KomBea’s SecureCall Provides Stratus with Immediate PCI Scope Reduction
Stratus is a collections agency that provides technology tools and call center capacity to collections efforts for law firms collecting balances from their clients.
They have three call center locations with up to 100 agents in each location. Recently, the executive team became concerned with the rapidly growing list of expenses they were suffering due to what was required to maintain PCI compliance. Their business relies on the ability to conduct credit card transactions and the team knew that if they let their PCI compliance slip, they would be subject to the PCI Council imposing debilitating fines in the event of the breach or having their ability to accept credit cards revoked. Either scenario would be devastating to their business.
As a rapidly growing business, they didn’t want to do anything that would slow them down, nor did they want to continue to pay out tens of thousands of dollars every year for a consultant or assessor (QSA) to conduct an audit ensuring that they meet all the requirements for PCI compliance.
They needed a different approach, one that would allow them three key benefits:
- Reduce the PCI Scope to lower the annual costs.
- Increase security to reduce the possibility of fines.
- Protect the positive relationship between their agents and clients.
The Stratus team decided on SecureCall from KomBea. SecureCall sits between their phone system and their order-entry system, which is a CRM system in this case, where credit card data is entered in. By using SecureCall, the agents can collect the credit card information without ever seeing or hearing it. Agents remain on the line the entire call, while customers give sensitive information using their phone keypad or through an SMS interface. When customers use their phone keypad, the agent hears masked tones and sees dots, not the numbers. The agent receives a confirmation or token validating that the transaction went through, but the data never touches the company’s infrastructure. This greatly reduces risk and also because the company does not have the credit card data, they completely eliminated that aspect of PCI scope. The data is not present, stored (or recorded for quality assurance) or transmitted, which reduces scope, and because the transactions happen outside of the system, they have completely eliminated most PCI scope.
SecureCall reduced the PCI scope of what is required under an assessment so much that Stratus is no longer are required to hire a consultant to conduct a QSA. They simply conduct a self-assessment, write a report and submit it to the PCI council themselves. The company instantly saved over $50,000 annually.
Furthermore, because the agent remains on the line with the customer throughout the entire experience, they can ask questions, change their order or conduct other customer service actions. After the transaction is complete, the call can continue naturally, which protects the customer/agent relationship and experience. With SecureCall, Stratus saves money and reduces risk and what’s more, their customers feel that the company is protecting their data and in today’s world, trust is often the currency of the day.