Five dangerous misconceptions when sharing personal data – Cameron Ross is Director of Payments Strategy at Eckoh
Consumers in the UK have little understanding of the complexities surrounding the security of their personal data. They often fall prey to a host of myths that could put them at risk, and expose their valuable personal data to hackers and criminals.
Sharing Personal Data
We find that many people are concerned about keeping their data secure but aren’t always sure of the best way to do it. There are lots of common myths when it comes to dealing with contact centres, some of which are a long way from the reality.
We’ve drawn up a list of the five most common data security myths.
Call recording is purely for training purposes
This is primarily about protecting both the customer and the call agent. Call recording prevents the customer from making claims that the wrong order was taken as any discrepancies can be checked. Looking at it the other way, ‘Pause and resume’ systems can be used to manipulate the customer into giving away additional details ‘off the record’ or to allow agents to be rude to the customer without leaving any evidence.
Speaking my payment details directly over the phone is the most secure method
Many people believe that when they give details over the phone it is completely secure, however both ends of the line are at risk from others listening in. Additionally, there are all sorts of situations where details are written down on Post-it Notes or scraps of paper. This is often due to ignorance rather than any sinister motivation, for example, popping off to check stock levels or to ask a question on behalf of the customer. This is particularly an issue in those organisations with multiple departments operating in silos.
People who process my payments are security screened
This is just not the case. Contact centre workers can be some of the lowest paid workers and many temp workers are on short-term contracts. The high churn rate means that there is no point in investing huge amounts into security checks. This is not to say that breaches of this nature are common but there is definitely a misconception around this issue.
The only person my details are exposed to is the contact centre agent
In actual fact, it is likely that anybody in the ordering system will be able to access these details. Databases where your details are held are often accessible to a large number of people within the organisation. We have found that details are stored in widely accessible areas in more than 5% of the contact centres we have dealt with. In some cases, we have even seen customer card numbers being used as order numbers – meaning a license to print labels with your card data on!
When I give my personal details to a company, I am trusting only them with my security
Most of the time, the organisation you are dealing with is the one that looks after your data. You make decisions about whether to trust them based on various factors such as your own experience or their reputation. There are exceptions. Aggregator services such as hotel or travel booking sites will take payment and personal info and pass it on to third parties via batch files. This sensitive data (belonging to multiple customers all in one neat bundle) is open to attack from criminals whilst in transit. Again, with the appropriate security measures this does not have to be an issue but customers need to consider who is actually looking after their sensitive data.
Cameron Ross is Director of Payments Strategy at Eckoh
Cameron co-founded Veritape (acquired by Eckoh in 2013), to provide secure call recording solutions to businesses internationally. Cameron coded core elements of Veritape’s call recording platform, now deployed widely on call centre desktops around the globe. Over the course of a decade, as Managing Director, Cameron was responsible for building Veritape’s position in the highly-competitive call recording market. After identifying PCI DSS compliance as a growth area, Cameron helped invent Veritape’s patented CallGuard technology. CallGuard allows companies to remove sensitive card data from any existing call recording system. Sales of CallGuard, led by Cameron’s teams, propelled Veritape’s significant growth, ultimately resulting in its sale to Eckoh in 2013. Cameron now helps drive Eckoh’s preeminent position of PCI DSS expertise in the contact centre field