Posted inPCI DSS compliance
CNP crime is still predicted to rise continuously so it's important not to get complacent as there are still traps that criminals are just waiting to exploit.
Card-Not-Present (CNP) crime is set to rise to £680 million by 2021 - that’s a staggering 120%. Despite a recent report by FICO that showed a small dip in CNP fraud in 2017 for the first time in seven years this is not the time to get complacent. There are still traps that criminals are just waiting to exploit to get hold of your sensitive data that could ruin your reputation and trust.
But, let’s not get complacent. There are still traps that criminals are just waiting to exploit to get hold of your sensitive data that could ruin your reputation and trust.
The dangerous thinking is that 'fraud happens to other people ... not us'. Despite the recent dip in fraud losses, many companies are just carrying on with the same old business practices and there are still large numbers of contact centres that are not taking payments in a secure way. They risk exposing tens of millions of customers’ credit and debit card details to potential fraud or sale on the black market. Firewalls are not enough. If you’re one of these then here are out top tips for combatting fraud.
Top tips for combatting CNP fraud
1. What you say. You should stop agents having to ask customers to read out their card details. Ask the customer to use their phone keypads to enter the payment details, rather than saying them aloud. When details are read aloud they can be stored in call recordings which would then mean they come under the scope of the PCI DSS audit, adding to your responsibility for maintaining compliance.
2. What you see. Preventing card numbers from appearing on your agents' screens by masking them with placeholder data mans that any sensitive data that is in your contact centre system is meaningless to a thief. Real card data is swapped back at the time that it is sent to the Payment Service Provider and your agents simply receive confirmation that the transaction has gone through successfully.
3. What you hear. Phone keypads make audible tones (Dual Tone Multi-Frequency - DTMF tones) when pressed. These can be deciphered to give away the card numbers. But it's possible to intercept and change these keypad sounds to monotones, so there's nothing for agents to identify. Once again, any data stored in your systems is meaningless if stolen.
4. What you record. If you get steps one and three correct, then what you record will be of no value to anyone able to access your contact centre systems. All they'll hear is silence and monotones with no sensitive numbers spoken aloud or given away by DTMF tones.
5. What you store. Hackers are increasingly sophisticated, whether they deploy indiscriminate malware or targeted whaling attacks. Your best defence is to prevent any sensitive data entering your systems at all. That way, even if there is a data breach there is nothing there to steal and the hackers go empty-handed. What's more, you're free from the burden of in-depth PCI DSS auditing as your contact centre becomes out of scope.
Eckoh have long held the belief that de-scoping an entire contact centre is by far the most effective and sustainable way to achieve and maintain PCI DSS compliance – every minute of every day. No lapses in security to allow criminals in reduces the risk and the responsibility so you can focus on what your business does best.
Latest Blog Items
Tuesday, 11 June 2019 PSD2 & SCA: What do we need to know, right now?New EU regulations affecting electronic payments are about to impact UK consumers. But what will PSD2 and SCA mean for merchants — and what do they need to know?
Tuesday, 16 April 2019 Nine things that bug you about PCI DSS complianceCompliance with the Payment Card Industry Data Security Standard (PCI DSS) helps companies to demonstrate they can process card payments securely and reduce card fraud.
Monday, 18 March 2019 Are contact centre agents the only way to delivery customer service?Everything’s on the up - call volumes, cost of call handling, maintaining, managing and training people, as well as customer expectations.