The risks of payment card fraud are ever-present. We’re constantly being targeted by phishing emails and an infinite number of scams designed to fleece us of our sensitive card details. Of course, we protect these numbers as best we can, but what happens when we willingly give these numbers to organisations we should be able to trust?
The Rise of Card-Not-Present (CNP) Fraud
Card-Not-Present (CNP) fraud is a payment card scam which takes place when a customer does not physically present their card to a merchant, such as transactions online or over the phone.
In this case, the merchant is responsible for keeping the customer’s details safe. However, with CNP fraud up 17% in the last year and costing UK consumers £400 million per year, it’s clear some merchants are not taking their responsibilities seriously enough.
Why is the Insurance Industry Increasingly a Victim?
The insurance industry is one area where CNP fraud is growing. Buying an insurance policy usually requires a discussion with a contact centre agent to finalise the terms of the policy. This conversation will usually end with a payment being taken over the phone. You hand over your card information to the live agent assuming it is safe, without giving a second thought to the fact that:
- The agent could copy your details to use themselves
- Someone sat next to the live agent could note down your card details as they’re read back
- Your numbers appear on-screen long enough to perform a screen grab
- Your call is being recorded and your card details are there for all to hear
Of all industries, you’d think insurers would understand the risks better than most, but in the case of CNP transactions, it’s clear that not enough is being done to protect sensitive payment card data.
What’s the Solution?
There are an ever-increasing number of Payment Card Industry Data Security Standard (PCI DSS) requirements for organisations which take payments over the phone to comply with. However, even companies that are fully PCI DSS compliant can still be susceptible to CNP fraud.
So what can you do to protect payment card data? The only way to be completely secure is to prevent sensitive data from entering the contact centre in the first place. PCI Pal’s secure cloud solutions allow merchants to descope their payment environment from the requirements of PCI DSS.
In a nutshell, customers enter their card details using their telephone keypad. The data is encrypted and the audible DTMF tones are masked so they cannot be deciphered. The result is that sensitive card data never reaches your agents, but they remain on the line throughout the process to help the customer if required – ensuring a fast, smooth transaction.