× Globe

We notice that you’re on our UK site, the version that serves your region is the US Eckoh site.

Go to US site. Stay on UK site

Important COVID-19 update Read More


The latest thinking from Eckoh

PCI DSS - are you playing whack-a-mole and losing badly?
Tuesday, 30 July 2019

Is your contact centre protecting customer card data with expensive sticking plasters? If so, then don't be surprised if fraudsters tear through. You'll need a radical rethink to stop criminals.

Whackamole PCI DSS 900

As we saw in a recent blog, card-not-present (CNP) crime is a growing issue that's impacting contact centres.

Criminals exploit weak links. If one door locks, they'll try another. So as online and point-of-sale transactions have become more secure, criminals are now targeting the contact centre. In fact, CNP fraud is now 81% more likely than point-of-sale fraud, according to research.*

Fraudsters follow the money. So once credit card data enters the contact centre environment, the game is on. Criminal activity will most likely pop up where the system is weakest.

Fighting a losing battle
Even if you’ve achieved PCI DSS compliance on paper, your contact centre can be still at risk of a breach. That’s because some of the common methods used to achieve PCI DSS certification may be time-consuming and expensive — and yet still fail to provide security or a smooth customer experience.

Organisations often combine multiple techniques to protect card data. Let's look at two examples:

  • Pause-and-resume systems are sometimes used when customers wish to make payments over the phone. But this method can still allow your agents to see and hear card information, and isn’t always reliable. Systems can be prone to agent errors or malfunctions — which can frustrate customers.
  • Clean rooms environments rely on agents not using any pens, paper, phones or other recording devices of any kind. But even if you're able to enforce controls rigidly, transferring calls to a clean room can result in a poor customer experience.

As well as proving expensive, fiddly and far from watertight, these two methods can feel clunky to today's customers, who assume their financial information will be kept safe anyway and want an ultra-smooth experience when they pay.

Shifting callers to another channel such as a payment IVR or clean room environment can be irritating, . So it's no wonder if poor payment practices lead to lower satisfaction scores.

Changing tactics
Applying a patchwork of point solutions like these is really paddling around the edges of a problem rather than getting in deep and solving it.

Tackling CNP fraud successfully requires an holistic approach. It's about:

  • What customers say aloud
  • What agents see
  • What they hear
  • What's recorded by systems
  • What's stored on networks

Only when each risk is effectively reduced to zero can contact centres breath a sigh of relief. But the good news is that you don't need a mesh of systems to keep out the criminals. It's simpler than that.

How's it done?
Discover how to protect yourself against fraud in the contact centre by downloading your copy of Why you need to rethink your PCI DSS strategy.

Find out how to prevent card data from ever entering the contact centre environment, which means all of your contact centre can be removed from PCI DSS audit scope. Agents can’t see or hear it, but they can remain in constant contact with your customers during the transaction, providing reassurance.

The technology exists today — and you don't need to rip and replace existing systems. Many FTSE businesses in the retail, insurance, travel, leisure, and entertainment sectors have found a way to keep card data secure while delivering a great customer experience.

*Source: 2018 Identity Fraud Study, Javelin Strategy & Research

About the Author

Tony Porter

Tony Porter

Head of Global Marketing

Tony has over 30 years’ experience in sales, marketing and business development and currently leads these activities for Eckoh in both the UK and US markets and across all sectors. Tony’s role focuses on helping contact centres to improve their customer engagement, making them convenient and secure for consumers to use. He understands the challenges organisations face around PCI DSS compliance and how to make the Omnichannel contact centre experience a satisfying reality. He is a regular speaker at events on topics such as PCI DSS, GDPR, contact centre technology, IVR solutions, self-service, secure payments, marketing and business development.

Connect with us on LinkedIn

Latest Blog Items

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Find out the critical next steps to ensuring security for your remote workers involving your people, processes and technology. #contactcentres #securepayments #eckoh bit.ly/2D7QLLx
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Eckoh had an excellent performance in the year, with double digit revenue and profit growth as well as record order levels for a second year running. #contactcentres #paymentsecurity bit.ly/30NSO0U
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Find out about the 5 lessons learned from COVID-19 for contact centre resilience. bit.ly/3cPDxz3

  • icon facebook
  • icon twitter
  • icon linkedin
  • icon youtube