Cyber Security Month aims to teach 'cyber hygiene' tips to consumers— but companies need to scrub up too, because contact centers can have dark corners where fraud festers.
One of the big themes of this year's European Cyber Security Month is cyber hygiene — and how consumers can follow the kinds of daily routines, checks and behaviour that will help them to stay safe online.
The campaign offers security tips and advice to the public which ranges from using a firewall and not leaving your laptop unattended, to remembering to use a password on your phone and never opening email attachments from unknown sources.
It's simple, sensible stuff. But consumers' diligent personal care could be undermined — if the organizations they trust become breeding grounds for security problems themselves, especially around card payments.
During Cyber Security Month, Eckoh’s big question for companies is: How clean is your contact center?
To find out, here are three 'sniff tests' for organizations:
Test #1: Are you still asking customers to read out card details over the phone?
In theory, there's nothing wrong with this — but it's risky if contact center agents can hear the card numbers, see them on the screen, or be able to access them from call recordings.
Card Not Present (CNP) fraud is predicted to reach £680m in 2021. All it takes is a rogue agent copying a person's card details or doing this on a large scale and selling numbers to criminals. Alternatively, digital card records could be hacked or even shared accidentally by clumsy employees.
The average UK company uses three different solutions to handle call payments. But they're often fraught with risks and awkwardness. Pause-and-resume methods are prone to errors and feel disjointed, as agents dip in and out of conversations.
It's also a poor customer experience if calls are transferred to another department for the 'payment bit'. Rigorous agent vetting and the setting up of clean rooms, where pencils and mobile phones are banned, can help to raise security levels. But there's always the risk of a lapse and a few bad apples.
Increasingly, consumers understand the sensitivity of their data and feel uncomfortable handing it over to strangers. In fact, 68% of consumers believe that reading their card details out over the telephone is not secure. Customers need a payment system that gives them absolute reassurance.
Test #2: Can you handle every kind of payment securely?
The way consumers prefer to interact with organizations ranges from the web, phone calls and mobile apps, through to email, web chat, social media and more. In fact, some customers will flit effortlessly between these channels and expect organizations to keep up.
Increasingly, they'll also expect to pay for items via whichever channel they happen to be using at any time.
What's more, they may want to pay for items in a host of different ways. It's worth noting that over half of all online transactions will be made using alternative payment methods by 2021, according to Worldpay.
This explosion in contact channels and payment services creates enormous pressures on contact centers. When it comes to card security, the 'attack surface' within contact centers is stretched more and more.
Companies can't say 'No' to customer demands — or say 'Yes' to taking risks. They can't afford to be able to handle some payments securely but take a chance with others. Criminals will hunt out any weak links, so it's important that security is rock solid on every channel.
Test #3: Are you putting too much faith in PCI DSS compliance?
This sounds a bit like a trick question. Every company that accepts, processes, stores or transmits credit card information must achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS) which puts you on the right track for processing card payments securely and reducing card fraud.
But PCI DSS is only a standard, it's not a guarantee. Even if your contact center achieved PCI DSS compliance a few weeks ago, you can't be sure your security is watertight today. You're still at serious risk of a data breach if there's any lapse in security — an uncomfortable truth that can keep executives awake at night.
And it can happen all too easily. In fact, 90 percent of data breaches are caused by human error. What’s more, while compliance addresses some aspects of data protection it does not guarantee a secure contact center.
So what's the best way forward?
Cyber Security Month is a great way to educate consumers about staying safe. But more companies need to get serious about securing sensitive data, especially people's card details.
A security breach can have devastating consequences. Even for small companies, the average cost of a cyber breach can be £267,000, so it's no wonder that 87% of companies view cyber liability as one of their top 10 business risks.
Faced with growing threats and more data to defend, companies are increasingly looking to trusted payment partners to give them PCI DSS compliance and maintain it for them — by actually managing secure payments on their behalf.
With the right approach, contact centers can take payments over the phone, web and other channels, but sensitive card information is never heard, seen or recorded by their staff. Any sensitive data is simply passed seamlessly to their payment partner who authorizes the transaction, without card details ever entering the contact center's environment.
This is the kind of service provided by Eckoh to clients as diverse as BMW, O2, Transport for London, Parcelforce, the UK Ministry of Justice and the global travel organization Carnival. Eckoh's secure payment solution wraps neatly around contact centers — and there's no integration or changes to systems required.
- Companies can discover more about contact center security by downloading a free copy of the CNP guide from Eckoh. It profiles fraudsters' range of tactics — and the defence measures that organizations can take to stop them.
Sources:  National Audit Office 2017,  Syntec 2018,  Worldpay Global Report 2018,  Kapersky Lab 2019,  Ponemon Institute 2017.