When it comes to taking card payments over the phone, call centres must put in place a range of measures in order to stay compliant with PCI DSS, the Payment Card Industry Data Security Standard.
The risk, of course, is that credit/debit card details given in good faith by the customer are scribbled down or otherwise recorded by the agent and later used fraudulently.
A popular solution is for call centres to operate a ‘clean room’ environment, from which pens, paper and mobile phones are banished – but as well as making for a pretty spartan, even bleak working environment, this approach clearly can’t be imposed on homeworkers.
This was the challenge facing the Royal National Institute of Blind People (RNIB), the UK-based charity that provides care and guidance to people affected by sight loss. A team of around 140 home-based telephone fundraisers (TFs) are vital to its ability to collect donations, but until mid-2016, this team wasn’t able to take card payments over the phone, relying instead on donors being prepared to fill in and mail back a donation form or send a cheque.
Fundraising from home
Today, this team alone raises some £300,000 (around $430,000) each year in card payments, using technology from a company called Semafone, according to Catherine Lloyd, senior telemarketing manager at the RNIB:
With our team consisting of homeworkers, compliance was a big concern which held us back from raising as much as we might. As an organization, we can’t afford to lose donations or supporters, simply because we can’t process payments. But with Semafone, we can meet our data security requirements under PCI DSS while at the same time reinforcing to our donors that we take the security of their data seriously.
What Semafone offers is a system that enables shoppers (or in this case, supporters) to input payment card details using their telephone keypad. This process relies on dual tone multifrequency (DTMF), a signalling system based on a standard set of tones generated by pressing the keys on the keypad.
Semafone then works by obscuring the numbers from the agent on the other end of the line using DTMF masking. All the agent sees on their screen is a series of prompts, to ask the supporters for their 16-digit card number, expiry date and the three-digit CVV number on the reverse. Payment card numbers are sent directly to the payment service provider (PSP), completely bypassing the RNIB’s own IT systems. Similar technology is available from specialist call-centre suppliers such as Syntec and Callguard.
Trained via screen-sharing
The system went live in August 2016 to a small pilot team but was rolled out to all 140 members the following month. Since they are all home-based, training on the system was carried out using screen-sharing on Skype for Business, says Lloyd, and the adjustment has been very smooth. Supporters are happy too, she adds:
They’ve been impressed with the difference made by having a secure payment method via the phone; they have reported being happier with not having to verbally supply their card details when paying using the telephone. Many donors are elderly, while some are blind or partially sighted, so the simplicity of Semafone’s solution has been essential for the charity as we wanted to make it as easy as possible for them to support the work we do here at RNIB.
When UK charities are ranked by donation, the RNIB falls within the Top 30, just behind the National Trust and just ahead of the Royal British Legion. In other words, it’s a pretty sizeable organization and, as it starts to think bigger in terms of home working, says Lloyd, it’s likely that the Semafone technology could be rolled out to other parts of the organization:
Our data protection and compliance people at the charity have been watching our project’s progress with interest. It’s filled such an important gap for us that it seems very likely that it could do the same elsewhere.