3 Ways Your Phone Systems Can Make Compliance Easy(er)

It’s been a little over a year since GDPR was introduced. Now, many businesses live with far stricter rules around customer data – and far larger penalties by failing to secure it.

Along with regulations like PCI DSS, call centers have a lot to keep in mind. But how can your phone systems help you stay on the right side of the rules?



Regulatory compliance is complicated – but you can make it simple.

Well… simpler.

Whatever regulations you’re dealing with, data compliance is always about giving data as little exposure as possible. You can turn every tool you’ve got to the purpose of reducing exposure – even your phone systems.

We’re going to get into that. At the same time, we’re going to look at what happens when your communication solutions don’t follow the rules.

#1 Phones systems tip – access caller information in real-time 

Let’s start by thinking about ‘privacy by design’.

One major problem for businesses is that retrieving data often means duplicating it as well. Initially, customer data is stored in a secure database. But then, an agent needs to access the data to inform their next action.

Consumers believe businesses benefit more from data economy


That brings sensitive data from one location to another, potentially less secure location, and increases its exposure. 

Real-time access is the best way to avoid the problem. 

One of our core principles is that data should only be retrieved in real-time, when needed, and then automatically discarded. 

Just think about that scene in most spy thrillers: the hero memorizes the message, then burns the note.

You could get a substantial fine

Here are my two cents on this: fines = bad.

In 2018, in the UK, Equifax was fined £500,000 for failing to protect the information of 15 million people. (They talked their way out of paying for the US breach of 145 million users’ accounts.)

And if you think £500,000 is pretty lenient, bear this in mind; they were fined under the old Data Protection Act. The half-million mark was the maximum at the time.

A great big GDPR fine could have run to either €20 million or 4% of annual turnover – whichever was higher. (Their 2018 turnover was almost $3.5 billion…)

#2 Phone systems tip – take control of call recordings

You’ve probably heard the story about NASA’s huge spend on pens for astronauts? It’s the one where NASA puts many years and dollars into a zero-gravity pen, and Russia gives its cosmonauts pencils.

The story is totally made up of course

But the lesson is good – use the simplest tool you can to fix your problem.

So here’s your problem. There are all kinds of reasons you record customer calls. But you’d rather not record things like credit card details on the call. You don’t want to increase the exposure of those details.

Do you need some kind of hi-tech voice analytics tools that recognize credit card numbers and deletes them? Do you need to employ a team of censors to listen to every call and remove the sensitive data?

Or do you just need to give agents a pause button?

That’s the solution we’d back. Let agents control call recording with phone systems that let them pause to take credit card details. That’s your ‘cosmonaut pencil’ solution.

The typical cost of a data breach


You could do lasting damage to your brand

The days of sweeping data breaches under the rug are long gone. There’s a great deal more media interest and about as much public concern over the state of data security.

The Equifax example is as good as any. YouGov compiles a ‘buzz score’ that measures positive or negative public opinions about thousands of brands. Prior to the breach, Equifax’s score was zero – basically neutral, as the score runs from -100 to +100.

After the breach, they fell to -33. In fact, the damage went so deep that Experian – a competitor in the same industry – also dropped 8 points.

65% of consumers would not buy from a business that had lost financial data

And ‘brand damage’ isn’t just marketing-speak. It’s very likely that a serious breach will lose you current customers and make it harder to find new ones. 65% of consumers say it’s highly unlikely or unthinkable that they would ever buy from a business that had had financial data stolen.

#3 Phone systems tip – VoIP Encryption

This is pretty core stuff – make sure your VoIP phone systems are secured with encryption.

A high percentage of consumers think businesses don't take data security seriously

When voice data moves over the internet, it’s converted into ‘packets’ of information.

Customers share all kinds of sensitive information over the phone, much of which is valuable to thieves.

Without encryption, sending those packets is like writing customers’ personal and financial details on a lot of postcards and putting them in the mail. You have no idea who will see them.

With encryption, sending those packets is like delivering customers’ details via armoured truck.

Make sure that SRTP and SIP encryption come as standard with your phone systems and call center software.

You provider could raise the cost of card payments

When it comes to PCI DSS non-compliance or actual data breaches, there are too many costs to mention. There are the fines, the loss of customers, the investigations, the audits… It adds up to an average cost of £3.86 million

But even worse than the one-off costs is the long-term increase of per-transaction charges. It seems tiny at first. But then you think about the incremental effect of making less profit on every single card transaction.

#4 Phone systems tip – tag calls for assessment

Hopefully, it’s clear that you need a lot of oversight to make compliance work in an outbound or inbound call center. You can take control of call recording in your phone systems but mistakes may still happen.

babelforce put a lot of thought into the role senior oversight plays in this part of call monitoring. For us, the solution was call tagging.

In practice that means you can:

  • allow agents to tag recordings that could present a risk
  • automatically tag calls associated with taking payments
  • automatically forward some recordings to a call center manager
  • automatically delete recordings which haven’t been reviewed if they may pose a risk

That puts a lot of defensive measures between you and the risk of vulnerable data. More importantly, it puts a lot of defensive measures between your phone systems and data thieves. 

Phone systems can be one of the most vulnerable parts of your business. Then again, securing your phone systems is some of the lowest hanging fruit for becoming compliant. 


Related Posts