• IVR Service Provider
• Articles

When Utilizing IVR, Be Sure to Follow the 'Rules'

By Rory J. Thompson, Web Editor

In addition to all the myriad rules and regulations about call centers today, there are few issues more vexing than “compliance.’ What is it, and how does one achieve it? It’s a murky area for sure.

That may be one reason why longtime industry insider and compliance expert Mike McAlpen recently penned a blog on this very issue.

“The good news is that many of these compliance traps can be addressed fairly easily, without a lot of additional resources,” McAlpen wrote. “I always tell people that before they assume that they’re fine, they should invest in at least a short consultation with a local attorney specializing in security and compliance.”

That’s wise advice for any company that has even an inkling of concern as to whether they’re in full compliance with local and federal regulations. But McAlpen goes a step further and lists some important questions all call center managers should ask themselves. To wit:

Do you record your calls, and take credit information? If you do, be careful. “You need to be aware that it is against PCI (News - Alert)-DSS standards—the Holy Grail of credit-card processing security—to store the secret CVV2 number (the three- or four-digit number often listed on the back of the card)—at any time, in any way, no matter what level of encryption or encapsulation is used,” McAlpen notes. If your company regularly records the entire call, you’re probably storing this information in your recordings. That will put you out of compliance, and could lead to problems down the road.

Do you store credit information for repeat customers? Again, top PCI-DSS consultants commonly say that “nothing should stick” within your systems—meaning that credit card information and other sensitive data should not be stored.

Do you record your agents’ calls? Most companies announce (or they should) that incoming calls are recorded. Outgoing calls? Not so much, even though most states require that those called also be so notified. If you’re not doing so, McAlpen suggests, you might well be in compliance-violation. Look into it, and adjust accordingly.

Call-monitoring might be an issue: “Some contact center software lets supervisors listen in on conversations. The ‘whisper’ option lets managers speak to the agent—so the caller can’t hear the supervisor—to give directions about how to handle the call. ‘Barge’ lets supervisors listen and break into the call if they feel it’s necessary,” McAlpen says. But again, in some jurisdictions, these options are subject to regulation. Be sure you’re not inadvertently violating the law when a supervisor logs in.

McAlpen concludes that these are “fairly easy, low-cost or no-cost suggestions that any contact center manager can easily implement. They put you in a much better compliance position, and can help your firm stay out of trouble.” But it’s NOT doing so that can land you in trouble. Isn’t it worth a few minutes to brush up and see how and where the law applies? Better now on your own, than later with the lawyers involved.