Staples case study

The problem

Office supply retailer Staples approached Syntec in 2015 to supply a mid-call DTMF payment system for their call centers in Europe, as they were having to cope with increased compliance and PCI audit pressures and wanted to increase data security, without compromising customer experience or losing transactions.

Why CardEasy?

Staples were very happy that in the middle of the conversation with their agents, a customer would simply be asked to type their PAN into their phone keypad instead of having to reading it out, for this to be sent via CardEasy to their Payment Services Provider securely for authorization in real-time for the agent, without any interruption in the usual call flow or having to handle (or store) the card numbers themselves.

The project

Staples started rolling out CardEasy in their various UK call centers in 2016, deploying the hybrid ‘on premise’ option with their existing Cisco telephony and various back office systems and returning a tokenized PAN for repeat-purchase use.

Training support was provided by Syntec and the results went so smoothly that Staples took up their option to roll CardEasy out to other European sites with hundreds of users – a project which has now been successfully completed.

The results

  • The Staples’ call center environments and any call recordings are covered by Syntec’s level 1 PCI DSS service provider compliance, using the CardEasy managed service.
  • Staples can no longer hear, see nor store sensitive card numbers in their call centers and so cannot suffer a breach or fraud from having card numbers compromised there.
  • Their staff no longer need to be monitored for PCI purposes and so can concentrate on their customer service and sales job, as the card data is no longer there to worry about.
  • Management can also concentrate on running the commercial side of the business rather than being distracted by PCI concerns in their call centers.
  • The smooth operations of Staples’ call centers has not been interrupted during or after the project.
  • CardEasy supports their legacy and also new ERP systems.
  • CardEasy also provides Staples with a tailored ‘mass tokenisation’ service for their major corporate clients for easy and secure use of employees’ cards when ordering.
  • The CardEasy merchant reporting suite allows for monitoring of response times from different PSP’s in use; monitoring of agent/customer capture failures; and monitoring PSP transaction failures, amongst other features.

What Staples say about CardEasy

“CardEasy ‘keypad payment by phone’ was the perfect fit to resolve the PCI compliance and data security needs in Staples’ major call centers in Europe. This was because of its ease of use mid-call, the breadth of PCI DSS issues it resolves in one go, the flexibility of integration with all our differing systems and the ability for them to meet our tokenisation requirements”

Jurgen van Roon, Senior Project Manager – Security, Staples