The latest thinking from Eckoh

Contact center safe from fraud? Think again
Thursday, 11 July 2019

Contact center crime is on the rise — but the big scandal is the time and money being wasted on tackling it the wrong way. Put simply, organizations need a new strategy, fast.

CC safe think again 900

Card-not-present (CNP) payments attract criminals. And it seems they can't get enough. In fact, CNP crime is predicted to hit $7.2 billion by 2020.*

With so many credit and debit card numbers being processed by contact centers every day, it's no wonder that criminals are finding ever more ingenious ways to get their hands on sensitive data.

Problems typically arise when:

  • Individual agents hear or see customers' card details — and then misuse them
  • Rogue agents access large amounts of card data and sell it on to other criminals
  • Staff members share sensitive card data by mistake or fail to secure systems
  • Fraudsters hack into call recordings, systems and networks
  • Malicious hackers cause chaos by mounting huge breaches that include card data

Unfortunately, some of these scenarios can even happen when contact centers have already been certified as PCI DSS compliant. Managers ticked all the right boxes — but then disaster struck without warning: Security was breached and card details were stolen. After that, the company's brand took a battering, market share nose-dived, and fines were imposed by regulators.

So what's going wrong?

PCI DSS is a moving target

PCI DSS is a necessary standard for companies handling transactions — but it doesn't deliver a magical ring of invincibility. In fact, at no point can you put your feet up and relax completely if you try to manage PCI DSS compliance yourself.

This is because the security landscape for contact centers is evolving continually. Fraudsters are always 'trying doors' in smarter ways to see what'll open. And, as security auditors find new gaps and vulnerabilities, you’re forced to find new ways to comply.

This means there's no guarantee that today’s solutions will work in the future. In reality, attempting to protect your contact center against ever-sophisticated threats can feel as if you're trying to nail jelly to the wall.

Spiralling costs

If you're ultra-serious about safeguarding card data yourself, then you'll be sucked into an expensive arms race. With every regulation change, you have to constantly change processes, implement new technology, maintain those solutions and spend time training agents.

Operational costs can get out of control. It's exhausting too — you can never let down your guard — which is distracting when you've got better things to be doing.

Another mouth-watering cost can be cyber insurance, which is climbing.

To get lower premiums, you need to protect customer data to the greatest degree possible. Many solutions can leave you more exposed to increased premiums.

A 2017 Ponemon Institute survey found that 87 percent of companies view cyber liability as one of their top ten business risks. The average cost of a cyber breach was $349,000 for small companies and $5.9 million for larger organizations.

But even getting insured to the max doesn't insulate you against the public fall-out of a breach ... the PR nightmare, the angry customers, and the industry regulators.

Is there a better way?

Even if your contact center is PCI DSS compliant, you are still at serious risk of a breach. But instead of trying to stay secure by amending processes, you should change your compliance strategy to a solution that’s more reliable and less costly to maintain.

Get answers by downloading your copy of  Why you need to rethink your PCI DSS strategy. This guide will help you understand some of the challenges businesses face, where you may be exposed and why you need look at PCI DSS in a different way.

Follow its advice and you'll be able to reduce your risk of fraud significantly, streamline your compliance process and save on money and stress.

* Aite Group

About the Author

Tony Porter

Tony Porter

Head of Global Marketing Tony has over 30 years’ experience in sales, marketing and business development and currently leads these activities for Eckoh in both the US and UK markets and across all sectors. Tony’s role focuses on helping contact centers to improve their customer engagement, making them convenient and secure for consumers to use. He understands the challenges organizations face around PCI DSS compliance and how to make the Omnichannel contact center experience a satisfying reality. He is a regular speaker at events on topics such as PCI DSS, GDPR, contact center technology, IVR solutions, self-service, secure payments, marketing and business development.

Connect with us on LinkedIn

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Ineffective solutions could be wasting your time and money. What are these ineffective solutions and what can you do to fully de-scope your contact centre. Read the latest blog and find out how to prevent the risk of fraud and the impact of data breaches.…
Eckoh (@Eckoh)

Eckoh (@Eckoh)

In the fourth part of our 'Contact centre of the future' series, Ashley Burton, Head of Product at Eckoh, reveals how customers will make purchases via the Contact Centre in our latest blog. Click the link and find out more..… #payments
Eckoh (@Eckoh)

Eckoh (@Eckoh)

In the third part of our 'Contact centre of the future' series, Ashley Burton, Head of Product at Eckoh, reveals what you need to know about the Contact Centre Managers of the future in our latest blog. Click the link and find out more..… #contactcentre