Monday, October 30, 2017
When asked about data-security vulnerabilities, seven percent of survey respondents admitted that people within their organizations have asked them to share confidential customer data; 4 percent stated the same was true of people outside of their organizations; 9 percent said they know someone who has unlawfully accessed or shared customer information.
Tim Critchley, Chief Executive Officer at Semafone, said these findings underscore the need to keep customer data out of Payment Card Industry Data Security Standard (PCI DSS) scope. "[T]he only way to truly protect sensitive data is to remove it from the business infrastructure completely," he added.
Critchley said the report highlights systemwide risk exposure, especially at contact centers that fail to protect consumer data. Thirty percent of survey respondents said they can access payment card data and personally identifiable information (PII), even when not on the phone with customers. Forty-two percent of agents don't report breach attempts to supervisors or law enforcement, which means most merchants are unaware of the magnitude of these problems, he noted.
Organizations must put policies in place to protect consumer data, or they may have no other option than to implement draconian workplace cultures, Critchley noted. "Contact centers aren't doing enough to protect customer data and prevent fraud, and current practices are contributing to low employee morale and high turnover," he said.
Following are some examples Critchley provided:
Additional findings indicate 72 percent of agents collect audible payment card information and Social Security numbers over the phone in areas where information can be easily intercepted. In addition, technologies such as dual-tone multifrequency (DTMF) schemes can be used to mask voice and keyboard tones when customers share sensitive information, report authors stated.
DTMF and other masking technologies can improve the customer experience by keeping customers and agents connected while customers input sensitive information from their connected devices, researchers noted. Payment card data and PII are sent directly to third parties, bypassing the contact center's infrastructure.
"We're not blaming agents or customer service representatives or suggesting that they're responding to requests for data," Critchley said. "Most are good, hardworking people who may unwittingly respond to a phishing email or pick up a USB drive with a free download offer that contains malicious code. The issue we're highlighting is exposure to risk. As Equifax and other incidents demonstrate, you only need one breach to impact millions and tarnish your reputation."
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.