With many businesses looking to provide new ways to unify communications and give staff more flexible working patterns, Elitetele.com is urging companies to review PCI compliance in order to avoid fines, which are set to increase under the new EU Data Protection Law. It is also advising those with a call centre presence to do more to educate customers on the security surrounding phone payments.
The survey of 2,000 UK consumers by Opinion Matters found huge insecurities exist about how financial information is handled despite technology being available, which businesses can use to ensure call centres take and store customer information securely. Forty-three per cent of respondents (rising to 50 per cent amongst those aged over 55) believe their financial details are most vulnerable to fraud or misuse when given over the phone to an operative who works from home. A third (32 per cent) even believe operatives who work from an office pose the same level of risk.
It appears consumer concerns are fuelled by both internal and external threats even though technology and solutions now exist to guard against criminals online. Forty per cent stated they are not confident their payment details are secure from being hacked by cyber criminals, and 30 per cent are scared operatives can secretly record their information elsewhere.
Matt Newing, CEO at Elitetele.com comments, “The scale, frequency and evolution of security threats means that consumer confidence in the ability of businesses to store their data securely has taken a huge hit. In fact, only three per cent of consumers we surveyed understand what really happens when they make a payment over the phone and they are equally as concerned about internal and external threats to their information.”
This comes at a time when upcoming changes to the European General Data Protection Regulation will provide uniformity of data protection laws across all 27 EU states. The latest draft of the legislation states that data breaches will have to be reported within 72 hours and heavy fines will be imposed on organisations found to be non-compliant with security standards. In light of this, the ICO is urging business to start taking action now to avoid fines.
Newing continues: “Under the new EU Data Protection law, it has been reported that fines for noncompliance could be as high as 2% of annual worldwide turnover. This, accompanied by the inevitable damage to brand reputation and loss of customer trust demonstrates the need for businesses to ensure they have PCI compliant technologies in place to protect consumer data. By doing so, companies can reassure consumers and safeguard the growth of their business.
“Understandably, there is no one size fits all solution. Compliance levels depend on the size and nature of a business, and knowing where to start can prove a daunting task due to ever changing rules and regulations. One of the first measures that can be put in place quickly and easily is to end the practice of asking customers to read their sensitive card details out loud over the phone. It’s easier and safer for call centre staff and customers alike if we offer customers the option of entering card numbers via their telephone keypad instead – whether that’s an automated process or managed by the agent. We need to reassure consumers that they are not obliged to say this information aloud. I would urge businesses to seek expert advice on deploying the best solution for them ahead of the new EU legislation, helping them become and remain PCI compliant. By doing so, businesses can have the peace of mind that they will not be handed a fine which will halt all future progress.”