Semafone, a provider of data security and compliance solutions for contact centers, today announced two product updates for North American customers: a hosted version of its flagship Cardprotect secure payment software and a suite of managed customer-premises equipment (CPE) services.
Semafone’s patented Cardprotect solution addresses contact center data security for card-not-present (CNP) transactions and compliance with the Payment Card Industry Data Protection Standard (PCI DSS).
“As with our U.K. hosted solution, this new delivery option will give our North American customers a quicker path to descoping their contact centers for the PCI DSS, while preventing fraud and protecting organizations from the detrimental effects of a data breach,” said Tim Critchley, Semafone CEO. “By completely removing payment card data and offloading the infrastructure and network architecture onto Semafone, the total cost of ownership will be significantly reduced, and contact centers can focus on conducting their core business. Companies can easily scale the solution as they grow, providing their customers with a seamless, uninterrupted customer experience.”
Semafone’s new suite of managed CPE Services allows enterprises to take their entire networks out of the scope of compliance for the PCI DSS. By deploying managed CPE services, customers can experience faster, more flexible implementations of Cardprotect, while streamlining compliance and reducing capital expenses.
Contact centers can select from one or more of the following managed services to create a CNP data security solution that meets their specific business needs:
Managed session border Controller (SBC): Semafone will locate Cardprotect upstream of the customer’s telephone network, so the SBC only receives telephone traffic with card data removed. This takes the SBC completely out of scope for PCI DSS controls.
Managed Access: Semafone will implement a direct, secure and managed data connection to its system for all access traffic. This approach eliminates concern for VPN access and descopes the customer’s firewall.
Managed Hardware: Semafone will supply, install and directly manage all on-site CPE elements, including the SBC. This reduces the need to dedicate time, people and resources to these tasks, therefore, cutting costs.
“Complying with the PCI DSS is extremely complicated, costly and time-consuming for contact centers,” Mr. Critchley added. “While Cardprotect ensures a company’s entire infrastructure downstream of the solution is out of scope, we wanted to offer additional ways to reduce the complexity of securing and maintaining PCI controls upstream of our software.”
Cardprotect descopes contact centers from PCI DSS by keeping payment card data and other numerical personally identifiable information (PII) out of business infrastructures. When customers enter their payment card numbers via their telephone keypad, dual-tone multi-frequency (DTMF) tones are masked with flat ones, so the PII is never exposed to agents, customer service representatives (CSR) and nearby eavesdroppers, or logged in call recording systems. CSRs remain on the line in full voice communication with the customer throughout the transaction, and card data is sent directly to the payment processor – never touching the contact center’s network.
“Data security and compliance are more important than ever, especially in contact centers who hold large volumes of PII, a known target for hackers,” Mr. Critchley explained. “With more flexible deployment options and our new managed services, contact centers can implement Cardprotect according to their specific business requirements, thus protecting their data, their customers and their company’s reputation.”