Founder member of FECMA

The recognised standard

Stranger Danger.. A Guest blog by Dianne Smith, Head of Partnerships at Key IVR

6 September 2019

Stranger Danger – Why am I giving my credit card details to you?

I like to think there’s a silver lining to major data breaches hitting the news, consumers are being more cautious about how they share their personal data. The Public vs The Cyber Criminals, the ongoing battle. This is particularly important with debit and credit card information. Yes it’s annoying if your online password needs resetting, that’s quite easy to fix. But cancelling and reissuing a new debit or credit card, then crawling through your bank statement for anything suspicious? A whole other level of worry and stress.

So, I was very surprised when I was on the phone last week, renewing my car insurance (with quite a well-known and established provider), going through all my details, hearing every bit of the terms and conditions and haggling a decent price, to only then be asked by the agent to read out my card details to make payment.

“Do you want me to say them out loud to you?”

“Yes please, starting with the long card number on the front”

“Do you write these details down?”

“No, we type them straight into the screen”

“Can’t I type them somewhere to you instead?”

“Erm, no sorry, we don’t have that facility. Our phone line is secure you have nothing to worry about”

But I was worried. Why did this company consider it normal for me to start reading out extremely sensitive card information to an agent over the phone? I can only assume they weren’t going to scribble down the details and have a spending spree online later.

I’d been on the phone for a whole 23 minutes (longer if you include the multiple loops of Beethoven 5th Symphony). Was there an alternative way for me to pay? No. Had it been a complete waste of my time? Yes. I was angry, and the agent didn’t understand why. It was certainly never discussed as part of their training.

“The line was secure” they kept repeating.

“I shouldn’t be worried” they kept reassuring me.

I started to feel like I was being paranoid, some crazy customer over the phone that they’ll have a chuckle over later in the break room.

But I wasn’t being paranoid. Data breaches have been hitting organisations globally, because they’re not taking the correct steps in protecting their customers.

Even if I had read out my details and they didn’t copy them down somewhere. I know for a fact they record their calls too. So, were my card details going to sit somewhere on a server for “training and monitoring purposes”, in a massive database, ready to be grabbed by the next clever hacker to breach their systems? Who knows.

Organisations are leaving too much to chance, they’re not moving with customer expectations. There are solutions available which can completely remove any sensitive card details from agent’s eyes and from company systems. Card details are keyed into the telephone keypad and the agent can just follow along with their screen. That’s secure, that’s reassurance, and it’s madness that major brands aren’t recognising that all it takes is a data breach to hit their organisation and there’s a goldmine of card information ready for the taking.

Imagine the PR nightmare, the customer comms, the legislative fines. And it’s not just the big players, studies have shown cyber criminals are trying the smaller businesses too, perhaps they expect them to have less investment in IT security, so it makes them an easier target.

If you would like to know more about such solutions, take a look at our Agent Assisted Payment Solutions https://www.keyivr.com/pci-dss-solutions/agent-assisted-payments/ or contact me dianne.smith@keyivr.co.uk and we can discuss how to protect your customers payments.

 

 


comments powered by Disqus