No business is immune from the risk of data theft – whether external or internal, threats are ever-present. But somewhat worrying is the amount of fraud committed by companies’ own staff. The latest CIFAS Employee FraudScape report shows that 381 cases of fraud were committed internally in the UK in the last year – an alarming number. There isn’t a lack of examples, either. In 2018, healthcare leader Bupa was the victim of an employee breach after a member of staff attempted to sell 500 million client records on the dark web. It has since been issued with significant fines by UK regulators for ‘systematic data protection failures’. Another example is a major broadband company which had to suspend a member of its customer service team following allegations of fraudulent activities on customer cards. The case is currently undergoing police investigation.
Incidents such as these serve to remind companies that just reacting to a data breach is not enough. The priority must be on anticipating them by putting in place security plans that protect the personal and financial information of their customers. And while security is the priority, businesses must remember that it shouldn’t come at the expense of providing customers with a seamless and hassle-free experience.
Many online platforms have mastered the art of connecting security and customer experience, and other communication channels must follow suit. The phone remains a preferred method of communication for many people – so ensuring a robust payment security strategy, while maintaining a high-quality customer experience should be a key consideration for organisations.
The majority of phone calls to and from companies are facilitated by contact centres. They are one of the first ports of call for customers when they have an issue, and they play a crucial role in shaping customers’ perception of a brand. Contact centres, therefore, must be at the forefront of personal and financial security strategies and implement vital measures that will safeguard customers’ financial data.
Do not underestimate the risk posed by your own employees
In the aforementioned examples of internal fraud, employees had access to customers financial data, and they attempted to use it to commit fraudulent activity. Although this type of data breach is quite worrying in itself, it often leads to scarier possibilities, such as “what if these actions weren’t noticed as quickly?”, “what if the transactions were for larger sums of money?” or potentially “what if that employee sells on the customer data that they stole?”
Insider theft threats can seriously endanger a business’ reputation and credibility – especially with mandatory GDPR compliance and the threat of significant fines should a company not comply and fail to handle customer data securely.
Implementing strong financial security strategies
Businesses must ensure that their customers’ personal data is protected from both internal and external sources. A critical first step is to remove agent access to payment card information. In today’s digital age, technologies have been created to ensure the contact centre agent is removed from the process of a phone payment. This is especially important when considering the robust PCI DSS and GDPR frameworks that are now in place in Europe to protect financial and personal data, and the penalties organisations face when breaches occur.
To offer the greatest possible level of compliance and to protect both their customers and themselves, businesses are now legally required to equip their contact centres with payment systems that are GDPR-friendly and allow customers to connect directly and seamlessly to the card payment network to make secure payments while on calls. Payment systems can enable the customer to type in their credit card details directly through the phone keypad and share that information with the financial service provider straightaway, removing the contact agent from the equation altogether. At the same time, it is crucial that while a customer makes a payment, they remain connected to the agent should any issues arise.
Customer trust is becoming the most important asset for brands to gain and retain. As a result, companies can no longer afford to take risks with customer data, especially at a time when the threat of data breaches is omnipresent. When companies implement secure phone payment strategies, they enable a positive customer experience that rests on trust and transparency, not to mention ensuring PCI DSS compliance. This is the kind of security strategy that ensures a customer relationship that rests on trust, and keeps customers coming back.