money aren’t the only considerations for organizations contemplating this type of software. If they’re using a hardware-based appliance that’s becoming difficult to service or find themselves relying on a high volume of outsourcers, Brown said software could make things a lot easier.
He said that’s especially true for work-at-home agents, which many call center employees are — and he expects the number will only continue to grow.
With premise-based software versus the cloud, Brown concluded, organizations can make their own decisions about whether to migrate — and having a true alternative enables them to hold out as long as they want before having to move to an external store.