Semafone, a provider of data security and compliance solutions for contact centers, today released a hosted version of its flagship Cardprotect secure payment software and a suite of managed customer-premises equipment (CPE) services for its North American contact center customers.
"As with our U.K. hosted solution, this new delivery option will give our North American customers a quicker path to descoping their contact centers for the [Payment Card Industry's Data Security Standards], while preventing fraud and protecting organizations from the detrimental effects of a data breach," said Tim Critchley, Semafone's CEO, in a statement. "By completely removing payment card data and offloading the infrastructure and network architecture onto Semafone, the total cost of ownership will be significantly reduced, and contact centers can focus on conducting their core business. Companies can easily scale the solution as they grow, providing their customers with a seamless, uninterrupted customer experience."
In addition, Semafone's new suite of managed CPE services allow companies to take their entire networks out of the scope of PCI DSS compliance and experience faster, more flexible implementations of Cardprotect.
Contact centers can select from one or more of the following managed services:
- Managed Session Border Controller (SBC): Semafone will locate Cardprotect upstream of the customer's telephone network so the SBC only receives telephone traffic with card data removed.
- Managed Access: Semafone will implement a direct, secure, and managed data connection to its system for all access traffic. This approach eliminates concern for VPN access and descopes customer firewalls.
- Managed Hardware: Semafone will supply, install, and directly manage all on-site CPE elements, including the SBC.
Semafone's managed CPE services supplements its flagship Cardprotect solution's hosted and on-premises versions. Cardprotect descopes contact centers from PCI DSS by keeping payment card data and other numerical personally identifiable information (PII) out of business infrastructures. When customers enter their payment card numbers via their telephone keypads, dual-tone multi-frequency (DTMF) tones are masked with flat ones so the PII is never exposed to agents, customer service representatives, or nearby eavesdroppers, or logged in call recording systems. CSRs remain on the line in full voice communication with the customer throughout the transaction, and card data is sent directly to the payment processor, never touching the contact center's network.
"Complying with the PCI DSS is extremely complicated, costly, and time-consuming for contact centers. While Cardprotect ensures a company's entire infrastructure downstream of the solution is out of scope, we wanted to offer additional ways to reduce the complexity of securing and maintaining PCI controls upstream of our software," Critchley added. "Data security and compliance are more important than ever, especially in contact centers who hold large volumes of PII, a known target for hackers. With more flexible deployment options and our new managed services, contact centers can implement Cardprotect according to their specific business requirements, thus protecting their data, their customers, and their company's reputation."