Is your contact center protecting customer card data with expensive Band Aids? If so, then don't be surprised if fraudsters tear through. You'll need a radical rethink to stop criminals.
As we saw in a recent blog, card-not-present (CNP) crime is a growing issue that's impacting contact centers.
Criminals exploit weak links. If one door locks, they'll try another. So as online and point-of-sale transactions have become more secure, criminals are now targeting the contact center. In fact, CNP fraud is now 81% more likely than point-of-sale fraud, according to research.*
Fraudsters follow the money. So once credit card data enters the contact center environment, the game is on. Criminal activity will most likely pop up where the system is weakest.
Fighting a losing battle Even if you’ve achieved PCI DSS compliance on paper, your contact center can be still at risk of a breach. That’s because some of the common methods used to achieve PCI DSS certification may be time-consuming and expensive — and yet still fail to provide security or a smooth customer experience.
Organizations often combine multiple techniques to protect card data. Let's look at two examples:
Pause-and-resume systems are sometimes used when customers wish to make payments over the phone. But this method can still allow your agents to see and hear card information, and isn’t always reliable. Systems can be prone to agent errors or malfunctions — which can frustrate customers.
Clean rooms environments rely on agents not using any pens, paper, phones or other recording devices of any kind. But even if you're able to enforce controls rigidly, transferring calls to a clean room can result in a poor customer experience.
As well as proving expensive, fiddly and far from watertight, these two methods can feel clunky to today's customers, who assume their financial information will be kept safe anyway and want an ultra-smooth experience when they pay.
Shifting callers to another channel such as a payment IVR or clean room environment can be irritating, .so it's no wonder if poor payment practices lead to lower satisfaction scores.
Changing tactics Applying a patchwork of point solutions like these is really paddling around the edges of a problem rather than getting in deep and solving it.
Tackling CNP fraud successfully requires an holistic approach. It's about:
What customers say aloud
What agents see
What they hear
What's recorded by systems
What's stored on networks
Only when each risk is effectively reduced to zero can contact centers breathe a sigh of relief. But the good news is that you don't need a mesh of systems to keep out the criminals. It's simpler than that.
Find out how to prevent card data from ever entering the contact center environment, which means all of your contact center can be removed from PCI DSS audit scope. Agents can’t see or hear it, but they can remain in constant contact with your customers during the transaction, providing reassurance.
The technology exists today — and you don't need to rip and replace existing systems. Many FTSE businesses in the retail, insurance, travel, leisure, and entertainment sectors have found a way to keep card data secure while delivering a great customer experience.
Head of Global Marketing Tony has over 30 years’ experience in sales, marketing and business development and currently leads these activities for Eckoh in both the US and UK markets and across all sectors. Tony’s role focuses on helping contact centers to improve their customer engagement, making them convenient and secure for consumers to use. He understands the challenges organizations face around PCI DSS compliance and how to make the Omnichannel contact center experience a satisfying reality. He is a regular speaker at events on topics such as PCI DSS, GDPR, contact center technology, IVR solutions, self-service, secure payments, marketing and business development.