• SMS: (305) 570-4723
  • (888) 204-0822 | (954) 935-8800
Promero Logo
August 26, 2016

Call Center Software Companies Should Know - How CallMiner uses analytics to secure customer data and ensure PCI compliance

When it comes to financial fraud (credit card and debit card fraud), cybercriminals are shifting their tactics. E-commerce websites were their target of choice, but those sites are making it harder for bad guys to break in. Fraudsters have found new opportunities in companies that rely on telephone commerce.

It is public knowledge and important for companies with call center software to know that regulatory agencies require certain phone calls to be recorded- these are typically conversations where Personally Identifiable Information (PII) and data pertaining to debit/credit cards is exchanged. Using modern voice-to-digital conversion technology, it's relatively simple for nefarious types with access to a company's database containing recorded phone calls to sift through the database and look for PII.

More about IT Security

  • The Hacking Teams: who they are, what they want, and how they hack
  • The hacking toolkit: 13 essential network security utilities
  • Cybersecurity spotlight: The ransomware battle
  • Subscribe to TechRepublic's Cybersecurity Insider newsletter

To help combat this type of information theft, the Payment Card Industry Security Standards Council in March 2011 revised the FAQ section of the Payment Card Industry Data Security Standard (PCI DSS) to state that companies can no longer store digital recordings that include sensitive financial card data if it is possible to query the recordings. For those interested, the pertinent PCI DSS policies and procedures are available at PCI Portal.com.

In order to comply with PCI DSS, companies developed Interactive Voice Response systems that allowed credit-card information to be collected and meet regulations. The biggest complaints with this technology are that the customer is required to jump through hoops, and the interface is awkward.

The state of enterprise startups
Enterprise software spending is on an upward trend, and is expected to reach $326 billion this year; meanwhile, startups and investors have taken notice. There are currently 1,425 active startups in the space - as listed by CrunchBase - and there's been an influx of venture funding. According to PitchBook, venture funding of enterprise productivity startups has more than doubled, from $4.75 billion in 2012 to $11.46 billion last year. This year, these software startups have already raised $6.26 billion to date, and the median deal size is up 25 percent compared to 2015, reflecting current market demand and investor appetite.

With investors hot on enterprise startups, the market will become more fragmented and saturated than ever before. End users are already inundated with dozens, if not hundreds, of similar software solutions, each which focus on filling one specific business need as effectively and efficiently as possible.

In an environment where the biggest technology leaders are looking to startups for new innovation and transformation, there will likely be a coming spike in M&A activity. A historical analysis of CrunchBase data reveals an ongoing trend: enterprise softwarestartups are seven times more likely to get acquired than they are to shut down, while only 4 percent make it to an IPO.

CallMiner is a company in Fort Myers, Florida that has a better idea on how to remain PCI DSS compliant and keep customers happy when there is a need to record and retain telephone conversations.

Others like Blockspring aren't reinventing the wheel, but instead are innovating on existing products. The young startup, which raised $3.4 million in seed funding, connects spreadsheets like Excel and Google Sheets to make it easier to import data from third-party services like MailChimp, Slack and LinkedIn.

Any of these types of startups could make for a strategic acquisition by larger softwarecompanies that are either looking to strengthen existing products or expand their offering into other verticals.

Email, communication and collaboration
Email clients and collaborative communication platforms are at the epicenter of modern workflows. For a software giant like Salesforce, whose core product (CRM) relies so heavily on email communications, startups in this segment are particularly attractive targets for anacquisition.

CallMiner's voice-analysis platform called Eureka is the company's solution to improve contact center and enterprise performance through conversational analytics (text and speech). A side benefit of Eureka is the ability to remove sensitive data from customer channels of communication without the need to change payment processing applications, agent intervention, or integration with the CRM system.

"CallMiner Redactor uses speech-analytics technology (used by many companies including those with call center software) to prevent sensitive cardholder data from being recorded; call recording is automatically muted when account numbers, security codes, and other sensitive information is spoken," mentions Scott Kendrick, vice-president of marketing and product management. "Because Redactor prevents you from recording sensitive payment information, calls are not in scope for a PCI audit."

Kendrick says that Redactor removes sensitive data from the audio portion of telephone calls in the following stages.

  • Stage one: The audio is converted to text using a speech-to-text engine that leverages a vocabulary system to maximize recognition accuracy. Kendrick adds this stage produces a text transcript that is used by stage two.

  • Stage two: The location of sensitive data is identified and tagged using a list of language patterns (e.g., credit-card strings, expiration dates, CCV codes, and Social Security numbers). This information moves on to stage three.

  • Stage three: Using the tagged locations, the sensitive portions of the audio recording are replaced with silence. The newly-redacted file is then encrypted and written to a cache on a storage device or written back into the source's original database.

Kendrick states that if redaction is applied in conjunction with the full Eureka analytics platform, placeholder words are substituted instead of silence in order to maintain privacy, yet be recognized in the user interface.

Another interesting compliance issue that CallMiner's Eureka platform can help businesses control is the number of mistakes made by call-center employees. The speech-analytics platform can be configured to flag comments or phrases that if used could be construed as being out of compliance. CallMiner's various applications can be configured to alert any such offense.

There are many other verticals within enterprise software - from project management and marketing automation to business analytics - but CRM is especially interesting, given two factors: (1) Salesforce's involvement in the enterprise race and (2) CRM's role in driving revenue and business growth, making it one of the most valuable software categories in enterprise software.

That said, CRM startups are plentiful and only a few are interesting enough to stand out. Heymarket, a startup founded this year, offers a CRM to help businesses manage text message communications, which could make for an interesting addition to an existing CRM suite's arsenal.

The accuracy of CallMiner Redactor
As to CallMiner's accuracy claims, Kendrick feels that using the company's proprietary pattern database will allow Redactor to identify more potentially sensitive data and tag it. In addition, Kendrick suggests there are other checks and balances in place to ensure accuracy, adding, "When a potential area is identified, other patterns are deployed to ensure accuracy and overlap."

Note: Accuracy of categorization is greatly improved with the ability to identify more complex language patterns, including the ability to target the location within a contact (first 10%) and looking for conditional patterns such as language before or after or not before or after other language.

Kendrick noted that CalMiner received PCI DSS certification in 2010. KirkpatrickPrice, a compliance management qualified security assessor, performed the validation.