– It is a violation to store sensitive card data after authentication without proper protection, including in call recordings – and in particular it is prohibited to store/record the CVV/CV2 number at all.
– Where it is necessary to record calls (for quality control or regulatory purposes), appropriate technology must be introduced to prevent the recording of these elements.
– Personal Account Numbers (PAN, or the long card number) must not be held in a manner accessible to others and should be masked in part if/when displayed (e.g. last 4 numbers only).
– Encryption should be used when storing or transmitting sensitive data, including the need to avoid using unencrypted VoIP telephone systems.
– Agents and homeworkers who have access to card details should be tightly supervised to ensure that they are not able to store or transmit sensitive client data (known as ‘clean rooming’).
What consumers say*
77% view call centre agents as a source of potential fraud
56% are reluctant to purchase a product or service when faced with making a payment over the phone
72% feel organisations should be doing more to prevent credit and debit card fraud
Only 1% feel that paying by card over the phone is the most secure form of card payment
49% feel technology should be used to hide credit card details from call centre agents
What so Contact Centre IT & Ops Nanagers say
47% agree that their organisation loses sales because their phone payment systems are not secure
62% agree that they too were reluctant to make payments over the phone in their personal life
46% say they will trial a PCI-secure payments system in the next year
74% will consider hosted (or ‘cloud’) secure payment systems