In an age of tighter regulation and growing cyberthreats, companies are under increasing pressure to ensure their customers’ financial data is safe and secure. The number of incidents reported in the news about breaches of credit card details, passwords and account information reveal the extent of the challenge that companies are facing. This year alone, British Airways, Delta and Cathay Pacific all suffered cyber-attacks that saw thousands of customers financial details stolen.
Whilst the breaches were resolved, and customers informed, the impact on these companies’ brand, reputation and the trust of customers has been substantial. These incidents serve as a reminder that companies can’t afford to just react to cyberattacks – they need to think ahead and implement security strategies that will safeguard their customers financial data. The challenge is to do this while also delivering a seamless, hassle-free purchasing and payment experience to their customers. That experience is being delivered, in most cases, well on online platforms and in person but companies need to remember another crucial channel of communication with customers – the phone. With so many interactions between companies and customers still taking place via the phone, it is crucial that these security strategies extend to calls where payment is being taken over the phone.
Contact centres, where the majority of these calls take place, play a crucial role in shaping customers’ perception of a brand, as they are one of the first ports of call for customers to contact when they face issues. They need to be at the forefront of financial security strategies, implementing measures that will safeguard customers’ financial data.
Phone payments need to be as secure as online payments
While online payment systems already have a high security level, where payments go through the financial service directly without any input from the company receiving it, payments made over the phone don’t have the same level of transparency and security. By making payments over the phone, customers run the risk of divulging their sensitive, personal financial information without actually knowing what happens to it, how it is used and by whom.
For many, particularly older generations, making a payment over the phone is still their preference – so contact centres need a system similar to that used in online platforms to ensure total compliance to regulation and the safety of their customers’ personal data.
To offer maximum compliance and protect both their customers and themselves, companies need to equip their contact centres with GDPR-friendly payment systems, that will allow customers to connect directly and seamlessly to the card payment network to make payments while on calls. For instance, enabling the customer to type in their credit card details directly through the phone keypad and share that information directly with the financial service provider, removing the contact agent out of the equation. At the same time, it’s crucial that while they make the payment, customers stay connected with the contact agent through voice to ensure they can flag any issues and complete their payments securely while on the call.
The regulation age
The recent introduction of GDPR (which imposes heavy fines to companies who don’t upgrade their security standards and fail to disclose breaches) and PCI DSS (an information security standard for organisations handling branded credit cards from the major card schemes to reduce fraud), coupled with high-profile hacks means consumers and companies alike are getting increasingly concerned about the safety of their personal financial data.
Consumers now hear almost every week on the news about a new data breach impacting them and putting their personal data at risk. They hear about those stories and know they might be next on the list of victims – making them increasingly worried about what happens to their financial data when they pass it on to companies to make payments over the phone. Consumer trust is now the hardest thing for companies to gain and retain, in the wake of high-profile data breaches. If that trust is breached, customers won’t think twice about moving to a competitor to get their services. This creates an imperative for companies to stop holding their customers’ credit card information, to remove the risk of it being compromised.
On top of this, empowering companies with the ability to record calls between them and their customers adds another layer of security and compliance, as it will give companies full transparency on what happens during calls and how call agents handle the customers’ data given to them over the phone.
Companies know that they can’t afford the financial and reputational loss a hack or data breach could cause in the GDPR era. On top of the heavy fines they would be subjected to, their turnover could be seriously affected by customers deciding to switch to rival businesses. Companies must invest in phone payment systems as robust and secure as their online payment systems. Only then will they be able to fully retain their customers’ trust.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.