DTMF Technology and Security in the Contact Center

The image of dual-tone multi-frequency signaling (DTMF) in contact centers has recently received a makeover. Used to power automated IVR menus for years, DTMF now facilitates secure keypad pay-by-phone technology. And DTMF masking technology is rapidly emerging as the new PCI gold standard for phone-based payment security. This post explores the history of DTMF as well as some benefits and risks involved with the technology.

The Birth and Evolution of DTMF and Payment Security

Better known as “touchtone phone” technology, and originally a registered trademark of AT&T, DTMF is the signal you generate when you press or touch each key on your phone. When pressed, each touchtone key generates two tones of a specified frequency that carry circuits designed to carry voice traffic. One tone is generated from a high-frequency group while the other is from a low-frequency group, preventing a voice from imitating the tones. The phone company then uses digital signal processors to detect DTMF digits and translate them into numbers, # and * symbols and, less commonly, ABCD keys.

The DTMF technology behind tone phones, also known in the UK as MF4, has facilitated the addition of other features like caller return, caller display, reminder calling, call waiting, three-way calling, call diversion, call barring, call minder and call sign. It also enables the acknowledgment of messages and alarms from pagers and, in banking, the transmission of your account number and sort code. You also can use it to convey any combination of numbers, such as the digits from your postcode, passport numbers, PIN numbers, birth dates, and, in the US, your social security number.

But perhaps the most prevalent use of DTMF has been using IVR to control call routing in the contact center. IVR enables companies to better handle incoming calls and queues—often via automation—to improve service to callers and free up agents to handle more complex queries. It also identifies and segments callers to prioritize, direct or divert calls to the most appropriate agent or group.

PCI DSS Compliance for Phone Payments

It was the introduction by the card brands – Visa, Mastercard, AMEX, etc. – of the payment card industry data security standards (PCI DSS) in 2004 which gave impetus to developing DTMF for handling card payments by phone in call centers, as an aid to improving card payment security and PCI DSS compliance.

To make a secure credit card transaction by phone, DTMF touchtone technology allows the customer to enter their card number using the keypad while on a live call with an agent. It also can be used with automated IVR systems to process customer self-service card payments by phone 24/7, year-round, without live agent assistance. Therefore, it’s often referred to as IVR payment technology.

DTMF Technology in Your Contact Center

Use of DTMF payment technology in the contact center has grown as companies look to protect their customers from data breaches. It’s also imperative to protect the business from the financial and reputation damage that these breaches cause. Companies also face increased pressure from banks and regulators to comply with PCI DSS.

The patented Syntec CardEasy system effectively eliminates the need to have PCI DSS controls in place in the contact center. Because the individual card digits are encrypted and sent directly to the merchant’s payment services provider for authorization, the contact center environment is bypassed. This removes the need to monitor agents or use old-fashioned pause-and-resume methods for call recording. This mitigates the risk of compromise with card data.

Securing card payments in contact centers in this way has benefits for customers and merchants alike, improving trust and streamlining the payment process, as the agent no longer must manually enter card numbers. Combining DTMF with IVR also gives customers the ability to automatically make payment via phone—at any time.

As new security and compliance challenges arise, DTMF continues to evolve to meet these challenges. For example, the EU’s General Data Protection Regulation (GDPR) imposes further regulations on how businesses handle customer data. The use of DTMF card payment technology reduces the sensitive data a merchant holds—and that meets GDPR compliance.

DTMF Challenges and Solutions

DTMF isn’t without risks. DECT (wireless technology) headsets are vulnerable to eavesdropping—where the DTMF tones could be picked up, in some circumstances. In addition, further risks arise if a customer reads their credit card number aloud instead of typing them into the keypad.

Having ISDN or SIP telephony—or transitioning to these technologies—as well as the use of agent-assisted payments, IVR-automated payments or a mixture of both can further complicate things. Card Easy offers a few deployment options: a fully hosted version, where the phone traffic is handled by the same company as the DTMF payment integration; an on-premises option that uses equipment at the merchant’s end, making it telephony-agnostic; or a fully cloud-based version, such as Amazon Web Services, for global reach.

When choosing the best technology, look for a vendor with deep experience in telecommunications technology and a strategy to help you meet your compliance needs. You’ll also want to understand the best way to deploy DTMF for card payment processing by phone in your organization.

The CardEasy system from Syntec integrates with Genesys® PureEngageTM, PureConnectTM and soon PureCloud® platforms. Syntec, a Genesys AppFoundry partner, won the Genesys Best Security solution award at the Call and Contact Centre Expo in London.

To learn more, visit CardEasy by Syntec on the AppFoundry marketplace for their PureEngage or PureConnect platform integration. You may also tune in to their on-demand webinar session available on the Genesys global webinars site – register now to view at your convenience.