In this era of cyber security and technological advances contact centres are often seen as soft targets by criminals.
According to the South African Banking Risk Information Centre (SABIRIC) MOTO payments (Mail Order & Telephone Order) accounted for 48.7% of all credit card fraud losses in 2013.
The vulnerability lies in the staff.
Call centres workers have access to detailed personal information about clients. Combine this with the sensitive payment data members of the public are happy to hand over to complete a transaction and you have a perfect breeding ground for fraud.
“A single insider with access to the right systems can steal a significant amount of sensitive information in a short space of time.”
Matthew Bryars, Retail Fraud.com 27/8/2015
The Challenge for Offshoring
Consumers hold retailers and banks responsible for the security of their data and the prevention of fraud. If companies don’t live up to these expectations there is the danger of clients voting with their feet. Data breaches bring with them not only penalties from regulators but lost revenue and extensive reputational damage.
Companies are well aware of this, and when it comes to choosing partners for outsourcing reputable brands want to be sure their customers’ data (and their reputation) will be safe.
Some contact centres go to extreme lengths to prevent agent fraud; banning papers or mobiles at desks, deploying spy cameras and body searching staff. All this takes time, effort, money and damage staff morale, yet none of them offer a fool-proof solution!
A Technical Solution
Secure phone payment solutions help organisations eliminate agent fraud whilst making client transactions simple and painless. C3’s Secure Assist removes sensitive credit card information using sophisticated audio and SIP re-invites to divert the sensitive information to a secure payment server whilst allowing the agent to maintain verbal contact with the customer. Contact centre staff have no contact with payment details, eliminating the risk of fraud and reducing the challenges of PCI DSS compliance. Client operations are also mostly de-scoped from PCI compliance.