Call centres are extensively used by service providers in delivering services to, and communicating with, customers. Call centres typically comprise a large group of staff members taking or making telephone calls with customers. Call centres commonly implement two key pieces of technology to aid in staff training, customer complaint management, or record-keeping. These are call recording technologies, where an audio recording of the customer conversation is kept, and screen recording technologies, where a video or static snapshot of the staff member's computer terminal is kept.
Each year, millions of people telephone call centres to make service enquiries or financial transactions, or issue instructions to companies they deal with. In many cases, the customer is either required to confirm his identity by providing the answer to security-based questions, or to provide his credit card details to pay for a transaction. As will be appreciated, the nature of much of this information is highly sensitive. In particular, the information can include passwords, personally-identifiable information such as a date of birth, a PIN, a memorable phrase, bank account numbers, credit card security codes and the like.
Data and identity theft, as well as fraudulent financial transactions, are widespread, and so it is of particular interest to the caller to keep secret as much of the information as possible. Disclosing personally-sensitive financial or other security information to a call centre staff member has the potential to increase personal data loss in a number of ways. Firstly, the call centre staff member can write down the customer's information for later use. Secondly, anybody with access to an audio recording of the customer conversation can listen to the customer information and note it down. Thirdly, anybody with access to a screen recording taken at the time the customer's information appeared on a call centre staff member's computer screen could note it down. Fourthly, technology exists to automatically ‘mine’ audio and screen recordings for customer information, and data loss through this mode has the potential to be widespread.
As a result of these increasing security concerns, some governments have enshrined data storage security standards in law, and some industry bodies have enacted their own guidelines surrounding the storage of personal data. One example is the Payment Card Industry (PCI) Security Standards Council, which issues guidelines for the processing and storage of credit card data, globally. Their Data Security Standards (DSS), periodically updated, dictates the methods and ways in which companies processing credit card data (including telephone-based credit card transactions) can store card and personal data. Regulations and guidelines such as these have a direct impact on call centres which take customers' sensitive data in telephone conversations. For example, the DSS stipulates that the 3 or 4 digit Card Verification Value (CV2—sometimes also known as CVN, CW2, CVC2 or CID) not be stored in any format, including as encrypted audio recordings.
FIG. 1 schematically shows a prior art call centre operation 100. A call from customer 104 is routed over a network 112 to the call centre 102, where it is switched by private branch exchange (PBX) 108 to a phone 105 of one of a number of call centre agents 120 operating computer terminals 106. The incoming call is also branched off to a call recording device 110, which can be located at the call centre or at a telecom service provider in the network 112.
A known approach to improve the security of a customer's interaction with a call centre is to introduce a pause recording capability that can be invoked while the sensitive information is being spoken to the agent. The pause can be manually or automatically triggered, for example when the agent clicks on the CV2 field on his monitor to enter the caller's credit card security number. Alternatively, the agent can be bypassed by routing the call to an Interactive Voice Response (IVR) application (not shown in FIG. 1) when the sensitive information is required, which ensures that this part of the call is not recorded. However, in this mode, the agent and caller are disconnected from each other and are not able to talk freely throughout the card transaction. Another alternate method, turning off the recording, is not always practical, as most organisations carrying out credit card transactions need to record calls for staff training, investigating customer complaints, and in some circumstances to comply with industry or legal regulation such as those laid down by the Financial Services Authority (FSA).
Another known approach is to have callers use Dual-tone multi-frequency (DTMF) signalling. DTMF tones are typically produced by pressing the keys on a standard telephone, and are used for ‘touch dialing’. In addition to its use for dialing, DTMF tones can communicate several alphanumeric characters clearly through a telephone's audio channel during a phone call. DTMF has the security advantage that it is impractical for a human to determine the alphanumeric equivalent of the DTMF tone simply by hearing the DTMF tone. Furthermore, it allows the call to continue as normal whilst the caller enters their credit card information using their phone keypad. However, the DTMF tones are representative of the sensitive information and so cannot be recorded if the DSS is to be complied with. To address this issue, it is known to introduce a call processor 116 at the call centre 102 that blocks DTMF tones.
For example, International Patent Application WO 2009/136163 (Semafone Limited) describes a telephone call processor with the capability to be switched between two modes: “normal” and “safe”. In normal mode both voice and DTMF components are allowed to pass to the PBX. This is important for the operation of call centres, as DTMF tones are used frequently, to allow customers to operate and navigate through IVR menu selections, for example. In the safe mode the voice component of the call is allowed to pass to the agent whilst the DTMF component is blocked or masked. This means both the agent and the call recording do not ‘hear’ the DTMF data.
The process of switching between a ‘normal’ and ‘safe’ mode, however, can require a complex interaction between a call centre's phone system, its credit card payment processes and its agents' desktop computers. A need therefore exists for improved methods and apparatus that do not rely on invoking different operating states at different times during a call.