Carnival UK

Making Cruise Company's Call Recordings PCI Compliant

Carnival Corporation & plc, headquartered in Miami, is a global cruise company and one of the largest leisure companies in the world. They were looking to implement a proven PCI DSS compliant solution across their contact centre that would ensure further enhancements to customer data security.

Carnival Cruises has a reputation for progression and innovation. Its cruise brands include the well-known names of P&O Cruises, Cunard Line, Princess Cruises, Seabourne, P&O Cruises Australia, Holland America Line and Carnival Cruise Lines. Carnival Corporation's UK arm Carnival UK, is based in Southampton where its large 250 seat call centre manages calls and bookings from both customers and agents, relating to several of their cruise brands.

Within this busy operation, agents take payments from customers by telephone. As Carnival UK records all of their calls and PCI DSS guidelines prevent the storage of credit card data in recorded calls, they were looking to implement a proven solution that would ensure further enhancements to customer data security.

The solution had to remove customer card details from voice system recordings and:

  • be compatible with Carnival UK's existing call recording system,
  • have no effect on Carnival UK's green-screen reservation system
  • manage screen recording as well as call recording and
  • be rolled out quickly and smoothly, causing minimal impact on the business.

Working with Carnival UK's IT team CallGuard was installed as an overlay to their exsisting IT infrastructure. The Filter was installed alongside their existing call recording system and USB Decoders were implemented at every agent's work terminal.

Together they allow customers to communicate their payment card details by using the telephone keypad during the course of a call. CallGuard makes any call recording system PCI DSS compliant by stopping the recording of sensible data through detecting and blocking DTMF tones. Datashield obscures card data with asteriks on screen which means that payment data cannot be accessed, viewed or copied in any way.

The solution was implemented quickly and smoothly without requiring changes to existing IT and telephony systems; furthermore, staff training was minimal and delivered remotely through WebEx. CallGuard has further secured Carnival UK's busy contact centre, which in turn has quickly become PCI DSS compliant, boosting customer confidence in their payment system.

The team was responsive to our needs throughout the project. They were flexible in their approach, and communicated progress at regular stages meeting all the challenges we set.
Ross Hiddlestone, IT and Compliance Manager, Carnival UK