9 Ways to Avoid a Credit Card Data Breach 415 Filed under - Archived Content, Syntec With data breaches making headline news, Simon Beeching explains how to maintain customer trust and protect your brand. Data breaches are headline news at the moment, reminding us all that it’s not just about boring old regulations and security policies, but may go right to the core of what customers think of your brand. As the old saying goes, ‘it takes years to build a reputation and only seconds to lose it’. Evidenced by the chief executives of some large organisations in the news recently squirming as they explain that they’re not sure exactly what sensitive data has been stolen or whether it was encrypted. Here are 9 tips to help maintain security of credit card data in contact centres: 1. Never store the long card number Never store the long card number (PAN) unencrypted or the 3-digit security number (CV2) at all. The latter is not only against the PCI DSS regulations (Payment Card Data Security Standards), but would get you into deep trouble if there is a breach – to the point where you may face fines /lose your merchant account and no longer be able to take card payments. 2. Don’t give staff unsupervised access Don’t let staff have access to customers’ credit card numbers unsupervised. 3. Tokenise the long card number for future use If your payment gateway supports it, ask them to tokenise the long card number for future use. This way, any member of staff can only see the last four digits to quote to the customer to reauthorise next time – and you don’t store the rest at all. 4. Do not use unencrypted VoIP connections Do not use unencrypted VoIP connections for calls where card numbers are being read out by the customer, as it’s a wide-open channel to hack into. 5. Audit where you may have stored credit card data in the past Make sure you audit where you may have stored credit card data in the past. Get rid of this data where possible, encrypt it/tokenise it where not. Call recordings in particular are a hazard as you may have thousands of calls for quality control or audit purposes, containing recordings of customers reading out their card numbers. These numbers can be blanked out and the rest of the recordings retained. 6. Avoid ‘pause and resume’ call recording systems Avoid ‘pause and resume’ call recording systems as this method does not solve the fact that your agents, their PCs and your network are still exposed to the card data when it’s read out (and remain ‘in scope’ of the PCI DSS regulations as a result). Consumers are also increasingly wary about reading their card numbers out anyway, as they’ve seen the recent media stories about data theft too. 7. Avoid ‘clean rooming’ supervision of your agents Similarly, avoid ‘clean rooming’ supervision of your agents to protect the data. It does not resolve the customer having to read out their card numbers over the phone, or your PCI DSS scope and annual assessment. It can lead to a pretty dehumanising workplace too, if agents cannot have pens, paper, mobile phones and email access ‘because they might compromise the data’ – hardly a trusting environment for your staff. 8. Take responsibility for security of the sensitive card data Make sure you take responsibility for security of the sensitive card data wherever it is taken or resides on your behalf. Simon Beeching This should include home and remote workers and any outsourcers too, whether you use them just for disaster recovery or for business-as-normal. 9. Consider a DTMF system for card payments by phone Consider using a new DTMF system for card payments by phone, where the agent asks the customer to key in their PAN and CV2 in the middle of the live conversation (and/or an IVR automated system can be used). Some of these solutions can also integrate with your payment services provider and existing hardware, and stop the card numbers entering your contact centre environment at all. For more information about avoiding a credit card data breach, watch this free webinar replay. Author: Megan Jones Published On: 4th Nov 2015 - Last modified: 22nd Mar 2017 Read more about - Archived Content, Syntec Contact Centre Reports, Surveys and White Papers Get the latest exciting call centre reports, specialist whitepapers and interesting case-studies. Choose the content that you want to receive. Contact Centre Reports, Surveys and White Papers Invites to exclusive Webinars & Events Weekly Newsletter