Posted inPCI DSS compliance
CNP crime is still predicted to rise continuously so it's important not to get complacent as there are still traps that criminals are just waiting to exploit.
Card-Not-Present (CNP) crime is set to rise to £680 million by 2021 - that’s a staggering 120%. Despite a recent report by FICO that showed a small dip in CNP fraud in 2017 for the first time in seven years this is not the time to get complacent. There are still traps that criminals are just waiting to exploit to get hold of your sensitive data that could ruin your reputation and trust.
But, let’s not get complacent. There are still traps that criminals are just waiting to exploit to get hold of your sensitive data that could ruin your reputation and trust.
The dangerous thinking is that 'fraud happens to other people ... not us'. Despite the recent dip in fraud losses, many companies are just carrying on with the same old business practices and there are still large numbers of contact centres that are not taking payments in a secure way. They risk exposing tens of millions of customers’ credit and debit card details to potential fraud or sale on the black market. Firewalls are not enough. If you’re one of these then here are out top tips for combatting fraud.
Top tips for combatting CNP fraud
1. What you say. You should stop agents having to ask customers to read out their card details. Ask the customer to use their phone keypads to enter the payment details, rather than saying them aloud. When details are read aloud they can be stored in call recordings which would then mean they come under the scope of the PCI DSS audit, adding to your responsibility for maintaining compliance.
2. What you see. Preventing card numbers from appearing on your agents' screens by masking them with placeholder data mans that any sensitive data that is in your contact centre system is meaningless to a thief. Real card data is swapped back at the time that it is sent to the Payment Service Provider and your agents simply receive confirmation that the transaction has gone through successfully.
3. What you hear. Phone keypads make audible tones (Dual Tone Multi-Frequency - DTMF tones) when pressed. These can be deciphered to give away the card numbers. But it's possible to intercept and change these keypad sounds to monotones, so there's nothing for agents to identify. Once again, any data stored in your systems is meaningless if stolen.
4. What you record. If you get steps one and three correct, then what you record will be of no value to anyone able to access your contact centre systems. All they'll hear is silence and monotones with no sensitive numbers spoken aloud or given away by DTMF tones.
5. What you store. Hackers are increasingly sophisticated, whether they deploy indiscriminate malware or targeted whaling attacks. Your best defence is to prevent any sensitive data entering your systems at all. That way, even if there is a data breach there is nothing there to steal and the hackers go empty-handed. What's more, you're free from the burden of in-depth PCI DSS auditing as your contact centre becomes out of scope.
Eckoh have long held the belief that de-scoping an entire contact centre is by far the most effective and sustainable way to achieve and maintain PCI DSS compliance – every minute of every day. No lapses in security to allow criminals in reduces the risk and the responsibility so you can focus on what your business does best.
For deeper insight into CNP crime in contact centres take a look at our eGuide PCI DSS Compliance for Card-Not-Present Payments. Or, if you’d like to talk about the solutions that can help you address this problem then get in touch.
Latest Blog Items
Tuesday, 24 March 2020 Challenge #7: Saving customers from IVR maze miseryAre customers calling your contact centre, navigating your IVR and ending up in the wrong place? If so, there's a fast way to solve the problem painlessly.
Monday, 23 March 2020 Can compliance be a catalyst for transformation?In our latest webinar, Ashley Burton, Eckoh’s Head of Product, interprets the theme of ‘time to think bigger’ from a customer perspective and asks the question ‘can compliance be a catalyst for transformation?
Wednesday, 18 March 2020 How to make remote working secureConsidering enabling your agents to work remotely? If so, you’re probably most concerned with being able to maintain PCI DSS compliance and security.