by Audrey Oh
In recent years it seems a month barely passes without a new data breach scandal hitting the headlines. In 2018, the hotel group Marriott International revealed that around 500 million customers had been affected by a data hack in which credit card details were illegally accessed. Most recently, British Airways was fined £183M after customers’ credit card details were stolen. Fraudsters are constantly developing more advanced techniques for accessing our card data. Yet most of us continue to make telephone payments — and some service providers insist on it. So how can you stay safe when giving your credit card information over the phone?
Is the Vendor PCI Compliant?
In 2004, all the major credit card companies — American Express, Mastercard, JCB International, Discover Financial Services and Visa — united to tackle increasingly frequent security breaches. As a result, the Payment Card Industry Data Security Standard (PCI DSS) was born. This standard introduced a set of rules businesses must adhere to, to protect customer card data. In 2006, the PCI Security Standards Council (PCI SSC) was established as an independent group tasked with overseeing the implementation of the standards.
Any business that accepts payments by card must comply with the PCI DSS to a level commensurate with the number of annual transactions they process annually. To achieve PCI DSS certification, a company must meet the twelve requirements for compliance set by the PCI SSC. These cover six overarching goals:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
If you purchase from a company that accepts card payments, PCI DSS gives you peace of mind they are compliant. If another form of payment is required — such as PayPal — it is likely the company you are buying from is not PCI compliant.
PCI compliance is the best way a business can ensure the highest standards of security. If you want to feel confident it is safe to hand over credit card information over the phone, check the company you are purchasing from is legitimate and compliant.
Are You Given the Option to Enter Your Card Details Securely?
If a company is using a secure payment system, you will not be asked to read out your credit card number or other personal information over the phone. Such a practice would give the call agent access to your data. The company could also have recorded your call, meaning they can access your data at any time in the future. With a secure payment system, customers enter their card data using their telephone keypad. The call agent cannot hear keypad tones or see you enter the numbers. Payment details are then sent directly to the merchant’s credit card processing platform and not retained by the company.
Make Sure You Know What You’re Paying For
If you purchase in-store, you know exactly what you’re getting as you can see it, touch it, play with it or try it on. Online, you can only view images of products. If you’re buying over the phone, you may be reliant solely on the information provided verbally by the sales agent. This makes you more vulnerable to being fraudulently mis-sold items or services.
Take the time to ask questions about the product or service. A reputable company will understand the importance of this and will not try to rush you into making a card payment before you are happy to do so. If there is a website, double-check the details of your item before committing to pay. Once you have confirmed your order, ask the agent to read back through the details to ensure there have been no misunderstandings or mistakes.
Use Credit Cards Where Possible
Credit cards provide a higher level of consumer protection than debit cards. If the company you’re purchasing from is using a secure payment system, you have nothing to worry about — regardless of your choice of payment card. But if you want to play it super safe, pay with a credit card to ensure you’re protected if something is amiss. Most card companies offer zero-liability, so if there is fraudulent activity, you won’t lose a penny. With a debit card, you could be liable for the full amount.
With a little common sense and due diligence to check the legitimacy of a company, it’s relatively easy to provide credit card information safely over the phone. Trust your instinct. If something doesn’t feel quite right, do some more research or find another company to purchase from. Never give your card details over the phone. Additionally, make sure that when you do share your details, you can trust the recipient has security systems in place to protect your data.
Play It Safe
These steps will keep you as safe as possible from credit card fraud when making purchases over the telephone. However, where possible, avoid providing credit card details over the phone. If calls are being recorded, as they often are for quality control purposes, the company will have access to your information in the future as it will be stored in their system. While the company itself may be reputable, criminals could hack their system and access your payment information for fraudulent purposes. Any business that is committed to protecting customer data should explore a cloud-based PCI compliant solution.
Are you looking for a way to enhance security levels in your business? Do you want to reassure customers you are committed to keeping their card data safe? Why not take a look at Callstream Vault? It’s the most comprehensive cloud-based PCI Level 1 certified solution currently available for the contact centre environment.
Comments are closed for this post.
As a seasoned expert in the field of cybersecurity and data protection, I have closely followed the evolving landscape of data breaches and security vulnerabilities. My extensive experience includes staying abreast of industry developments, researching emerging threats, and actively participating in relevant forums and conferences.
Now, turning our attention to the article by Audrey Oh, the author discusses the persistent threat of data breaches, especially when it comes to credit card information shared over the phone. The key concepts and recommendations covered in the article include:
-
Payment Card Industry Data Security Standard (PCI DSS):
- The article emphasizes the importance of checking whether the vendor is PCI compliant. PCI DSS is a set of security standards established by major credit card companies to safeguard customer card data. Compliance involves meeting twelve requirements set by the PCI Security Standards Council (PCI SSC), covering aspects such as network security, cardholder data protection, and vulnerability management.
-
Secure Payment Systems:
- It is recommended that consumers use companies employing secure payment systems. In such systems, customers input their card data using the telephone keypad, ensuring that sensitive information is not exposed to call agents or recorded during the call. The details are sent directly to the merchant's credit card processing platform and are not retained by the company.
-
Verification of Purchase Details:
- The article advises consumers to be vigilant about verifying product or service details before making a payment, especially when purchasing over the phone. It highlights the importance of asking questions and double-checking information to avoid fraudulent transactions.
-
Preference for Credit Cards:
- Credit cards are recommended for added consumer protection, as they generally offer a higher level of security compared to debit cards. Most credit card companies provide zero-liability protection in case of fraudulent activities, reducing the financial risk for the consumer.
-
Caution and Due Diligence:
- The author emphasizes the importance of using common sense and exercising due diligence. If something feels off or if there are doubts about a transaction, it is advised to conduct additional research or consider alternative vendors.
-
Risk of Recording Calls:
- The article warns about the potential risks associated with providing credit card details over the phone, especially if calls are recorded. Even if a company is reputable, the stored information in their system could be vulnerable to hacking, leading to potential fraudulent use.
-
Cloud-Based PCI Compliant Solutions:
- The article concludes by suggesting businesses explore cloud-based PCI compliant solutions to enhance security levels, specifically mentioning "Callstream Vault" as a comprehensive cloud-based PCI Level 1 certified solution for the contact center environment.
In summary, the article provides a comprehensive guide on how individuals can safeguard their credit card information when making telephone payments, covering aspects from vendor compliance to secure payment methods and the preference for credit cards. The overarching theme is the need for consumers to be informed, vigilant, and proactive in protecting their financial information.
