Operations and Management

Rethinking Recording

By Brendan B. Read, Senior Contributing Editor  |  June 01, 2010

Operations and Management - Rethinking RecordingThis summer may be the opportune time for contact centers to take a renewed look at their recording strategies. If their organizations are switching over from PSTN/TDM to IP, which will require in most cases buying new recording tools, it makes sense to utilize this occasion to rethink how they want to use recordings.

With the demand for products and services increasing, there is a redoubled focus on retaining and building new as well as on existing customer relationships that requires staying on top of quality issues. There is a growing realization by senior management that call recordings contain valuable information about customers’ behavior, desires and wants and agents’ performance that can be mined with speech analytics. Thieves also see the value in recording-captured data, leading to ever-stricter regulations and standards, such as the Payment Card Industry (PCI) data security standards (PCI-DSS) that demands tougher controls to prevent unauthorized access.

Just on the horizon, the growing popularity of text-based communications – chat, e-mail, SMS and social media – require screen captures and integrating them with call recordings. This unification, along with exchanges gathered from websites and automated voice systems obtains complete and captured multidimensional views of customer/agent interactions. Down the road the IP transition will enable a shift from narrowband to wideband a.k.a. HD voice that enables greater voice range hence more natural sounding acoustics compared with that delivered over TDM that in turn will permit more information to be obtained from voice conversations.

“The need and market for contact center recording is not going away; if anything it is getting stronger,” reports Jim Davies, research director, Gartner (News - Alert). “There is increasing desire for quality monitoring to ensure performance, a need to improve customer experience, and compliance with stricter PCI standards that combined with the TDM to IP shift are boosting investment in recording systems.”

From Random to All

These trends are prompting more contact centers to employ a strategy of recording 100 percent of calls. Random sampling is no longer adequate in today’s (and tomorrow’s) environments.

Matt Storm, NICE Systems director of Americas marketing reports that a survey of his firm’s customers reveals that of those having less than 100 percent coverage, 57 percent expect to increase that amount by sometime in 2010, with more than one-third of those planning to deploy 100 percent recording.

“Respondents said regulatory compliance is a primary driver,” reports Storm. “Greater recording coverage also helps to improve the quality management process by providing more call samplings for evaluation and allowing managers to investigate specific performance issues such as script compliance or excessive transfers and hold times. Speech analytics also delivers the highest return on investment when able to process higher volumes of recordings.”

Brian Spencer, president, OAISYS is seeing more small-midsized businesses (SMBs) especially increase the types and volumes of calls being recorded. Until recently, he says the SMB conversation around voice recording consistently started with a specific compliance or liability requirement; quality control was a secondary benefit if not an afterthought.

“Businesses have become more keenly aware of the call recording drivers, and are taking the necessary steps to implement effective compliance and risk management programs,” says Spencer. “More than ever, companies want to understand what influences customers to continue doing business with them.”

Protecting the Data

All contact center recording strategies must include an analysis of methods to best comply with regulations and standards to prevent or more accurately limit exposure and illicit acquisition of corporate, customer and employee data. This issue also feeds back into customer retention; few events are more damaging to a company’s goodwill and sales than having its customers’ data exposed through failing to follow the laws and procedures aimed at protecting them.

One of the most important of these rules is the PCI-DSS 3.2 standard, which it says prohibits storing any sensitive authentication data, including card validation codes and values after payment authorization even if encrypted. It also bans using any digital audio recording after payment card approvals. Where technology exists to prevent recording of these data elements it should be enabled. If these recordings cannot be data mined, storage of card validation codes and values after authorization may be permissible as long as appropriate validation has been performed. The physical and logical protections defined in that standard must still be applied to these call recording formats.

Another key regulation is the Health Insurance Portability and Accountability Act (HIPAA). It requires organizations to safeguard patients’ health information from unauthorized access. The Patient Protection and Affordable Care Act, signed into law by U.S. President Barack Obama March 23 that will enable some 32 million more Americans to afford health care will also create much more data that must be protected in compliance with HIPAA regulations.

“The burden of responsibility for ensuring compliance standards are met lies in the hands of each organization, however, there are a number of ways that recording solutions can enable customers to become or stay compliant and/or do not prevent them from being able to meet certain policies,” says Aspect (News - Alert) product marketing manager Kathy Krucek.

“The main areas of how recording solutions do that is through providing security around recordings via encryption and providing the ability to not record sensitive information (e.g. for PCI DSS compliance). Also, by providing various storage/archiving strategies to allow organizations to keep recordings for a period of time and then automatically being able to purge them where they are required to do so after X number of days (e.g. for HIPAA compliance). Each organization must understand their own industry guidelines and company legal and HR policies to evaluate recording solutions that ensure these can be met.”

One route to consider is going above what is stated in the regulations and standards, which are in most cases are the minimum stipulations to enable these rules’ goals to be accomplished. Jim Shulkin, director of marketing, Envision Telephony points out that in the case of PCI-DSS 3.2 if a contact center routinely requests card verification codes then one potential best practice is to pause the recordings to prevent this data from being captured. Yet even if the codes are not recorded centers should consider recording file encryption, routine deletion of recordings when permissible and keeping a record of all those who play recordings. In some cases organizations have even put monitor screen guards in place to prevent data from being visible to others on the call floor. Pausing or deleting recordings is not always realistic, he points out though, as many organizations and industries have their own regulations prohibiting the deletion or alteration--removing the sensitive data--of these records.

“The PCI DSS specifically dealing with call center recordings is evolving as the technologies to both query the data and reasonably secure it becomes more mainstream and widely attainable,” says Shulkin. “Plus, many brand-conscious companies that are bound to PCI compliance prefer to go above and beyond the stated standards where possible in order to insure customer data protection to their own higher corporate standard.”

Multichannel Strategies

Call recording strategies must also incorporate, and be incorporated, into those of other channels so that organizations can have a complete view and access to customers interactions. While these other methods: chat, e-mail, SMS, IVR and speech self and Web self-service still rank below voice as communications methods their use is increasing.

“I’m not seeing much true multichannel integration yet but it will happen as software suites broaden and organizational maturity increases,” says Davies.

Kristyn Emenecker, solutions marketing director, Verint (News - Alert) Witness Actionable Solutions says multichannel interactions bring together new dynamics between traditional screen recording and desktop analytics. For instance, it allows taking desktop analytics and trigger recordings of specific events such as an e-mail or text chat. It can also take key information from the screens such as transaction amounts, customer account numbers or other pieces of information and tags them to the recordings.

“With having more complete data to analyze, we can then marry it up to all communications associated with those customers: including such vehicles as text messages and e-mail,” says Emenecker. “This makes the quality and analytics processes more inclusive of all customer channels.” CIS

The following companies participated in the preparation of this article:

Aspect - www.aspect.com

CallCopy - www.callcopy.com

Envision Telephony - www.envisioninc.com

NICE - www.nice.com

OAISYS - www.oaisys.com

TelStrat - www.telstrat.com

Verint - www.verint.com

Brendan B. Read is TMCnet’s Senior Contributing Editor. To read more of Brendan’s articles, please visit his columnist page.