Important COVID-19 update Read More


The latest thinking from Eckoh

The Reality Gap: Five Dangerous Misconceptions of Telephone Payments
Monday, 18 July 2016

Posted in


UK consumers have little understanding of the complexities surrounding the security of their personal data. They often fall prey to myths that could put them at risk, and expose their valuable data to hackers and criminals.

Five dangerous misconceptions 900

We find that many people are concerned about keeping their data secure but aren’t always sure of the best way to do it. There are lots of common myths when it comes to dealing with contact centers, some of which are a long way from the reality.

We’ve drawn up a list of the five most common data security myths.

  1. Call recording is purely for training purposes
    This is primarily about protecting both the customer and the call agent. Call recording prevents the customer from making claims that the wrong order was taken as any discrepancies can be checked. Looking at it the other way, ‘Pause and resume’ systems can be used to manipulate the customer into giving away additional details ‘off the record’ or to allow agents to be rude to the customer without leaving any evidence.

  2. Speaking my payment details directly over the phone is the most secure method
    Many people believe that when they give details over the phone or make telephone payments it is completely secure, however both ends of the line are at risk from others listening in. Additionally, there are all sorts of situations where details are written down on Post-it Notes or scraps of paper. This is often due to ignorance rather than any sinister motivation, for example, popping off to check stock levels or to ask a question on behalf of the customer. This is particularly an issue in those organizations with multiple departments operating in silos.

  3. People who process my telephone payments are security screened
    This is just not the case. Call center workers can be some of the lowest paid workers and many temp workers are on short-term contracts. The high churn rate means that there is no point in investing huge amounts into security checks. This is not to say that breaches of this nature are common but there is definitely a misconception around this issue.

  4. The only person my details are exposed to is the contact agent
    In actual fact, it is likely that anybody in the ordering system will be able to access these details. Databases where your details are held are often accessible to a large number of people within the organization. We have found that details are stored in widely accessible areas in more than 5% of the contact centers we have dealt with. In some cases, we have even seen customer card numbers being used as order numbers – meaning a license to print labels with your card data on!

  5. When I give my personal details to a company, I am trusting only them with my security
    Most of the time, the organization you are dealing with is the one that looks after your data. You make decisions about whether to trust them based on various factors such as your own experience or their reputation. There are exceptions. Aggregator services such as hotel or travel booking sites will take payment and personal info and pass it on to third parties via batch files. This sensitive data (belonging to multiple customers all in one neat bundle) is open to attack from criminals whilst in transit. Again, with the appropriate security measures this does not have to be an issue but customers need to consider who is actually looking after their sensitive data.

If you would like to chat with us about secure payments and how to protect your customers from speaking card data, and secure it once you have it, contact us today.

About the Author

Tony Porter

Tony Porter

Head of Global Marketing Tony has over 30 years’ experience in sales, marketing and business development and currently leads these activities for Eckoh in both the US and UK markets and across all sectors. Tony’s role focuses on helping contact centers to improve their customer engagement, making them convenient and secure for consumers to use. He understands the challenges organizations face around PCI DSS compliance and how to make the Omnichannel contact center experience a satisfying reality. He is a regular speaker at events on topics such as PCI DSS, GDPR, contact center technology, IVR solutions, self-service, secure payments, marketing and business development.

Connect with us on LinkedIn

Tweets by @Eckoh

Eckoh (@Eckoh)

Eckoh (@Eckoh)

Eckoh is urging UK companies to take security seriously in their contact centres when adapting their home-working and office working routines as the lockdown is eased.… #contactcentre #remoteworking

Eckoh (@Eckoh)

RT @UKCCForum: Just 2 hours to go! Its not too late to join our FREE webinar today! Register your place now! ‘Risks and rewards of contact…
Eckoh (@Eckoh)

Eckoh (@Eckoh)

Maintaining payment security in these difficult times can be very challenging. If you're looking to enable your contact centre agents to take payments securely from home or remote locations, then CallGuard Remote is the choice for you.… #paymentsecurity