× Globe

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site


The latest thinking from Eckoh

Combatting fraud in the contact centre – top tips
Wednesday, 29 August 2018

CNP crime is still predicted to rise continuously so it's important not to get complacent as there are still traps that criminals are just waiting to exploit.

Combatting fraud in CC monkeys 900

Card-Not-Present (CNP) crime is set to rise to £680 million by 2021[1] - that’s a staggering 120%. Despite a recent report by FICO that showed a small dip in CNP fraud in 2017 for the first time in seven years this is not the time to get complacent. There are still traps that criminals are just waiting to exploit to get hold of your sensitive data that could ruin your reputation and trust.

But, let’s not get complacent. There are still traps that criminals are just waiting to exploit to get hold of your sensitive data that could ruin your reputation and trust.

The dangerous thinking is that 'fraud happens to other people ... not us'. Despite the recent dip in fraud losses, many companies are just carrying on with the same old business practices and there are still large numbers of contact centres that are not taking payments in a secure way. They risk exposing tens of millions of customers’ credit and debit card details to potential fraud or sale on the black market. Firewalls are not enough. If you’re one of these then here are out top tips for combatting fraud.

Top tips for combatting CNP fraud

1. What you say. You should stop agents having to ask customers to read out their card details. Ask the customer to use their phone keypads to enter the payment details, rather than saying them aloud. When details are read aloud they can be stored in call recordings which would then mean they come under the scope of the PCI DSS audit, adding to your responsibility for maintaining compliance.

2. What you see. Preventing card numbers from appearing on your agents' screens by masking them with placeholder data mans that any sensitive data that is in your contact centre system is meaningless to a thief. Real card data is swapped back at the time that it is sent to the Payment Service Provider and your agents simply receive confirmation that the transaction has gone through successfully.

3. What you hear. Phone keypads make audible tones (Dual Tone Multi-Frequency - DTMF tones) when pressed. These can be deciphered to give away the card numbers. But it's possible to intercept and change these keypad sounds to monotones, so there's nothing for agents to identify. Once again, any data stored in your systems is meaningless if stolen.

4. What you record. If you get steps one and three correct, then what you record will be of no value to anyone able to access your contact centre systems. All they'll hear is silence and monotones with no sensitive numbers spoken aloud or given away by DTMF tones.

5. What you store. Hackers are increasingly sophisticated, whether they deploy indiscriminate malware or targeted whaling attacks. Your best defence is to prevent any sensitive data entering your systems at all. That way, even if there is a data breach there is nothing there to steal and the hackers go empty-handed. What's more, you're free from the burden of in-depth PCI DSS auditing as your contact centre becomes out of scope.

Eckoh have long held the belief that de-scoping an entire contact centre is by far the most effective and sustainable way to achieve and maintain PCI DSS compliance – every minute of every day. No lapses in security to allow criminals in reduces the risk and the responsibility so you can focus on what your business does best.

For deeper insight into CNP crime in contact centres take a look at our eGuide PCI DSS Compliance for Card-Not-Present Payments. Or, if you’d like to talk about the solutions that can help you address this problem then get in touch.


[1] FinancialFraudAction.com

About the Author

Tony Porter

Tony Porter

Head of Global Marketing

Tony has over 30 years’ experience in sales, marketing and business development and currently leads these activities for Eckoh in both the UK and US markets and across all sectors. Tony’s role focuses on helping contact centres to improve their customer engagement, making them convenient and secure for consumers to use. He understands the challenges organisations face around PCI DSS compliance and how to make the Omnichannel contact centre experience a satisfying reality. He is a regular speaker at events on topics such as PCI DSS, GDPR, contact centre technology, IVR solutions, self-service, secure payments, marketing and business development.

Connect with us on LinkedIn

Latest Blog Items

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Home-working agents can still take secure payments. Eckoh is providing free consultative advice that can help you get up and running fast. We’re ready to help so get in touch. #heretohelp #contactcentre #remoteworking #PCIDSS eckoh.com/homeworking-so…
Eckoh (@Eckoh)

Eckoh (@Eckoh)

For free advice and guidance on how to maintain secure payment controls and PCI DSS compliance for remote/homeworking agents, contact us now. #contactcentre #remoteworking #homeworking #PCIDSS eckoh.com/homeworking-so…

Eckoh (@Eckoh)

Our latest webinar, by Ashley Burton, Eckoh’s Head of Product, interprets the theme of ‘time to think bigger’ from a customer perspective and asks the question ‘can compliance be a catalyst for transformation? Book your Webinar slot today! bit.ly/2wdUBj3

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube