The risks of payment card fraud and data breaches haunt contact centre managers - Cognia - ContactCenterWorld.com Blog
The risks of payment card fraud and data breaches haunt contact centre managers
No wonder. Last year, 700 million records were exposed in data breaches with an estimated financial loss of £256 million and stolen credit card details sell for up to £13 each on the black market.
There is a clear and present danger to companies that process payment card data in call and contact centres. Despite this, a recent report by ContactBabel highlights a surprising level of complacency and an opportunity to make quick improvements by replacing out-dated ‘pause-and-resume’ recording technology.
Your customer data at risk
The threats are evolving and constant so companies need to review and update their controls regularly to stay ahead of the criminals. In this context, it may not be a viable strategy to rely on measures that are merely ‘good enough’, or controls that worked in the past.
Similarly, in this light, it may not be enough to meet the high standards of PCI DSS compliance if it means doing so at a single point in time while ignoring the need for on-going security. Indeed, PCI DSS version 3.0 already recommends more business-as-usual control measures than previous versions and future standards may raise the bar higher.
One area of particular concern is ‘pause-and-resume’ recording as a way of securely handling customer payment card data. It ‘has had its day,’ says ContactBabel’s Inner Circle Guide to PCI DSS Compliance in the Contact Centre, ‘It is high risk and not efficient for a PCI compliant environment.’
The high price of ‘pause and resume’
Even with expensive clean rooms, pause-and-resume gives virtually no protection against malicious employees, increasing the risk of reputation-damaging data losses. In addition, it increases the risk of accidental exposure of credit card information because it relies so heavily on people following procedures properly all the time. (And how often does that happen in the real world?)
Once toxic data gets into your call centre, it requires expensive exception handling and potentially brings all your systems into scope for PCI compliance. With 904 separate reporting entries in PCI DSS version 3.0, compliance can be very expensive to achieve if any agent is potentially exposed to toxic data.
Despite these dangers and despite the fact that one in five of the 200+ UK contact centres that took part in ContactBabel’s survey are not yet fully PCI compliant, 59 percent of them were still using pause-and-resume voice recording while taking payment card data over the phone. It’s time for a change.
No longer fit for purpose
The report is conclusive: ‘When the first set of PCI DSS regulations came out, pause and resume was seen as a quick and easy fix to handle the problem of keeping sensitive authentication data out of call recordings. As time has passed, regulations have grown more strict and the growing importance of and focus upon wider data security has meant that many organisations are now looking beyond simply keeping call recording compliant.’
Criminals and hackers are not going away and neither is the risk (and opportunity cost) of out-dated approaches to security. Instead, the report recommends that companies: ‘Embrace the power of true cloud offerings that are highly secure and based on market leading Infrastructure-as-a-Service. Outsource the problem while you focus on your customers.’ Here at Cognia, we couldn’t agree more.
Publish Date: May 20, 2015 5:00 AM
|All Suppliers||Get Listed|
(VIEW OUR PAGE)
HigherGround develops data collection, information storage, and interaction analytics solutions that easily transform data into actionable intelligence, enabling operational optimization, enhanced per...
|PREMIUMFuture Gen International Pte Ltd|
(VIEW OUR PAGE)
Outsourcing provider of English Call Centre services, Audio Transcriptions, Big Data ETL (Extract, Transform, Load) , Big Data Visualization, Big Data Predictive Model Generation
(VIEW OUR PAGE)
Аутсорсинговый контакт-центр ConceptCall| КонцептКолл специализируется на исходящем и входящем телемаркетинге: мы предоставляем услуги по осуществлению холодных звонков и продажи по телефону, проводим...
View more from Cognia
Recent Blog Posts:
|The hidden costs of pause and resume payment processing||March 30, 2016 5:00 AM|
|Cloud vs Onsite – 6 ways cloud beats on-premise infrastructure for contact center operations||August 13, 2015 5:00 AM|
|10 Reasons why contact centres are embracing the cloud||July 10, 2015 5:00 AM|
|The risks of payment card fraud and data breaches haunt contact centre managers||May 20, 2015 5:00 AM|
|Counting the costs of a contact centre data breach (and how to minimise your risks)||April 10, 2015 5:00 AM|
|How can you cope with new PCI DSS 3.0 requirements?||March 16, 2015 5:00 AM|
|PCI DSS compliance without the hassle and risk||March 6, 2015 5:00 AM|
|SSL is dead. Long Live SSL||February 23, 2015 5:00 AM|
|The journey of a PCI-DSS compliance project – Part One||February 9, 2015 5:00 AM|
|Breach, Brand and 5 things we know about PCI for 2015||January 27, 2015 5:00 AM|