Contact centre compliance and security is a top priority, but it requires an inordinate amount of effort from your IT team. Research suggests that over two-thirds of companies feel they need to step up their compliance efforts, yet, a quarter of IT time is already spent on compliance. For 98% of companies, the IT teams face several resource-draining tasks when it comes to ensuring compliance, customer privacy and data security.
So, it makes sense to implement a technology that’s secure by default and can automate contact centre payment security to dramatically optimise your IT resource utilisation. One such technology that’s recently gaining traction, is tokenisation.
What is Tokenisation?
At its core, tokenisation is a subset of blockchain and cryptography research. It can be defined as the practice of replacing sensitive information (like a customer’s credit card details) with non-sensitive information to mitigate the risk of data exposure during transit. Once a dataset is tokenised, the real information is stored in a secure token vault, while the token is what reaches the business, and is consequently decrypted/translated by the token provider.
If in some ways, the token is hijacked in transit, the transaction data will be of no value to a cybercriminal. This is what makes it such an attractive alternative to traditional payment systems. It also allows customers the flexibility to store their data on their favourite e-Commerce platforms, as a tokenisation system will prevent the real data from getting exposed.
For this reason, there have been a lot of advocacy efforts pushing for tokenisation in the payments industry. In 2014, 22 of the world’s largest banks made a petition for transitioning to tokenisation instead of the planned migration to the Europay MasterCard Visa (EMV). Recently, the Reserve Bank of India (RBI) has also laid down guidelines for card tokenisation, with an eye on customer data security and safety.
How Can Merchants and Contact Centres Embrace Tokenised Payment Systems?
Contact centres can either directly integrate with card networks that follow an underlying tokenisation architecture, or they can partner with token service providers who are equipped to maintain card tokens in a secured environment or vault. Token service providers must necessarily be PCI DSS compliant, and contact centres should ideally leverage a cloud-based solution to enable secure integrations with different FinTech services.
Today, nearly every large financial services company is certified to provide token services. For instance, Visa introduced token service capabilities through the acquisition of Rambus.
Understanding the Tokenised Payments Workflow in a Contact Centre
- The customer initiates a payment via IVR or an online interface
- The token service provider (integrated with the contact centre) replaces the details with a token and submits them to the acquiring bank
- The acquiring bank passes the token to the network, where it is mapped against the original details
- The network shares the details and the token with the issuing bank in partnership with the token service provider
- The issuing bank authorises or declines the transaction, sending the response back upstream until it reaches the customer
