No business is immune from fraud cases, and there’s no lack of examples, writes Neil Hammerton, CEO and co-founder of cloud telephony platform Natterbox.
In 2018, private healthcare company Bupa was the victim of an employee breach and it has since been issued with significant fines by UK regulators for ‘systematic data protection failures’ after an employee attempted to sell 500 million client records on the dark web. Another strikingly similar example is a major broadband company which had to suspend a customer service team member following allegations of fraudulent activities on customer cards. The case is undergoing police investigation.
What if?
In these instances, employees committed fraudulent account withdrawals using customer data that was gathered by the company. This type of data breach, while concerning in itself, often leads to more worrying questions, such as “what if these actions weren’t noticed as quickly?”, “what if the transactions were for larger sums of money?” or potentially even “what if that employee sells on the customer data they got their hands on?”
Insider theft threats can seriously endanger a business’ reputation and credibility, especially with mandatory GDPR compliance and the threat of significant fines should a company not comply and fail to handle customer data securely.
Call centre security
Many a company’s phone calls take place within a contact centre. As one of the first places a customer turns to when they have a problem, these centres play a crucial role in shaping customers’ perception of a brand. So, it is vital that they are at the forefront of financial security strategies and implement measures that will safeguard customers’ financial data.
Businesses must ensure that their customers’ personal data is protected from both internal and external sources. A critical first step is to remove agent access to payment card information. In today’s digital age, technologies have been created to ensure the contact centre agent is removed from the process of a phone payment. This is especially important when considering the robust PCI DSS and GDPR frameworks that are now in place in Europe to protect financial and personal data, and the penalties organisations face when breaches occur.
To offer the greatest possible level of compliance and to protect both their customers and themselves, businesses should equip their contact centres with payment systems that are GDPR-friendly and allow customers to connect directly and seamlessly to the card payment network to make payments while on calls. Payment systems can enable the customer to type in their credit card details directly through the phone keypad and share that information with the financial service provider straightaway, allowing for the contact agent to be removed out of the equation altogether. At the same time, it is crucial that while a customer makes a payment, they remain connected to the agent should any issues arise.
The risk of insider fraud is effectively eliminated when companies implement secure phone payment strategies. It enables a positive customer experience that rests on trust and transparency, not to mention ensuring PCI DSS compliance. In an era where customer trust is what makes or breaks a brand, companies need to make customer data safety a priority and remove the risk of insider threat.
