Payment security starts at the contact centre

By Tony Smith, Sales Director – EMEA, PCI Pal

Contact centres are critical for retail businesses. They represent the sharp end of communication with a company’s user base, linking them directly with their customers and representing the brand to the general public. While their importance is obvious, they don’t come without downsides, and in 2018, perhaps the biggest challenges they represent are those attached to issues of data security.

By their very nature, call centres are brimming with private information. It is available audibly, on networked and local IT systems and in call recordings; or to put it more simply - contact centres are extremely vulnerable to fraud and data theft. According to the CIFAS internal fraud database, more than 20% of internal fraud cases originate in call centres. All manner of breaches can occur, ranging from the tech-based and sophisticated right down to the old fashioned, with employees themselves procuring information to use, or even passing down to the line to someone else.

It’s imperative that it be protected, however, lest a company face mammoth fines, brand damage, the loss of customers, and potentially even closure. In a world facing the impending arrival of the GDPR and an increasingly tech savvy public, the issue of data protection and security is one which must sit front and centre when discussing the effectiveness and performance of any contact centre. Once the GDPR comes into effect, the ICO can impose fines of up to €20 million or 4% of worldwide turnover (whichever is greater) and these fines can be imposed against both data controllers and data processors, which is to say that anyone who handles data on behalf of a company is liable, rather than just the company itself.

In our view, the first step towards eradicating these risks is to seek out PCI DSS compliance. The PCI DSS (or Payment Card Industry Data Security Standard) imposes strict control on data storage, encryption and accessibility, and to achieve compliance, companies must follow the clearly defined guidelines laid out within it. While seeking out help with compliance isn’t necessary, it is something that should be considered, too. The idea of spending on data security may not seem particularly palatable to businesses in the current economic climate, it’s an investment in a company’s future, and one which should be considered very carefully.

Even if you disregard the huge punitive ramifications for non-compliance with increasingly strict data protection regulations (which isn’t recommended) it’s worth viewing personal information through a difference lens, one which shows it for what it actually is: an asset to any business, and one which should be treated as such.