For all the increases in credit card security – embedded chips, CVV codes, PINs – it’s somewhat astounding that many call centers still ask customers to read out their credit card numbers over the phone.
Most customers have the common sense not to broadcast their card details across their office or down the street. But what about the person in the call centre on the other end of the line?
To have a low paid call centre worker manually entering read-out credit card details is a significant security risk. And it does gets exploited.Why call centre workers are susceptible
Call centre employees are often low paid casual workers. The temptation to record, steal or on-sell credit card details is ever-present. And as you can read in this Reddit forum, call centre employees will tell you that security processes are far from foolproof.
To make matters worse, call center workers are frequently targeted by professional crime gangs. They’ll pay for stolen cards, or even full-scale identity theft. The gangs do it by paying off existing call centre workers, or infiltrating the call centre by having one of their members legitimately gain employment there.
Offshore and remote workers increase the risks
As call centers ‘decentralize’, risks increase. The global contact center spend currently stands at between $300 and $320 billion dollars, of which 25 percent is currently outsourced to a third party (source: The Everest Group). The trend to remote working – a.k.a call centre employees working from home – is also on the rise. According to Vitec, more than 50 percent of call centers in the U.S. have at least some employees that work at home. While both trends bring financial benefits to the company, they also bring increased fraud risks:Offshore call centers tend to exacerbate the risk of ‘bought’ employees, with workers often paid very low wages and therefore more vulnerable to approach by criminal gangs.
- Remote workers on the other hand operate without visual surveillance, making manual recording of credit card details all too easy. Whilst no company should ever allow remote workers to handle credit card payments, it does happen.
What to do instead
Best practice: Customers should be prompted to enter their card details into a phone keypad – and the agents should NOT have visibility of the details being entered. Technically, the solution is simple enough; transfer the live call to an IVR (Interactive Voice Response) menu to prompt a customer to enter their card number, expiry and CVV into their keypad.
No sensitive information should be seen or heard by the agent, and transfer of payment information is completely locked down on regulatory-compliant databases.
Why do companies take the risk?
There are a few reasons why most companies persist in asking for card details over the phone. The first is antiquated call centre telephony and a short-term cost/benefit view to adopting a best-practice solution. And the second is a complacent approach to customers’ card security. Neither are acceptable. If your company still relies on agents asking for credit card details to be read out over the phone, start the conversation.
To see how easy it is to set up an IVR payment gateway Contact us to request a demo.
You might also be interested in: