PCI Compliance Feature Request

Discussion in 'Ideas' started by Satisfaction, Oct 11, 2017.

PCI Compliance Feature Request 5 5 1votes
5/5, 1 vote

  1. Satisfaction

    Joined:
    Oct 11, 2017
    Messages:
    3
    Likes Received:
    1
    As part of PCI Compliance, steps to limit access to a customers card number must be implemented. One of the ways a call center agent is restricted from this data is by having the customer use their telephone DTMF keypad to enter the card #, Date & CVV info.

    Under the current 3CX system features, only the recording is paused during a Credit Card component application via the CFD, the DTMF tones are still heard by the agent and subject to capture & decoding via hardware or software under the control of the "unscrupulous" agent.

    We are requesting that the DTMF tones get obfuscated to a monotone sound, so the agent knows the customer is actually entering their card #. These tones can also be recorded, eliminating the need to pause the recording.

    If the tones can't be obfuscated, can they be blocked or filtered from the agents inbound audio stream?

    Another request as part of this modification to the CFD Credit Card Component is the addition of inter-digit timing info & possibly the digit duration timing. This could be represented as the average of the inter-digit times. This info will aid in fraud detection.

    Thank you
     
    datatech1 likes this.
  2. Sopock

    Sopock Member

    Joined:
    Jul 11, 2012
    Messages:
    447
    Likes Received:
    20
    Agent should see status of call in web client?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Satisfaction likes this.
  3. Satisfaction

    Joined:
    Oct 11, 2017
    Messages:
    3
    Likes Received:
    1
    Hi Sopock, The agent will be using their callcenters CRM /dialer NON-3CX system to initiate customer contact and for sales pitch. When the customer indicates they want to complete a sale, the agent puts all the customer info into a web based portal that is paired with the 3CX system. The last information taken and entered is the phone number to call the customer back at. The 3CX system will take the number from the portal form and dial the customer using the 3CX softphone. Recording will begin and the customer will be informed & given the terms & conditions. The agent will initiate the CFD Credit Card component to capture the DTMF data and it will be automatically entered into the portal in full PCI Compliance, as the agent will not see the card info. The problem is at this point that the intent of PCI compliance is broken by the fact that the agent can still hear the DTMF tones and easily capture & decode them! Our request to filter the DTMF tones from reaching the agent or obfuscate them to a monotone sound, would complete the PCI Compliance functionality of 3CX! It will also allow VAR's like us to specify 3CX in proposals to customers looking to build fully PCI compliant call centers.