Taking Customer Data (including card payments) by DTMF
Using CallGuard, contact centres should take as much sensitive customer data as possible via DTMF.
What is DTMF? Is it widespread?
DTMF stands for “Dual Tone, Multi-Frequency”. It’s a universal standard for sending digits (and some other characters) over the phone. DTMF is built into every modern telephone - home, office or mobile.
Is DTMF widely used to take information from customers?
Absolutely. Tens of thousands of companies use DTMF to take card payments, PINs and other sensitive data from their customers, including:
- Cinemas and entertainment venues
- Banks and credit card companies (often used as a security measure prior to talking with a staff member)
- Insurance companies
- Cable and satellite television companies
- Healthcare organisations
Why take sensitive data from customers using DTMF?
Because it’s much more secure, and gives customers more confidence that their data is being protected.
Also, taking card details by DTMF can decrease your average call handling time (AHT), as agents do not 'read back' a customer's card details to them (i.e. since they can't see the card details, they can't say "1234 (pause) 1234 (pause)" etc. after each series of digits the customer reads to them.
The possibility of errors occurring is also reduced as there is only one phase of data entry:
- without DTMF: the customer reads out the data and the agent types it in (two chances for error)
- with DTMF: the customer types in the data (one chance for error).
Why are DTMF card details more secure than spoken card details?
Sending sensitive data such as credit card numbers as DTMF has a clear security advantage: DTMF can’t be easily understood by humans, but it is very easily detectable by phone systems or computers.
Therefore, sensitive information can be isolated from both call recording systems and also contact centre staff. Without DTMF, spoken card details can end up permanently stored in call recording systems, and can be stolen by contact centre staff.
What are the benefits for your customers?
By entering their personal data using their phone, your customers are more protected from data theft too. Those around them, whether it be in a busy office or on a crowded train, cannot hear (and hence steal) their card payment details. As a result, your customer feels more secure – a feeling which reflects well on your organisation.
A 2009 UK survey of two groups of customers, one speaking their card details and one typing in their card details, found an increase in customer satisfaction scores in the group using DTMF.
Your customers will appreciate the ‘anonymity’ of their personal data.
What changes are needed to your internal payment processes?
With CallGuard, our product for DTMF data entry, there are no changes required to your internal payment processes. (Or your CRM system, or the applications your staff use.)
What changes are needed to staff training?
One very minor change is needed. Instead of asking a customer to speak their card details, your staff member will need to ask for them to be typed in using the customer’s telephone keypad.
What should staff members say to your customers?
Here are some suggestions:
- Using your telephone keypad, could you please now enter the long number from the front of your card?
- To allow us to process your card details securely, please type in the long number from the front of your card, using your telephone keypad. (And then) Thanks, now please type the 3-digit security code from the back of the card.
Which details can you take by DTMF?
This technology can be used not just for card details, but also customer PINs, passwords, social security number, date of birth, and any other data which can be taken in numeric format.
What if a customer’s phone is a rotary model, which doesn’t support DTMF?
It’s true that there are a few rotary phones still being used, but the number is incredibly small. In the UK, a 2009 study questioned 3,000 people, but was unable to find a single person with a rotary phone.
What about elderly or infirm customers?
A common question, but thankfully not a common problem. It is true that some elderly or infirm people cannot operate a telephone easily. However, entering card data on a telephone is identical to making a phonecall. So, practically, if the customer can call you, they are able to pay using DTMF.
What percentage of callers can’t use DTMF?
Based on a customer base of approximately 50,000 call centre agents taking payments through DTMF tones, it is estimated that fewer than one person in 10,000 cannot pay in this manner (either through infirmity or because they own a rotary telephone).
What can we do on the rare occasion somebody can’t or won’t enter their card data by DTMF?
There are a couple of easy practical things which means you won’t lose your PCI DSS compliance.
Firstly, if possible, transfer the caller to a member of staff who has been authorised to manually stop their call recordings in this situation. This is typically a trusted supervisor or senior manager who can override a call recording process, or whose phone calls are not recorded.
If you are unable to do this, then work with your PCI DSS security advisor or QSA. Show them how you are implementing DTMF as the standard process through which you take card payments, and that there is a very low probability of payments being unable to be made in this manner. QSAs are typically willing to accept that low-probability ‘exceptions’ processes do not add significant cardholder data into your environment.By:
If your business is under pressure to lock down data storage, especially…
Your business may record customer phone calls for quality purposes, in-fact most…