Syntec Telecom and Davies Hickman Partners have produced a report on how contact centre leaders are meeting the challenges of PCI DSS and the concerns of consumers to credit card payments over the phone.

Extracts from the report are below.

Consumers demand better card payment security

  • 72% (68% in 2012) say “call centre managers should do more to prevent credit and debit card fraud” 
  • 74% (70% in 2012) say “the banks, credit card and payment companies should do more to prevent fraud

The report believes their research shows that despite years of compliance pressure call centres are adopting one of three methods to deal with the issues:

  1. ‘Head in the Sand’: These organisations are adopting a trust-based approach relying on existing systems and staff, including elements of ‘clean-rooming’, but are unaware of the seriousness of PCI requirements
  2. ‘Segmenting the Problem’: Here, organisations are setting up discrete payment teams to reduce the numbers of agents taking payments
  3. ‘De-scoping payments’: Organisations engaged in PCI compliance are using technology to shield crucial payment card data from the call centre

Key findings from the research showed:-

  • 1% (2013), 3% (2012) of consumers say payment over the phone to a call centre is the most secure method (compared to chip and pin, online and self-service/ATM payments)
  • 16% (2013), 14% (2012) of UK consumers say they are very confident that “Organisations I buy from over the phone will keep my personal and card payment details secure”
  • 80% (2013 & 2012) of consumers say that despite careful recruitment policies, some call centre agents may commit fraud, directly or indirectly, by stealing personal data and credit card payment details taken over the phone from customers
  • 72% (2013), 68% (2012) say call centre managers should do more to prevent credit and debit card fraud.
  • 68% (2013), 58% (2012) of UK consumers say “As a general rule, I don’t think companies should be allowed to keep my credit or debit card details on their databases”
  • 32% of UK consumers say they have seen news stories about credit & debit card fraud in call centres (39% of 18-34 year olds)
  • Twice as many consumers favour using their phone keypad* to enter their card details whilst the agent is still on the call, compared with the solution where the agent simply pauses the call recording. A higher majority of consumers say they would use, and be happy to use, their phone keypad – 58%, with only 27% favouring pausing the call recording.

Do you believe call centre agents may commit fraud directly or indirectly by stealing personal data and credit card details they take from customers over the phone?

  • Yes, often, 16%
  • Yes, sometimes 64%
  • No 6%
  • Don’t know 14%

When making card payments which is the most secure?

  • Chip and Pin 53%
  • Payments over a secure website 18%
  • Self-service Machines (e.g. train tickets) 11%
  • Telephone payments to call centre agents 1%
  • Don’t know 16%

Solving the compliance conundrum

  • Use technology to hide credit card details from call centre agent 45%
  • Only allow selected agents in ‘clean rooms’ 7%
  • Regular audits of calls to monitor fraud 14%

Has the risk of fraud when giving your credit/debit card details over the phone to a call centre made you reluctant to pay for a product or service?

  • Yes 59% (Yes, often 17%, Yes, sometimes 42%)
  • No 21%
  • Don’t make phone payments 19%

Tips for rebuilding trust through card payment delivery in call centres

  1. Build capability by educating your people about risk, fraud and the value of security to customers
  2. Develop processes and procedures so your people can report suspicions confidently
  3. Build relationships with internal and external fraud monitors
  4. Create a compliance strategy which suits your organisation
  5. Keep your eye on changing operational requirements to improve security programmes
  6. Delete basic operational failings such as storage of sensitive information
  7. Choose trusted secure partners
  8. Explore technologies which ‘shield’ the call centre from sensitive payment data.

Simon Beeching, director at Syntec Telecom, said: “There is no question that card payments over the phone to the call centre remain a weak link. Our research clearly shows that an increasing majority of consumers have serious concerns over card payments by phone. Consumers are now saying they will positively favour brands and call centres that can provide tangible reassurance over their card payment security.”