Identify and remedy potential PCI breach

Reference case

Xdroid’s advanced VoiceAnalytics helps customers identify and remedy potential PCI compliance breach.

Following the installation of a new telephone system and call recorder, Pennine was approached by a contact center customer who wanted to ensure their agents were correctly following PCI compliance procedures and correctly suppressing call recordings when taking payment card information.
Using Xdroid’s VoiceAnalytics, Pennine took a month’s worth of call recordings (which were pulled from the Red Box recorder automatically after API integration). These calls were processed and scanned for specific non-dictionary words and phrases to identify incorrect suppressed calls.

A total of 54203 calls (2113 hours) were analyzed in approximately 48 hours, using swarmed servers (taking additional compute power from cloud-based servers and applying that power to the instance that needs it to process large amounts of data rapidly).
By creating a custom report within Voice Analytics, a set of specific criteria was generated to identify potential breaches. By scanning these calls for specific, PCI related words or phrases such as expiry date, card number, Visa, and Mastercard, etc., Pennine isolated specific calls that were potentially in breach of PCI rules.
After process completion, a total of 246 calls that met these criteria were found. Although this is only a small percentage of calls (less than 0.5%), the potential impact on the customer could have been massive.

The output of the Voice Analytics custom report provided an overview of the calls, broken down by day and by agent, the included call details allow for playback of the subset of calls.

By providing the customer with this information, they were able to quickly identify the most prolific agents and offer immediate support and training. The customer was then able to further effectively manage the situation by manually analyzing a far smaller and manageable set of calls.
It showed that agents were suppressing the calls in most cases, but they were not aware that the suppression automatically timed out after a certain period. Initiating suppressions too early led to a re-enabled recording before completing the transaction.
Further agent education around this issue was added to the training regime.

In a small set of calls, several false findings came to light. This owed to a promotional campaign that had been running in conjunction with one of the card-providers in the previous months, VoiceAnalytics picked up the providers name and included these calls in the results.
Following the completion of the remedial work, Pennine’s customer was able to use the GDPR compliance module to remove the calls that breached compliance.
Running the same report for the month after, showed a significant improvement already. Following remediation work and further agent education, calls meeting the report criteria reduced massively, to less than 0.25%.
As well as all the other functions and features that Xdroid’s VoiceAnalytics has brought to this particular customer, being able to search for specific items in a call granularly, proved invaluable. They now use the system to positively demonstrate the effectiveness of marketing campaigns by scanning for specific product and vendor names in order to gain additional marketing funding, turning a previous ‘cost’ into a revenue generation tool.

 

Latest News