The Reality Gap: Five Dangerous Misconceptions of Telephone Payments

UK consumers have little understanding of the complexities surrounding the security of their personal data. They often fall prey to myths that could put them at risk, and expose their valuable data to hackers and criminals.

We find that many people are concerned about keeping their data secure but aren’t always sure of the best way to do it. There are lots of common myths when it comes to dealing with contact centers, some of which are a long way from the reality.

We’ve drawn up a list of the five most common data security myths.

  1. Call recording is purely for training purposes
    This is primarily about protecting both the customer and the call agent. Call recording prevents the customer from making claims that the wrong order was taken as any discrepancies can be checked. Looking at it the other way, ‘Pause and resume’ systems can be used to manipulate the customer into giving away additional details ‘off the record’ or to allow agents to be rude to the customer without leaving any evidence.
  2. Speaking my payment details directly over the phone is the most secure method
    Many people believe that when they give details over the phone or make telephone payments it is completely secure, however both ends of the line are at risk from others listening in. Additionally, there are all sorts of situations where details are written down on Post-it Notes or scraps of paper. This is often due to ignorance rather than any sinister motivation, for example, popping off to check stock levels or to ask a question on behalf of the customer. This is particularly an issue in those organizations with multiple departments operating in silos.
  3. People who process my telephone payments are security screened
    This is just not the case. Call center workers can be some of the lowest paid workers and many temp workers are on short-term contracts. The high churn rate means that there is no point in investing huge amounts into security checks. This is not to say that breaches of this nature are common but there is definitely a misconception around this issue.
  4. The only person my details are exposed to is the contact agent
    In actual fact, it is likely that anybody in the ordering system will be able to access these details. Databases where your details are held are often accessible to a large number of people within the organization. We have found that details are stored in widely accessible areas in more than 5% of the contact centers we have dealt with. In some cases, we have even seen customer card numbers being used as order numbers – meaning a license to print labels with your card data on!
  5. When I give my personal details to a company, I am trusting only them with my security
    Most of the time, the organization you are dealing with is the one that looks after your data. You make decisions about whether to trust them based on various factors such as your own experience or their reputation. There are exceptions. Aggregator services such as hotel or travel booking sites will take payment and personal info and pass it on to third parties via batch files. This sensitive data (belonging to multiple customers all in one neat bundle) is open to attack from criminals whilst in transit. Again, with the appropriate security measures this does not have to be an issue but customers need to consider who is actually looking after their sensitive data.

If you would like to chat with us about how to protect your customers from speaking card data, and secure it once you have it, contact us today.

Loading Conversation

Posted by eckoh at 9:00 AM on Jul 18, 2016


Recent Posts

Healthcare identity theft and fraud is a fast-growing threat in the US, but some…

This year is the 40th anniversary of the classic 1978 sci-fi movie Invasion of…


While the US retail industry is reeling from what has been declared by some as…