Mail order/telephone order (MOTO) processing is increasingly ubiquitous, and merchants often accept payments over phones via a call center environment. Cardholder data is often received by a call center as a customer reads credit card data to a call center agent, or as a customer enters data through a keypad.
Such a process may be vulnerable to account data compromise, where the data may be used for fraudulent transactions. For example, call center agents could record, copy, or compromise cardholder data. Other security risks could be introduced by malware on desktop apps that can log keypad entry, for instance, as a call center agent enters received data. Further, as Voice over IP (VoIP) calls gain popularity, VoIP may become increasingly susceptible to security attacks. For example, tools exist for third parties to eavesdrop on VoIP calls. Threats to MOTO IVR operations may also take the form of information harvesting (e.g., algorithms that guess cardholder data), injection (e.g., fingerprinting, affecting, or crashing VoiceXML servers supporting IVRs through the input of spoken words), or crashing/affecting DTMF processing software in IVRs. Consequently, merchants are under pressure to be in Payment Card Industry Data Security Standard (PCI DSS) compliance, even as PCI compliance requirements increase in scope.
Meanwhile, security features are continually being developed. For example, “tokenization” is a means for replacing sensitive data with a “token” of data that may be non-decryptable or non-detokenizable by the merchant or other tokenization users (e.g., because they require third party decryption). Merchants, for example, might not ever store sensitive data themselves, thus enhancing data security.
Thus, a desire exists to remove cardholder data from call center environments, including call recording systems, agents, and desktop applications. In particular, DTMF tones may pose a security risk in that they align to a frequency standard, meaning, each tone corresponds to a specific and finite number that can be quickly reverse engineered back to clear text. Attackers can determine clear cardholder data simply via access to DTMF tones associated with the underlying cardholder data. Accordingly, a desire exists to remove DTMF data from call center environments. A desire may further exist to remove DTMF data from merchant Card Data Environments (CDE). A solution is needed that will secure DTMF tone input and provide secure transmission of cardholder data, while maintaining customer-agent interaction and expedience in a call center workflow.