The hardware call recording model is broken.
Hardware, by design, is not flexible – it cannot adapt to change. For example, companies offering traditional hardware-based call recording currently can’t provide customers with an acceptable, answer to PCI DSS regulations which have been set up to help to prevent credit card fraud. More worryingly, hardware suppliers may “lock” customers into an ongoing cycle of high expenditure and technology stagnation.
A quick recap. As we said in a recent blog post, companies taking credit card payments by phone have some obligations placed on them by PCI DSS regulations. One of the requirements is that the 3- or 4-digit security code on the back of a card must not be stored in any format, including in audio recordings. Contact centres should adapt their call recording processes to ensure these codes are not stored.
However, lots of companies have already invested in expensive hardware call recording systems. And these systems cannot be easily adapted to remove a chunk of a conversation with a customer. Then how do suppliers suggest their customers comply? Since it’s not easy to ‘bleep or blank’ using their systems, hardware call recording firms naturally fall back to methods they can deliver on and these are pitched as ways of becoming PCI DSS compliant. Here are some of their suggestions to improve credit card security on audio recordings:
- Encryption of calls (Nice currently pushes this approach, as does Verint)
- Multiple logins
- Audit trails
- Security audits
All of these are sensible security processes, but don’t meet the requirements of PCI DSS because the security codes on the back of cards are still stored in the recordings. The key risk here is potential data loss.
So why are the global players pushing these ‘workarounds’? Simple: they can’t find an easy way to blank or bleep part of a recorded call because their architecture doesn’t support it.
What does that mean for customers using hardware based call recording? Verint and Nice are being pressured by their customers to release updates which will bleep or blank calls, and both have development teams working on this issue. The larger contact centres believe that preliminary products will be released to the market in Q1 or Q2 of 2010. But it is just not that easy to ‘patch’ together telephony ‘lines’ at the trunk level with activity on agent desktops.
We predict that customers who wait until 2010 and beyond to implement Verint and Nice solutions will be disappointed in three ways:
- Customers will have to wait longer than they think. The estimates being given to world-leading contact centres for implementation have already slipped by months, and we think they’ll slip again.
- Implementation will be a huge headache. Systems may not work properly for the first few months or even years - this has, unfortunately, been the history of ‘patches’ like this.
- Customers will pay far too much.
But why? Because the hardware recording model is broken: hardware, by design, is not flexible – it cannot adapt to change. When change is “forced”, choice is reduced, costs rise, and satisfaction plummets. Customers with call recording hardware are also locked into a prehistoric model of pricing. And major suppliers also implicitly threaten customers considering moving away from their technology. A senior technology director at one of the world’s largest BPO companies recently said to Veritape “If we even try to make changes to our Nice system to become compliant in some other way, then Nice stops supporting our system entirely”. That’s not great customer service.
PCI DSS compliance (or lack of it) is just one symptom of the underlying cause: the hardware recording model is broken and cannot adapt easily to change. Call recording software solutions like Veritape, in contrast, will ride change effortlessly – visit www.veritape.com for more information.