Dual-tone multi-frequency signalling or DTMF is among the oldest signalling systems still in use. As keypad-based dialling gradually replaced the rotary dial in the 1950s and 60s, Bell Labs developed DTMF as a means to convey the keypad signals from your phone to the PBX exchange. DTMF is now widely used in integration with various other systems to capture data from customer keypads and relay information to the contact centre.
For example, in an IVR navigation system, customers would press 1 for choosing a language, 2 for checking their existing account details, 3 for connecting with a live agent, and so on. It is the DTMF system that converts the signal from a simple touch-tone sound to an executable command. However, there are scenarios where you might need to pause, mask, or suppress DTMF to prevent the signals from being recorded. Contact centres typically use DTMF suppression to stay compliant with compliance standards like PCI DSS.
What is DTMF Suppression?
DTMF suppression can be defined as a technology that intercepts sensitive data when entered via a telephone keypad and converts it into a format that is either held back from the contact centre or cannot be understood by the agent.
Let’s say a customer is entering their CVV information to verify a scheduled payment. As they press the keypad, a signal will be generated that is sent to the contact centre for payment processing. DTMF suppression/masking intercepts the signal and converts it into an unrecognisable data packet. When the data packet reaches the final destination – the contact centre payment processing system or the bank authorisation system – it will appear incomprehensible to human eyes/ears.
DTMF suppression offers a secure way to share sensitive data like credit card details, social security numbers, answers to secret questions, etc.
Why is DTMF Suppression Essential for Compliance?
You need DTMF suppression primarily to stay compliant with PCI DSS, which restricts the storage and access to payment details.
- According to PCI DSS, you must present evidence of compliance with 400+ security controls. Partnering with a DTMF masking provider is an essential part of this process
- PCI DSS prohibits the storage of authentication data in any format, including recordings. DTMF suppression automatically intercepts and implements data masking so that the data isn’t stored even by accident
- PCI DSS mandates that it has to be impossible to transfer payment data out of the contact centre. If agents listen in on keypad signals and remember them, it poses a risk that DTMF suppression eliminates
Without this technology, you would need to pause and resume call recordings every time the customer shared sensitive data with an agent or via IVR. You would also have to sully encrypt your recordings, but the risk of insider threat remains even then.
DTMF suppression addresses all of these vulnerabilities. Further, it improves CX as you don’t have to transfer to a different secure line to process payments, customers can be confident of responsible data handling, and agents can complete calls faster, as there is no need to pause and resume.
