Why Do Consumers Take Risks With Phone Payments?
Sitting on a hot crowded train from London at the end of a working day tends to put people into a rather lethargic mood. The only thing breaking the silence of passengers reading or tapping away on laptops is often someone speaking on the phone.
It was on one of these days that the whole carriage was treated to a (rather loud) conversation by a young student trying to organize a tour while she was in the UK.
“Yes, I have a credit card!” she announced to the whole train, “You need the number of the front of the card?” Passengers start shuffling uncomfortably as she reels of the number in front of 100 odd people.
“Expiry date, yes, that’s 12/17.” More shuffling, plus rolling eyes and shaking heads.
“The three numbers on the back? Oh yes – 456!” Audible groans of disbelief, tutting, more shaking heads and general disapproval at her naivety.
This was just one day on the way home, but it serves to demonstrate that while many people are concerned about the potential for data breaches, some people are surprisingly cavalier about sharing their credit and debit card data with complete strangers.
We decided to find out how divided this was and ran a consumer poll. It turns out that more than a third of people had heard their friends or colleagues giving out their full credit card details, including the three-digit code, when making telephone payments within the last six months. A further 21% had been privy to this information within the last year.
“Yes,” I hear you say, “but friends and family can be trusted.” Agreed! But that cannot necessarily be said for complete strangers. And while the office was the most common place for people to overhear personal financial details (54%), it seems people are quite happy to share this information in public too. Nearly a fifth of people had heard people giving their card details out on public transport, while one in ten (9%) had overheard similar data being shared in cafes and restaurants, and 7% having heard it in the street.
Like our student friend on the train - people can forget the significance of the data they share over the telephone. In some cases, that information isn’t only being shared by the person on the other end of the phone, but with anyone who happens to be within earshot. Caution is always to be advised when it comes to handling data.
Three quarters (68%) of the consumers we polled said that they had read out their card details over the telephone within the last year without checking the security of the line with the company representative on the other end of the phone.
Surely companies need to take some responsibility for asking customers to read their details out loud in the first place? With methods now available to input card data through the telephone keypad, this student need not have been put in this risky situation. And the other passengers would not have been awkwardly exposed things they shouldn’t have heard.
So why isn’t more being done to help their customers protect their card data?
PCI DSS rules stipulate that companies should have systems in place to put the credit or debit card details of customers out of reach of contact center staff, by providing an input method that is shielded from the call center operative. Despite this, only 20% of businesses or contact centers that take payments over the phone are compliant with the regulations, putting tens of millions of customers’ personal credit or debit card details in the hands of others and creating significant risk of fraud.
As consumers, we must also take precautions to ensure that our information doesn’t fall into the wrong hands, but we also rightly expect the companies we give our personal data, to be protective with it and give us the means to communicate it securely.If you would like to chat with us about how to protect your customers from speaking card data, and secure it once you have it, contact us now. By: Nicky Hjerpe
Imagine getting a burglar alarm fitted to your home. The company does a great…
Can you remember what you were doing a decade ago? A lot can happen in 10 years.