× Globe

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site


The latest thinking from Eckoh

Combatting fraud in the contact centre – top tips
Wednesday, 29 August 2018

CNP crime is still predicted to rise continuously so it's important not to get complacent as there are still traps that criminals are just waiting to exploit.

Combatting fraud in CC monkeys 900

Card-Not-Present (CNP) crime is set to rise to £680 million by 2021[1] - that’s a staggering 120%. Despite a recent report by FICO that showed a small dip in CNP fraud in 2017 for the first time in seven years this is not the time to get complacent. There are still traps that criminals are just waiting to exploit to get hold of your sensitive data that could ruin your reputation and trust.

But, let’s not get complacent. There are still traps that criminals are just waiting to exploit to get hold of your sensitive data that could ruin your reputation and trust.

The dangerous thinking is that 'fraud happens to other people ... not us'. Despite the recent dip in fraud losses, many companies are just carrying on with the same old business practices and there are still large numbers of contact centres that are not taking payments in a secure way. They risk exposing tens of millions of customers’ credit and debit card details to potential fraud or sale on the black market. Firewalls are not enough. If you’re one of these then here are out top tips for combatting fraud.

Top tips for combatting CNP fraud

1. What you say. You should stop agents having to ask customers to read out their card details. Ask the customer to use their phone keypads to enter the payment details, rather than saying them aloud. When details are read aloud they can be stored in call recordings which would then mean they come under the scope of the PCI DSS audit, adding to your responsibility for maintaining compliance.

2. What you see. Preventing card numbers from appearing on your agents' screens by masking them with placeholder data mans that any sensitive data that is in your contact centre system is meaningless to a thief. Real card data is swapped back at the time that it is sent to the Payment Service Provider and your agents simply receive confirmation that the transaction has gone through successfully.

3. What you hear. Phone keypads make audible tones (Dual Tone Multi-Frequency - DTMF tones) when pressed. These can be deciphered to give away the card numbers. But it's possible to intercept and change these keypad sounds to monotones, so there's nothing for agents to identify. Once again, any data stored in your systems is meaningless if stolen.

4. What you record. If you get steps one and three correct, then what you record will be of no value to anyone able to access your contact centre systems. All they'll hear is silence and monotones with no sensitive numbers spoken aloud or given away by DTMF tones.

5. What you store. Hackers are increasingly sophisticated, whether they deploy indiscriminate malware or targeted whaling attacks. Your best defence is to prevent any sensitive data entering your systems at all. That way, even if there is a data breach there is nothing there to steal and the hackers go empty-handed. What's more, you're free from the burden of in-depth PCI DSS auditing as your contact centre becomes out of scope.

Eckoh have long held the belief that de-scoping an entire contact centre is by far the most effective and sustainable way to achieve and maintain PCI DSS compliance – every minute of every day. No lapses in security to allow criminals in reduces the risk and the responsibility so you can focus on what your business does best.

For deeper insight into CNP crime in contact centres take a look at our eGuide PCI DSS Compliance for Card-Not-Present Payments. Or, if you’d like to talk about the solutions that can help you address this problem then give us a call on 08000 630 730 or drop us an email at This email address is being protected from spambots. You need JavaScript enabled to view it.,


[1] FinancialFraudAction.com

About the Author

Tony Porter

Tony Porter

Head of Global Marketing

Tony has over 30 years’ experience in sales, marketing and business development and currently leads these activities for Eckoh in both the UK and US markets and across all sectors. Tony’s role focuses on helping contact centres to improve their customer engagement, making them convenient and secure for consumers to use. He understands the challenges organisations face around PCI DSS compliance and how to make the Omnichannel contact centre experience a satisfying reality. He is a regular speaker at events on topics such as PCI DSS, GDPR, contact centre technology, IVR solutions, self-service, secure payments, marketing and business development.

Connect with us on LinkedIn

Latest Blog Items

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Extend the life of your trusty legacy #Aspect® systems with expert third-party support from Eckoh. bit.ly/2YqhzMp
Eckoh (@Eckoh)

Eckoh (@Eckoh)

The Eckoh team are set-up and ready to meet you at the PCI North America Community Meeting. Come and say hello to the team at Booth #6. We would love to share insights and knowledge with you around secure payment solutions for your contact center. #PCISSC
Eckoh (@Eckoh)

Eckoh (@Eckoh)

We are looking for a qualified Senior Software Engineer to lead a team of developers in Hemel Hempstead. You need to have expert knowledge of Linux server systems, web development, and famiarity with HTML, PHP, JavaScript, jQuery and more. Apply: bit.ly/2YOFq89 #careers

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube