Important COVID-19 update Read More


The latest thinking from Eckoh

PCI DSS - are you playing whack-a-mole and losing badly?
Tuesday, 30 July 2019

Is your contact center protecting customer card data with expensive Band Aids? If so, then don't be surprised if fraudsters tear through. You'll need a radical rethink to stop criminals.

Whackamole PCI DSS 900

As we saw in a recent blog, card-not-present (CNP) crime is a growing issue that's impacting contact centers.

Criminals exploit weak links. If one door locks, they'll try another. So as online and point-of-sale transactions have become more secure, criminals are now targeting the contact center. In fact, CNP fraud is now 81% more likely than point-of-sale fraud, according to research.*

Fraudsters follow the money. So once credit card data enters the contact center environment, the game is on. Criminal activity will most likely pop up where the system is weakest.

Fighting a losing battle
Even if you’ve achieved PCI DSS compliance on paper, your contact center can be still at risk of a breach. That’s because some of the common methods used to achieve PCI DSS certification may be time-consuming and expensive — and yet still fail to provide security or a smooth customer experience.

Organizations often combine multiple techniques to protect card data. Let's look at two examples:

  • Pause-and-resume systems are sometimes used when customers wish to make payments over the phone. But this method can still allow your agents to see and hear card information, and isn’t always reliable. Systems can be prone to agent errors or malfunctions — which can frustrate customers.
  • Clean rooms environments rely on agents not using any pens, paper, phones or other recording devices of any kind. But even if you're able to enforce controls rigidly, transferring calls to a clean room can result in a poor customer experience.

As well as proving expensive, fiddly and far from watertight, these two methods can feel clunky to today's customers, who assume their financial information will be kept safe anyway and want an ultra-smooth experience when they pay.

Shifting callers to another channel such as a payment IVR or clean room environment can be irritating, .so it's no wonder if poor payment practices lead to lower satisfaction scores.

Changing tactics
Applying a patchwork of point solutions like these is really paddling around the edges of a problem rather than getting in deep and solving it.

Tackling CNP fraud successfully requires an holistic approach. It's about:

  • What customers say aloud
  • What agents see
  • What they hear
  • What's recorded by systems
  • What's stored on networks

Only when each risk is effectively reduced to zero can contact centers breathe a sigh of relief. But the good news is that you don't need a mesh of systems to keep out the criminals. It's simpler than that.

How's it done?
Discover how to protect yourself against fraud in the contact center by downloading your copy of Why you need to rethink your PCI DSS strategy.

Find out how to prevent card data from ever entering the contact center environment, which means all of your contact center can be removed from PCI DSS audit scope. Agents can’t see or hear it, but they can remain in constant contact with your customers during the transaction, providing reassurance.

The technology exists today — and you don't need to rip and replace existing systems. Many FTSE businesses in the retail, insurance, travel, leisure, and entertainment sectors have found a way to keep card data secure while delivering a great customer experience.

*Source: 2018 Identity Fraud Study, Javelin Strategy & Research

About the Author

Tony Porter

Tony Porter

Head of Global Marketing Tony has over 30 years’ experience in sales, marketing and business development and currently leads these activities for Eckoh in both the US and UK markets and across all sectors. Tony’s role focuses on helping contact centers to improve their customer engagement, making them convenient and secure for consumers to use. He understands the challenges organizations face around PCI DSS compliance and how to make the Omnichannel contact center experience a satisfying reality. He is a regular speaker at events on topics such as PCI DSS, GDPR, contact center technology, IVR solutions, self-service, secure payments, marketing and business development.

Connect with us on LinkedIn

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Interactive quiz: Is your CX a winner or loser in the COVID-19 era? Four simple questions will help you find out, and show you what to do next. #contactcentre #CX #customerexperience #resiliency
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Eckoh wins a six-year Capita and TfL contract renewal worth £4m to provide services to the Congestion Charge as well as the new Ultra and Low Emissions Zone project. #securepayments #contactcentres
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Planning to retain some of your home working agents when your contact centre moves back to the office? #securepayments #ContactCenter