Cybersecurity Month: How secure is your contact center?


15 Sep 2022

Cybersecurity Month 2022 aims to help consumers develop a basic understanding of how to stay secure online — but companies also need to secure their customers' data, because contact centers can have dark corners where fraud festers.

One of the big themes of this year's European Cybersecurity Month is 'Think Before U Click' - and how consumers can follow the kinds of daily routines, checks and behavior that will help them to stay safe online.

This year's campaign offers security tips and advice to the public around phishing and ransomware which ranges from making sure the operating systems on your devices are up-to-date and have antivirus protection installed, to being careful before opening unexpected emails and being vigilant when it comes to accessing suspicious links and attachments.

It's simple, sensible stuff. But consumers' diligent personal care could be undermined if the organizations they trust become breeding grounds for security problems themselves, especially around card payments.

During Cybersecurity Month, Eckoh's big question for companies is: How secure is your contact center?

To find out, here are three tests for organizations:

Test #1: Are you still asking customers to read out card details over the phone?
In theory, there's nothing wrong with this - but it's risky if contact center agents can hear the card numbers, see them on the screen, or be able to access them from call recordings.

IBM's latest 'Cost of a Data Breach' report states that the average cost of a data breach is over $4.4 million[1]. All it takes is a rogue agent copying a person's card details or doing this on a large scale and selling numbers to criminals. Alternatively, digital card records could be hacked or even shared accidentally by clumsy employees.

The average company uses three different solutions to handle payments in the voice channel — but they're often fraught with risks and awkwardness. Pause-and-resume methods are prone to errors and feel disjointed, as agents dip in and out of conversations.

It's also a poor customer experience if calls are transferred to another department to complete the payment. Rigorous agent vetting and the setting up of clean rooms, where pencils and mobile phones are banned, can help to raise security levels, but there's always the risk of a lapse and a few bad apples.

Increasingly, consumers understand the sensitivity of their data and feel uncomfortable handing it over to strangers. In fact, 59% of consumers believe that reading their card details out over the telephone is not secure[2]. Customers need a secure payment system that gives them absolute reassurance.

Test #2: Can you handle every kind of payment securely?
The way consumers prefer to interact with organizations ranges from the web, phone calls and mobile apps, to email, web chat, social media and more. In fact, some customers will flit effortlessly between these channels and expect organizations to keep up.

Increasingly, they'll also expect to pay for items via whichever channel they happen to be using at any time.

What's more, they may want to pay for items in a host of different ways. It's worth noting that over half of all online transactions will be made using alternative payment methods by 2025, according to Worldpay[3].

This explosion in contact channels and payment services creates enormous pressure on contact centers. When it comes to payment card security, the 'attack surface' within contact centers is stretched wider and wider.

Companies can't say 'No' to customer demands - or say 'Yes' to taking risks. They can't afford to be able to handle some payments securely but take a chance with others. Criminals will hunt out any weak links, so it's important that security is rock solid on every channel.

Test #3: Are you putting too much faith in PCI DSS compliance?

This sounds a bit like a trick question. Every company that accepts, processes, stores or transmits credit card information must achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS) which puts you on the right track for processing card payments securely and reducing card fraud.

But PCI DSS is only a standard, it's not a guarantee. Even if your contact center achieved PCI DSS compliance a few weeks ago, you can't be sure your security is watertight today. You're still at serious risk of a data breach if there's any lapse in security‚ an uncomfortable truth that can keep executives awake at night.

And it can happen all too easily. In fact, 90% of data breaches are caused by human error[4]. What's more, while compliance addresses some aspects of data protection it does not guarantee a secure contact center.

So what's the best way forward?
Cybersecurity Month is a great way to educate consumers about staying safe. But more companies need to get serious about securing sensitive data, especially people's card details.

A security breach can have devastating consequences so it's no wonder that 87% of companies view cyber liability as one of their top 10 business risks[5].

Faced with growing threats and more data to defend, companies are increasingly looking to trusted payment partners to give them PCI DSS compliance and maintain it for them - by actually managing secure payments on their behalf.

With the right approach, contact centers can take payments over the phone, web and other channels, but sensitive card information is never heard, seen or recorded by their staff. Any sensitive data is simply passed seamlessly to their payment partner who authorizes the transaction, without card details ever entering the contact center's environment.

This is the kind of service provided by Eckoh to clients as diverse as BMW, Transport for London, the Ministry of Justice and Premier Inn. Eckoh's secure payment solution wraps neatly around contact centers, and there's no integration or changes to systems required.

You call also follow us on Twitter and LinkedIn where we'll be sharing cybersecurity risks on a regular basis during October.

If you'd like to talk to us about how our solutions can help address cybersecurity challenges then get in touch.

Sources: [1] IBM 2022, [2] Syntec 2021, [3] Worldpay Global Report 2022, [4] Kapersky Lab 2019, [5] Ponemon Institute 2017.