Voice-powered assistants are changing the face of commerce, with as many as 60% of consumers looking to use a home voice assistant to make purchases with just a few simple words. However, most of the discussions surrounding voice technology and commerce involve online shopping, P2P transactions and bill payments. But, what about phone-based commerce, such as transactions conducted through contact centers?
Contrary to popular belief, these card-not-present (CNP) channels remain more than relevant. In fact, a recent Google survey showed that 61% of mobile users still prefer to call a business when it comes time to make a purchase. While contact centers are already exploring ways to use voice and artificial intelligence (AI) to automate processes and create a frictionless customer experience, this only scratches the surface of the technology’s potential.
Given the surge in data breaches and the fact that fraudsters continue to target CNP channels, contact centers should consider how they can use voice assistants to strengthen data security. Just last month four major data breaches involving consumer credit card information made headlines, signalling that payment data is still a hot commodity among fraudsters and hackers.
Whether customers are making phone purchases by speaking with a live customer service representative (CSR) or interacting with a “bot,” the challenge is that the payment card details are often exposed to the CSR, captured on a call recording system and stored in other parts of the business’ infrastructure. While consumers may not think twice about exchanging credit card and other personally identifiable information (PII) over the phone, contact centers should strongly consider the associated risks.
For example, a rogue or malicious agent could easily copy down a caller’s card numbers for potential fraudulent use. Or, a hacker could breach a call recording system and make off with any PII that was read aloud and captured. In addition, the contact center may violate compliance with the Payment Card Industry Data Security Standard (PCI DSS) if sensitive authentication data (SAD), like CVVs, are stored on those recordings.
But, what if a customer were to use their voice assistant to authenticate over the phone? Whether or not they realize it, consumers already trust tech giants like Amazon and Google to store and secure their PII (94 million Americans store their credit card numbers online). So, wouldn’t it be natural to use these assistants to secure CNP transactions?
Use Cases for Voice in the Contact Center
There are two chief use cases for securing contact center commerce through voice assistants, and both involve the exchange of tokenized credit card or other numerical data. First, a customer uses their device to call a retailer’s contact center to make a purchase. Once connected with an agent (or even an interactive voice recognition system), the customer quickly and easily authorizes a secure payment by supplying a single-use voice token – generated by a backend server – to authorize the transaction using the card they’ve already registered with the merchant. As a result, the payment channel shifts from a phone-based CNP transaction to a lower-risk e-commerce transaction, where the credit card data never touches the contact center environment – keeping it out of scope from the PCI DSS, and out of the hands of the wrong people.
The second use case involves reciprocal call authentication in place of the more traditional, and typically weaker, identification and verification (ID&V) processes. This is an especially valuable capability, as fraudulent phone calls mimicking merchants, banks and other financial institutions have become increasingly common, as well as social engineering (or vishing) attacks on these institutions from unscrupulous callers. As consumers become aware and vigilant of such calls, they are more inclined to ignore an inbound call from a legitimate source, which can lead to poor customer relationships and lost sales. Here, a voice assistant could validate a phone call between two entities, unknown to each other but known by a back-end server. When a merchant or bank calls a customer, the customer instructs their device to provide a series of voice tokens, which the merchant submits for authentication. Once the identity of both parties is validated, the conversation continues as usual.
Viable, Valuable Voice
By adopting this payment method, contact centers could quickly reap tangible benefits. With a voice assistant like Alexa, for example, handling payment card data and PII, contact centers can simplify compliance with the PCI DSS. And, as the regulatory landscape grows even more complex, with new laws like the European Union General Data Protection Regulation (EU GDPR) and a new iteration of the Payment Service Directive (PSD2), solutions that make compliance less burdensome by preventing the unnecessary handling and storing of PII will be in high demand.
In addition to the cost savings that stem from easier compliance, contact centers and their customers can rest assured that their most sensitive data is safe and secure. Because they don’t hold the data in the first place, they are a much less appealing target for fraudsters and hackers. By deterring breaches and fraudulent activity, merchants keep their names out of the headlines and their brand reputations intact.
Moving forward, we will continue to see new use cases arise for voice assistants in contact centers and beyond. I encourage merchants to begin exploring opportunities to use voice – combined with data security technologies and best practices – to lay the foundation for the future of commerce.
Ben Rafferty is a Global Solutions Director for Semafone