The risk of malicious activity from a business’ own staff is real, current, and no industry is immune. Statistics from the most recent CIFAS Employee FraudScape report show that 585 insider fraud cases were reported to its internal fraud database in just 12-months, and the prevalence of fraudulent account withdrawals had more than doubled compared to the previous year.
What’s important is that businesses assess what steps they can take to ensure customers’ personal data is protected – whether from ‘insider’ or external sources.
Only earlier this month, we read about a major UK contact centre suspending a member of its team, pending police investigations, following an allegation of unauthorised card payments of around £100 being taken from a customer’s credit card.
On reading of the alleged breach, it made me question ‘what if’; what if actions of an unscrupulous staff member went unnoticed for longer or the transactions were for larger sums of money? What if a dishonest member of staff was able to access the company’s corporate network? What if an employee attempts to sell data they are privy to?
Only recently Bupa was subject to significant fines when it was discovered that an employee had attempted to sell the details of over half a million clients to the dark web.
The answers to the ‘what if’ questions would keep most business owners and contact centre managers awake at night.
In today’s digital age, there is absolutely no reason why contact centre staff should be exposed to payment card information – particularly when you consider the stringent PCI DSS rulings and GDPR (and the penalties that could ensue if breaches occur).
Our cloud-based PCI security solution prevents any payment card data from being visible or audible to contact centre staff. In fact it stops card data from entering a company’s IT infrastructure in totality. Payments are instead routed to a secure platform where customers provide masked card details using their telephone keypad, while still maintaining contact with the customer service representative.
By operating this way, the risk of insider fraud is eliminated, the customer experience is positive and a contact centre’s obligation to PCI DSS is reduced to an extent where compliance becomes far easier.
From where I’m standing, prevention is certainly better than a cure, and removing card payments from scope of PCI DSS takes away many of the ‘what if’ worries from those with the responsibility of managing complex contact centre operations.