Cost Effective PCI DSS Compliance Enables Charities to Invest Money Where it Matters

Established in 1961, the British Heart Foundation (BHF) is the UK’s largest independent funder of cardiovascular research. For over 50 years the Foundation has pioneered research that has transformed the lives of people living with heart and circulatory conditions.

The BHF’s work has been central to the discoveries of vital life-changing treatments. However, many people still need its help. Each year in the UK, more than 1 in 4 people die from heart and circulatory disease, 175,000 go to hospital due to a heart attack, 235,000 due to stroke and 4,000 babies are diagnosed with a heart defect.

The BHF’s mission is to win the fight against heart and circulatory disease by funding groundbreaking research.

The Benefits

It is important for charities to show that they are leading by example in PCI DSS compliance. With the introduction of Semafone technology, the BHF is able to do this, protecting customer card data, complying with regulations, and ensuring that the highest possible proportion of donors’ money is spent on the fight against heart and circulatory disease, the UK’s single biggest killer.

The Challenge

Fundraising is vital for the BHF so it’s essential that supporters are able to make donations quickly and easily. In 2015/16, the charity raised £157 million, including donations made via a range of payment methods, one of which was card payments made by telephone; the charity’s Birmingham call centre handles around 50,000 calls per year. The BHF prides itself on the fact that 77p of every pound raised is used to fight heart and circulatory disease, but complying with the regulations that govern card payments was becoming increasingly costly.

It was vital for the BHF to comply with the Payment Card Industry Data Security Standard (PCI DSS), which governs the protection of customer card data. At the same time, the organisation needed to maintain or even reduce its cost per transaction to ensure that donations were not eaten away by administration costs.

The charity therefore decided to research the most cost-effective and secure means of using its own call centre to process donations.

It is important for charities to show that they are leading by example in PCI DSS compliance. With the introduction of Semafone’s technology, the BHF is able to do this.

50,000

Calls Per Year

The Solution

In July 2016 the BHF implemented payment security software from Semafone delivered over Gamma SIP Trunks to protect supporters of the charity as they made donations over the phone. Semafone’s solution allows callers to input payment card details into their telephone keypad. The numbers are obscured using dual tone multi frequency (DTMF) masking, so the contact centre agent cannot see or hear the numbers and can stay in full communication with the customer at all times to help with any issues that may arise. Semafone takes the card details and transfers them directly to the payment service provider (PSP), bypassing the contact centre environment entirely. Implementing Semafone completely removed the BHF’s telephone card payments operations from the scope of PCI DSS.

The charity has a long standing relationship with Semafone partner, Gamma, who provide the SIP Trunk related services for the delivery of phone calls into the BHF. Semafone worked very closely with Gamma during the project scoping phase and were able to map the BHF’s requirements against PCI DSS compliance.

Flexibility was key to the charity. Call volume can vary widely depending on the demands of their campaign work and Semafone technology, hosted in Gamma’s core network means it can be adapted to the charity’s need for additional contact centre agents at times of peak demand. This flexibility allows them to take full control of their call centre operations, both inbound and outbound, in the most cost effective manner. The lower costs that SIP with Semafone from Gamma can deliver, with no additional call or call-forwarding costs was an important factor given the BHF’s charitable status.

The Results

Becoming fully compliant with PCI DSS for telephone card payments was a challenging and complex task for the BHF, but it has been implemented effectively and efficiently and the benefits for the organisation have been significant.

The introduction of Semafone’s solution delivered over Gamma SIP Trunks means that all calls to and from all BHF offices are PCI DSS compliant. Any call can now be diverted to the call centre for a donation and this greatly enhances the BHF’s flexibility. The technology is also fully scalable, meaning that call centre capacity can be increased and decreased quickly and easily to deal with the peaks and troughs of campaign work. Outbound in-house call centre operations can now be expanded exponentially.

Ashley, British Heart Foundation: “Semafone has made a tremendous difference to us, with no negative effects. Prior to the implementation we were concerned that having customers enter their own details might increase call handling time, but this has not been the case and agents were up to speed very quickly. The new system has also enabled us to take control of our scripting, so there is no longer any risk of ‘off script’ conversations.”

Testimonial

Operationally, the whole process has been extremely smooth. The fact that there was no disruption is a huge benefit for the team. Very little additional training was required, average call handling time has been maintained at its target level.

Ashley Bennett
IT Business Partner, British Heart Foundation