1. Field of the Art
The invention relates generally to a telephone call processing system and a method of processing telephone calls, and in particular to systems and methods that facilitate secure transmission of sensitive information during a call between a caller and an agent such that the agent does not receive the sensitive information.
2. Background
Call centers are typically large facilities of telephone operators or ‘agents’. These centers are provided by organizations that want to interact with existing or prospective clients and customers. A call center agent normally interacts with a client or customer by taking or making telephone calls. It is common practice for the call centers to record client conversations, and for information taken during the call to be relayed to, entered into and stored in a server associated with the call center.
One use of call centers is to provide services to the public that allow payment for goods and services via telephone calls. Each year, millions of people make purchases through agents in telephone call centers, often including high value transactions. For example, family holidays and financial products are often purchased over the telephone. In these transactions, the caller is required by the agent to provide certain pieces of sensitive information in order to confirm his or her identity and/or to complete the purchase. In particular, the sensitive information can include one or more answers to security questions, a password, a date of birth, one or more bank account numbers, and debit or credit card details including the primary account number (PAN), start date, expiry date, and the card security code (e.g. CV2).
It is an unfortunate fact of life that wherever people have access to sensitive information, it will be misused. Data and card fraud perpetrated by call center agents, as well as fraudulent financial transactions are well-documented problems that need to be addressed. By divulging identity and/or financial information to an agent for processing a transaction through a call center, a caller puts themselves at risk of having that information stolen by the agent and used for nefarious purposes. Other threats exist from hackers gaining access to an agent's computer or a call center network, or eavesdroppers intercepting a call to an agent. Thus, data stored in call recordings, or sent by a caller to an agent may also be at risk from theft by third parties. In order for the industry to flourish, it is essential that clients and customers calling a call center are able to trust that their sensitive information is not at risk.
To address card fraud, the payment card industry established a number of data security standards. One example is the Payment Card Industry (PCI) Data Security Standard (DSS) which provides periodically updated guidelines for the processing and storage of credit card data. In particular, the PCI-DSS specifies the ways in which companies that handle credit card data (including telephone-based credit card transactions) are permitted to store information. All merchants, globally, are expected to comply with the PCI-DSS, and so these regulations have a direct impact on call centers that receive sensitive information during telephone calls.
Several known systems exist to allow call center agents to take debit or credit card payments over the phone without the caller having to read out sensitive card details (e.g. primary account number (PAN), start date, expiry date, the card security code (e.g. CV2)) to the agent directly. These systems typically require the caller to enter the card details using a ‘touch-tone’ keypad, which encodes the details using dual-tone multi-frequency (DTMF) signaling. DTMF has been established for decades and, as would be familiar to a skilled person, can be used to communicate some alphanumeric characters (i.e. the digits 0-9, *, #, and the characters A-D) through a telephone audio channel during a phone call. The DTMF tones used to encode the caller's card details can then be decoded by a call processor and transmitted to a payment processing system.
DTMF offers a basic level of security that represents a significant improvement over a caller speaking his or her card details to the agent. However, it is a long way from assuring customers that their sensitive information is not at risk. DTMF is easily decoded by conventional and readily available systems. Accordingly, a determined agent or third party would even be able to steal card details transmitted by DTMF, simply by obtaining or copying the signal that is recorded and stored by the call center and then by employing a DTMF decoder offline to reveal the digits. Thus, the use of DTMF alone was quickly found to be insufficient for establishing a robust data security system.
Various solutions have been adopted in the past, typically involving blocking DTMF tones from being passed to the agent or call recording apparatus. This typically involves one of two processes: DTMF clamping, in which the DTMF tones are removed from the speech path by means of a digital signal processor, or DTMF masking, in which other tones are played to the agent at the same time as the callers DTMF. Both processes claim as a benefit the fact that continuous speech interaction between the caller and the agent is possible during the process.
There are a number of problems with these approaches. Firstly, both suffer from a problem known as DTMF bleed through. This stems from the small delay required (20-40 ms) to register the fact that a DTMF tone is being played before the masking or clamping function can be invoked. The result is a series of very short bursts of DTMF passing towards the agent and the call recorder which, with sufficient care and equipment, can be used to reconstruct the card number being entered by the customer. Secondly, many customers tend to verbalise the individual digits of their card details while keying them into the phone. Thirdly, equipment must typically be installed in the contact center to perform either DTMF clamping or DTMF masking. Such a system requires regular security audits, due to the sensitive nature of the data that it processes. These audits greatly add to the cost of maintaining the solution, and the contact center itself is still burdened with the physical security of the equipment.
The present invention aims to overcome these disadvantages, without sacrificing usability, and preferably reducing operating costs at the same time.