Careless Talk Costs Money according to Eckoh Poll
– More than a third of people have heard strangers, friends or colleagues sharing full credit and debit card details, including three digit code, in a public place
– ‘Double-swipe’ risk as many divulge their personal details to call centre operatives on non-secured lines whilst strangers within earshot also listen in
– Payment security specialists Eckoh estimates that four out of five retailers and call centres that take payment by phone do so in an unsecured way, exposing tens of millions of customers’ credit and debit card details to potential fraud or sale on the black market
While many people are concerned about the amount of their personal data that is held by large companies, and the potential for data breaches, it seems that people are surprisingly cavalier about sharing their own actionable credit and debit card data with complete strangers.
A poll by secure payment specialists found that more than a third of people had heard friends or colleagues giving out their full credit card details, including the three-digit code, while on the phone within the last six months. A further 21% had been privy to this information within the last year.
Although people may be forgiven for trusting their friends and colleagues not to take advantage of this information, the same can not necessarily be said for complete strangers. While the office was the most common place for people to overhear personal financial details (54%), it seems people are quite happy to share this information in public too. Nearly a fifth of people had heard people giving their card details out on public transport, while on in ten (9%) had overheard similar data being shared in cafes and restaurants, and 7% having heard it in the street.
Tony Porter, Head of Global Communications, Eckoh, who commissioned the poll, said:
“We rightly expect companies to be protective with our personal data, but there are precautions that we could also take in our day to day lives to ensure that our information doesn’t fall into the wrong hands.”
Three quarters (68%) of consumers polled said that they had read out their card details over the telephone within the last year without checking the security of the line.
Tony Porter added: “It’s easy to forget the significance of the data you share over the telephone. In some cases, that information isn’t only being shared by the person on the other end of the phone, but with anyone who happens to be within earshot. Caution is always to be advised when it comes to handling data.”
Jeremy Duncan, a designer who works in a shared office space in central London said, “My office has big echoey corridors and one of the people in the adjoining office regularly shops by phone outside our office. We jokingly nicknamed her 4921 4556, etc, because me and my colleagues found it impossible not to memorise her card details. We’ve explained the risk to her since and suggested that she change her details. When I told her I prefaced it by asking whether she’d like me to buy anything for her in my lunch hour. She thanked me and called her bank immediately.”
PCI DSS rules stipulate that companies should have systems in place to put the credit or debit card details of customers out of reach of call centre staff, either by masking the sound of their voice as they read the card numbers or by providing an input method that is shielded from the call centre operative. Eckoh estimates that only around 20% of businesses or call centres that take payments over the phone are compliant with the regulations, putting tens of millions of customers’ personal credit or debit card details in the hands of others and creating significant risk of fraud.