October 31, 2017
A new study, aiming to draw attention to the vulnerabilities that exist in call centers, found that even the most fundamental data security best practices are not in force, exposing the companies that use them to an elevated risk of data breach. The survey from U.K.-based technology provider Semafone polled contact center agents around the world and found that 72 percent of those that accept card payments over the phone require customers to read payment card information or Social Security numbers aloud. Thirty percent said they have access to that information even when they are not on the phone with the customer.
Semafone CEO Tim Critchley pointed out that contact center agents are in a bad spot. Many work under conditions that lead to low morale (e.g., 80 percent can’t have phones at their workstations, around a third can’t have paper, pens, bags or personal items). At the same time, a not insignificant number of them have been contacted by someone that wants them to divulge payment card information.
“Although just four and seven percent of survey participants had been approached by outsiders and insiders, respectively, to provide customer data, these are alarming numbers when extrapolated to the greater contact center agent population,” Critchley told CardNotPresent.com. “While a majority of agents are good, honest people, it takes just one malicious person to expose sensitive data and ruin a business’ reputation.”
And breach, while the worst outcome, is not the only one. Critchley noted that any of the characteristics measured in the report can indicate PCI non-compliance and result in fines.