Our website uses cookies to ensure you get the best experience while you’re here. Read our privacy policy for more information.

Accept
Natterbox-logo
salesforce-partner-logo

Are Your Contact Center Payments Safe?

Natterbox Team

Natterbox

The number of payments via contact and call centers continues to increase, and it’s fair to say that most card-accepting operations understand the importance of protecting customer data from fraud and cybercrime, but can you be sure your contact center is safe?

Increasingly, consumers understand the sensitivity of their data and feel uncomfortable handing it over to strangers. In fact, according to PCI Pal, 58% of consumers believe that reading their card details out over the telephone is not secure. Customers need a secure payment system that gives them absolute peace of mind.

Still asking customers to read out card details over the phone?

In theory, there’s nothing wrong with this – but it’s potentially very risky. If contact center agents can hear the card numbers, see them on the screen, or be able to access them from call recordings, then data could be compromised.

IBM’s latest ‘How much does a Data Breach Cost‘ report states that-

The average cost of a data breach in the UK is over £4.5million.

All it takes is a rogue agent copying a person’s card details or doing this on a large scale and selling numbers to criminals. Alternatively, digital card records could be hacked or even shared accidentally by clumsy employees.

Imperfect solutions breed poor CX and can compromise security

Typically there are three main solutions to handle call payments, but they’re often awkward and a less than ideal solution. The commonly used pause-and-resume methods are prone to errors and feel disjointed, as agents dip in and out of conversations, leaving customers confused as to what’s going on.

It’s also a poor customer experience if calls are transferred to another department for the payment part. Rigorous agent vetting and the setting up of clean rooms, where pencils and mobile phones are banned, can help to raise security levels, but there’s always the risk of a lapse and a few bad apples. Another common method of trying to ensure the security of customer data over the phone is to utilise dual tone, multi-frequency (DTMF) technology. This allows customers to be put through a secure, locally hosted or cloud-hosted platform that disguises their keypad inputs from the agent on the other side of the phone. However, if the data is stored by the contact center instead of passing straight to the payment processor then there is a potential security weakness. It’s also worth noting that around 5% of the population are unable to use a keypad for accessibility reasons, and so consideration must be given to those groups, without compromising security.

PCI compliance is not enough

The Payment Card Industry Data Security Standard (PCI DSS) was created by five of the world’s largest credit card companies and every company that accepts, processes, stores or transmits credit card information must achieve compliance with this standard to help process card payments securely and reduce the risk of card fraud.

However PCI DSS is only a standard, it’s not a guarantee, or even a legal requirement. Even if your contact center achieved PCI DSS compliance a few weeks ago, you can’t be sure your security is watertight today. You’re still at serious risk of a data breach if there’s any lapse in security due to a lack of updates or human failure. In fact, according to leading security experts Kaspersky Lab –

90% of data breaches are caused by human error. 

Can you afford to be complacent with compliance and security?

There are many different consequences for failing to run a safe contact center payment operation. If you suffer from a data loss or breach this could spell real trouble for you and your organisation.

Reputation: If a client’s card information is put at risk, it can result in irreversible damage to the reputation of the company. Once it has been made clear to the public that your security has been breached, it can be difficult for clients to begin trusting the business again.

Legal: Lawsuits can be opened against the company, and is quite common. Historically, businesses have had to pay out tens of millions when putting customers’ bank cards at risk in lawsuits.

Revenue Loss: Not only can you risk the loss of reputation as a business, but history has shown that companies involved in data breaches see their revenue drop dramatically due to a loss of customers. 

Conclusion

One thing’s for sure, the number of payments made via contact centers will continue to rise still further. What’s also certain is that for as long as people make payments this way, there will be those who seek to take advantage and potentially compromise your operation.

Whilst it’s never going to be possible to 100% guarantee safe payments, it makes sense to work with telephony providers and contact center experts who understand how to make things as safe as possible, continuing to improve and enhance security as new threats emerge to protect your business and your customers. That’s why Natterbox is a trusted partner for many leading providers around the world, helping to promote safer payments and a better customer experience.