×

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site

Blog

The latest thinking from Eckoh

Contact centre safe from fraud? Think again
Thursday, 11 July 2019

Contact centre crime is on the rise — but the big scandal is the time and money being wasted on tackling it the wrong way. Put simply, organisations need a new strategy, fast.

CC safe think again 900

With so many credit and debit card numbers being processed by contact centres every day, it's no wonder that criminals are finding ever more ingenious ways to get their hands on sensitive data.

Problems typically arise when:

  • Individual agents hear or see customers' card details — and then misuse them
  • Rogue agents access large amounts of card data and sell it on to other criminals
  • Staff members share sensitive card data by mistake or fail to secure systems
  • Fraudsters hack into call recordings, systems and networks
  • Malicious hackers cause chaos by mounting huge breaches that include card data

Unfortunately, some of these scenarios can even happen when contact centres have already been certified as PCI DSS compliant. Managers ticked all the right boxes — but then disaster struck without warning: Security was breached and card details were stolen. After that, the company's brand took a battering, market share nose-dived, and fines were imposed by regulators.

So what's going wrong?

PCI DSS is a moving target

PCI DSS is a necessary standard for companies handling transactions — but it doesn't deliver a magical ring of invincibility. In fact, at no point can you put your feet up and relax completely if you try to manage PCI DSS compliance yourself.

This is because the security landscape for contact centres is evolving continually. Fraudsters are always 'trying doors' in smarter ways to see what'll open. And, as security auditors find new gaps and vulnerabilities, you’re forced to find new ways to comply.

This means there's no guarantee that today’s solutions will work in the future. In reality, attempting to protect your contact centre against ever-sophisticated threats can feel as if you're trying to nail jelly to the wall.

Spiralling costs

If you're ultra-serious about safeguarding card data yourself, then you'll be sucked into an expensive arms race. With every regulation change, you have to constantly change processes, implement new technology, maintain those solutions and spend time training agents.

Operational costs can get out of control. It's exhausting too — you can never let down your guard — which is distracting when you've got better things to be doing.

Another mouth-watering cost can be cyber insurance, which is climbing.

To get lower premiums, you need to protect customer data to the greatest degree possible. Many solutions can leave you more exposed to increased premiums.

A 2017 Ponemon Institute survey found that 87 percent of companies view cyber liability as one of their top ten business risks. The average cost of a cyber breach was £267,000 for small companies and £4.59 million for larger organisations.

But even getting insured to the max doesn't insulate you against the public fall-out of a breach ... the PR nightmare, the angry customers, and the industry regulators.

Is there a better way?

Even if your contact centre is PCI DSS compliant, you are still at serious risk of a breach. But instead of trying to stay secure by amending processes, you should change your compliance strategy to a solution that’s more reliable and less costly to maintain.

Get answers by downloading your copy of  Why you need to rethink your PCI DSS strategy. This guide will help you understand some of the challenges businesses face, where you may be exposed and why you need look at PCI DSS in a different way.

Follow its advice and you'll be able to reduce your risk of fraud significantly, streamline your compliance process and save on money and stress.

 

* Source: 'How to stay safe whilst online shopping' - National Audit Office/ Daily Mirror

About the Author

Tony Porter

Tony Porter

Head of Global Marketing

Tony has over 30 years’ experience in sales, marketing and business development and currently leads these activities for Eckoh in both the UK and US markets and across all sectors. Tony’s role focuses on helping contact centres to improve their customer engagement, making them convenient and secure for consumers to use. He understands the challenges organisations face around PCI DSS compliance and how to make the Omnichannel contact centre experience a satisfying reality. He is a regular speaker at events on topics such as PCI DSS, GDPR, contact centre technology, IVR solutions, self-service, secure payments, marketing and business development.

Connect with us on LinkedIn

Latest Blog Items

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Are you finding it difficult to find continued vendor support for your legacy #Aspect® systems? Eckoh is here to help and can save you 30-40% in support costs: bit.ly/2YqhzMp #contactcentre
Eckoh (@Eckoh)

Eckoh (@Eckoh)

With Eckoh's Experience Portal you can access all the engagement channels and payment solutions you need to truly transform customer engagement, protect customer data and achieve PCI DSS compliance: bit.ly/2JcdlSq #pcidsscompliance #contactcentre
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Call recording is increasingly required by many organisations to comply with regulations, for training purposes or for legal reasons. Eckoh’s solution offers a simple, PCI DSS compliant solution for #callrecording in #contactcentres. Find out more: bit.ly/2x9r7zE

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube