Contact centre crime is on the rise — but the big scandal is the time and money being wasted on tackling it the wrong way. Put simply, organisations need a new strategy, fast.
With so many credit and debit card numbers being processed by contact centres every day, it's no wonder that criminals are finding ever more ingenious ways to get their hands on sensitive data.
Problems typically arise when:
- Individual agents hear or see customers' card details — and then misuse them
- Rogue agents access large amounts of card data and sell it on to other criminals
- Staff members share sensitive card data by mistake or fail to secure systems
- Fraudsters hack into call recordings, systems and networks
- Malicious hackers cause chaos by mounting huge breaches that include card data
Unfortunately, some of these scenarios can even happen when contact centres have already been certified as PCI DSS compliant. Managers ticked all the right boxes — but then disaster struck without warning: Security was breached and card details were stolen. After that, the company's brand took a battering, market share nose-dived, and fines were imposed by regulators.
So what's going wrong?
PCI DSS is a moving target
PCI DSS is a necessary standard for companies handling transactions — but it doesn't deliver a magical ring of invincibility. In fact, at no point can you put your feet up and relax completely if you try to manage PCI DSS compliance yourself.
This is because the security landscape for contact centres is evolving continually. Fraudsters are always 'trying doors' in smarter ways to see what'll open. And, as security auditors find new gaps and vulnerabilities, you’re forced to find new ways to comply.
This means there's no guarantee that today’s solutions will work in the future. In reality, attempting to protect your contact centre against ever-sophisticated threats can feel as if you're trying to nail jelly to the wall.
If you're ultra-serious about safeguarding card data yourself, then you'll be sucked into an expensive arms race. With every regulation change, you have to constantly change processes, implement new technology, maintain those solutions and spend time training agents.
Operational costs can get out of control. It's exhausting too — you can never let down your guard — which is distracting when you've got better things to be doing.
Another mouth-watering cost can be cyber insurance, which is climbing.
To get lower premiums, you need to protect customer data to the greatest degree possible. Many solutions can leave you more exposed to increased premiums.
A 2017 Ponemon Institute survey found that 87 percent of companies view cyber liability as one of their top ten business risks. The average cost of a cyber breach was £267,000 for small companies and £4.59 million for larger organisations.
But even getting insured to the max doesn't insulate you against the public fall-out of a breach ... the PR nightmare, the angry customers, and the industry regulators.
Is there a better way?
Even if your contact centre is PCI DSS compliant, you are still at serious risk of a breach. But instead of trying to stay secure by amending processes, you should change your compliance strategy to a solution that’s more reliable and less costly to maintain.
Get answers by downloading your copy of Why you need to rethink your PCI DSS strategy. This guide will help you understand some of the challenges businesses face, where you may be exposed and why you need look at PCI DSS in a different way.
Follow its advice and you'll be able to reduce your risk of fraud significantly, streamline your compliance process and save on money and stress.
* Source: 'How to stay safe whilst online shopping' - National Audit Office/ Daily Mirror
Latest Blog Items
Wednesday, 01 July 2020 Remote working for contact centres: Critical next steps, beyond the crisisRemote working — is here to stay. How to make sure security is not compromised
Friday, 19 June 2020 Nine things that bug you about PCI DSS complianceCompliance with the Payment Card Industry Data Security Standard (PCI DSS) helps companies to demonstrate they can process card payments securely and reduce card fraud.
Wednesday, 10 June 2020 Contact centre resilience – 5 lessons learned from COVID-19In the words of Elvis, we’re ‘all shook up’. Not surprising after the initial reaction to the global pandemic that is COVID-19. It’s changed how we think, live and work and why it’s important to build resiliency into contact centre operations.