When we think about data breaches, the mental image is of a literally silent crime: hackers surreptitiously extracting payment card or personal data from online purchases, or someone sneaking away from a store’s point-of-sale with a device that has recorded the data from that day’s card transactions.
It’s easy to forget that many transactions are still conducted by voice — over the telephone with call center agents. In some retail verticals, as many as 20% to 30% of calls contain sensitive financial information, according to mobile advertising analytics firm Marchex. Safeguarding the sensitive information exchanged during these purchases involves deleting or masking the payment card numbers that are shared by customers.
Because these calls frequently are recorded, however, challenges can arise with trying to “scrub” only the credit card data while leaving the rest of the call intact. Retailers value these recordings because they:
• Provide an objective record of what was said by both parties, useful for dispute resolution;
• Allow the retailer to more easily analyze overall call center operations as well as the performance of individual agents; and
• Give managers real-world, real-time examples that allow for more effective training and skills coaching.
Technology solutions that simply bleep out any digits said aloud are problematic, since many conversations involve a wide range of numbers: the number of items being purchased, the number of days shipping will take, the item size, addresses, zip codes, etc.
Customers’ Trust At Stake
Ensuring customer data remains secure is vital to all retailers but it is particularly important to tour operator YMT Vacations. The company, operating since 1967, organizes trips to iconic destinations around the world and markets them to retired and semi-retired people for whom such a trip might cost anywhere from 5% to 10% of their annual income.
“One of our key value propositions with customers is that they can trust us,” said Tom Garrett, VP of Marketing for YMT Vacations. “If we take you to the other side of the world and put you in a nice hotel, you can trust that it will actually represent a good value to you. We have a lowest price guarantee, so if customers find a matching trip and itinerary for a lower price than we offer, we will match the competitor’s price and add in 10% of the difference.”
YMT’s business imperative around maintaining its customers’ trust is a big reason the company welcomed new security functionality from Marchex Call Analytics. The technology uses voice stream pattern recognition and machine learning techniques to detect and perform real-time redactions of credit card numbers being read aloud. This sensitive data not only isn’t recorded, it’s not even audible to those listening in real time (e.g. to managers monitoring calls or trainers coaching new employees).
Maintaining Security With A High Volume Of Phone Transactions
The credit card number redaction feature, which YMT Vacations has been beta testing since this summer, also was attractive because of the volume of financial transactions its call center agents handle. This is mostly a function of the company’s customer demographics, which skew older.
“Our customers are happy to do research on the Internet, but when it comes down to making the spending decision, they want to talk to a human being, ask questions and transact in person over the phone,” Garrett explained. “It’s a bit archaic, but I would say that 99% of our transactions are conducted this way.”
YMT’s call centers employ 20 travel consultants and six guest services agents. Call volumes range from 100 to 300 calls per day. “Our average call length is six to seven minutes, but those involving transactions can be 15 to 20 minutes long,” said Garrett.
Prior to using the Marchex solution, YMT addressed data security issues with custom programming that provided a “mute” button that agents clicked when customers started sharing sensitive information. Problems arose because agents sometimes forgot to un-mute after the credit card numbers were read aloud, meaning the rest of the call went unrecorded.
“You can imagine that if you have 26 different people following this process, the likelihood of error is high,” said Garrett. “This would mean we were not able to listen to the call in order to properly conduct coaching.”
The automatic aspect of the new call redaction feature means only truly sensitive data goes unrecorded. The Marchex solution “listens” not only for the sound of people reading digits aloud, but the particular cadence of saying one’s credit card number, including pauses and other aspects of vocal timing.
YMT already had been using Marchex Call Analytics when it began beta testing the new security feature; Garrett had deployed the solution at previous companies he worked for. When he started at YMT a year ago, the company had no management system in place for its toll-free numbers.
“They had been using less than 30 numbers, and right now we’re at 400 numbers, which we can monitor with both efficiency and effectiveness,” said Garrett. YMT had not asked specifically for the call redaction security feature, but the company was happy to test and now implement it: “It’s really been a great help to us,” he said.