Contact center crime is on the rise — but the big scandal is the time and money being wasted on tackling it the wrong way. Put simply, organizations need a new strategy, fast.
Card-not-present (CNP) payments attract criminals. And it seems they can't get enough. In fact, CNP crime is predicted to hit $7.2 billion by 2020.*
With so many credit and debit card numbers being processed by contact centers every day, it's no wonder that criminals are finding ever more ingenious ways to get their hands on sensitive data.
Problems typically arise when:
- Individual agents hear or see customers' card details — and then misuse them
- Rogue agents access large amounts of card data and sell it on to other criminals
- Staff members share sensitive card data by mistake or fail to secure systems
- Fraudsters hack into call recordings, systems and networks
- Malicious hackers cause chaos by mounting huge breaches that include card data
Unfortunately, some of these scenarios can even happen when contact centers have already been certified as PCI DSS compliant. Managers ticked all the right boxes — but then disaster struck without warning: Security was breached and card details were stolen. After that, the company's brand took a battering, market share nose-dived, and fines were imposed by regulators.
So what's going wrong?
PCI DSS is a moving target
PCI DSS is a necessary standard for companies handling transactions — but it doesn't deliver a magical ring of invincibility. In fact, at no point can you put your feet up and relax completely if you try to manage PCI DSS compliance yourself.
This is because the security landscape for contact centers is evolving continually. Fraudsters are always 'trying doors' in smarter ways to see what'll open. And, as security auditors find new gaps and vulnerabilities, you’re forced to find new ways to comply.
This means there's no guarantee that today’s solutions will work in the future. In reality, attempting to protect your contact center against ever-sophisticated threats can feel as if you're trying to nail jelly to the wall.
If you're ultra-serious about safeguarding card data yourself, then you'll be sucked into an expensive arms race. With every regulation change, you have to constantly change processes, implement new technology, maintain those solutions and spend time training agents.
Operational costs can get out of control. It's exhausting too — you can never let down your guard — which is distracting when you've got better things to be doing.
Another mouth-watering cost can be cyber insurance, which is climbing.
To get lower premiums, you need to protect customer data to the greatest degree possible. Many solutions can leave you more exposed to increased premiums.
A 2017 Ponemon Institute survey found that 87 percent of companies view cyber liability as one of their top ten business risks. The average cost of a cyber breach was $349,000 for small companies and $5.9 million for larger organizations.
But even getting insured to the max doesn't insulate you against the public fall-out of a breach ... the PR nightmare, the angry customers, and the industry regulators.
Is there a better way?
Even if your contact center is PCI DSS compliant, you are still at serious risk of a breach. But instead of trying to stay secure by amending processes, you should change your compliance strategy to a solution that’s more reliable and less costly to maintain.
Get answers by downloading your copy of Why you need to rethink your PCI DSS strategy. This guide will help you understand some of the challenges businesses face, where you may be exposed and why you need look at PCI DSS in a different way.
Follow its advice and you'll be able to reduce your risk of fraud significantly, streamline your compliance process and save on money and stress.
* Aite Group