A recent news report confirmed that police authorities are investigating an alleged fraud at a major UK contact centre.
Following concerns raised by a customer of unauthorised payments made on their credit card, a contact centre agent has been suspended, pending official investigations.
This news report serves as a stark reminder to any organisation that handles Cardholder Not Present (CNP) transactions of the importance of securing credit and debit card payments. It is also one of the scenarios the team here at PCI Pal has been protecting contact centres from, for many years.
In a whitepaper we produced with Verizon, it was found that 72 percent of contact centres that took payments required customers to read payment card details out loud.
This practice has the potential to expose customers’ card data to contact centre staff, CRM systems and even nearby eavesdroppers. Operating this way exposes the business to a host of potential threats, as well as bringing the contact centre into scope of the PCI DSS.
The stakes are high, and any breach of customer data is unacceptable considering the subsequent associated risks.
At PCI Pal, we support contact centres in safeguarding payments so sensitive data never enters an organisation’s environment. In doing so, payment card information is never exposed to rogue or tempted members of staff and contact centre managers can feel confident that insider threats of this nature are ruled out.
Given the large amounts of sensitive data circulating within contact centres, security should be an absolute priority for several reasons: to safeguard customers’ trust, protect the reputation of the organisation, and to also avoid financial penalties that can come with non-compliance to PCI DSS and GDPR.