PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • COVID-19
  • News
  • Events
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • COVID-19
  • News
  • Events
No Result
View All Result
PaymentsJournal
No Result
View All Result

`Tis the Season for Payment Fraud: Mitigating the Risks of Seasonal Contact Center Agents

Tim Critchley by Tim Critchley
December 3, 2018
in Fraud Risk and Analytics, Industry Opinions, Security
0
security

security

8
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

It’s no secret, the holidays are a wonderful time of year for retailers. This holiday season, Deloitte predicts that retail sales will grow as much as 5.6 percent from last year, topping $1.10 trillion. In parallel, retailers’ contact centers can expect to see spikes not only in customer inquiries, but also phone payment transactions.

To accommodate for these high-volume times and ensure customers have the best shopping experience, many retailers, big and small, hire seasonal contact center agents. For example, Gap Inc., plans to hire 65,000 seasonal workers this year, many of whom will be stationed in contact centers. Similarly, Macy’s is hiring 1,500 seasonal agents at its contact centers in Florida and Arizona. While extra hands on deck can help retail contact centers thrive during the holiday season, temporary employees also come with a few weighty risks.

Because contact centers process and store a host of Personally Identifiable Information (PII) – including payment card data – they are prime targets for fraudulent activity. However, outside threats (like hackers and phone scammers) aren’t the only ones eyeing the contact center’s PII goldmine, as those inside the organization can also put sensitive data at risk. These “insiders” include contact center agents and customer service representatives (CSRs) who may copy down payment card data, eagerly read aloud by a customer making a seasonal purchase over the phone. An agent could also coerce or bribe a colleague (or be bribed) into sharing PII, or even accidentally leak data by falling victim to a phishing attack.

While we have reason to believe that most agents are good, honest people, it takes just one bad actor to expose or steal payment card data and tarnish a brand’s reputation. Therefore, retailers must take extra caution when it comes to hiring seasonal or temporary agents, for several reasons. 

Weighing the Risks of Seasonal Agents

First, temporary or seasonal employees may feel as though they have no real allegiance to the company or employer – they often see this job as just another short-term opportunity. Whether they jot down credit card numbers as a customer reads them aloud, or illicitly access CRM databases housing unencrypted payment information, temporary agents may find this PII all too tempting. Moreover, these agents may falsely believe that their nefarious activity will go unnoticed, assuming that they’re less likely to face any serious consequences because they’ll be gone in a few months.

Second, retailers are increasingly bringing on seasonal staff in the form of remote or “work from home” agents. While this model can help lower overhead costs and streamline the hiring and onboarding process, it comes with much higher risks. Remote agents (whether or not they are seasonal or temporary) intrinsically have less supervision and security. They may also use personal computers and other unmanaged devices to collect and process customer payments. This makes it nearly impossible for a retailer to ensure agents abide by strict data security practices, and more importantly, comply with the Payment Card Industry Data Security Standard (PCI DSS).

Lastly, the hiring, vetting and training processes are often rushed or less stringent for temporary seasonal agents. Agents with malicious intentions or a complacent attitude towards data security can inadvertently slip through the cracks during the onboarding process – and later come back to bite the hiring organization.

How to Secure Your Contact Center Amidst the Seasonal Employee Surge

As data privacy and security remain top-of-mind concerns for consumers, it’s imperative that retailers take the necessary precautions to mitigate data theft and keep their brand names out of reputation-damaging headlines. While retailers may be in a rush to fill positions with the holidays looming, best hiring practices and proper security protocols shouldn’t be sacrificed for headcount. Here are six steps to take in securing your contact center during this holiday season’s seasonal agent surge:

  1. Vet all potential hires: Perform thorough background checks – and, don’t accelerate the process for any reason. Your customers’ data and your brand’s reputation are too important.
  2. Spend time to train employees: Implement specialized training and hold seasonal employees to the same security practice standards as full-time employees. Run through real-world scenarios and describe the ideal response, as well as the repercussions of a breach.
  3. Emphasize security basics: Reinforce security best practices, including locking computers when leaving a workstation and frequently changing passwords. Roll out clear steps to report breach attempts, security incidents or anything suspicious to management.
  4. Enforce the principle of least privilege user access (LUA) on all systems: This principle means that employees should have the minimum level of access to PII to perform their jobs at any given time.
  5. Segment networks to protect payment data: For instance, accept payments on systems that are entirely separate from day-to-day business activities, such as email.
  6. Focus on compliance: Perform a PCI DSS audit, or at the very least, a self-assessment – do your due diligence and inspect your information security infrastructure and plan before major hiring efforts.
How Technology Can Help Secure the Contact Center

There’s only so much that employee training and security best practices can do to protect your contact center from every security threat, including rogue seasonal agents. Here’s where technology can fill in the gaps, especially “descoping” solutions that remove sensitive data from the business environment entirely.

For example, retail contact centers may use dual-tone-multi-frequency (DTMF) masking technologies to eliminate the security threat seasonal agents pose to payment card data. As recommended by the PCI Security Standards Council, DTMF masking technologies allow customers to discreetly enter payment card data directly into their phone’s keypad. The DTMF sounds are masked with flat tones so the agent on the line, call recordings and nearby listeners cannot decipher the numbers. While agents remain in full voice communication with the customer, the data is sent directly to the payment processor. This eliminates the opportunity for agents – including temporary or seasonal workers – to access sensitive information. And, from a compliance perspective, contact centers can more easily comply with the PCI DSS and other stringent regulations using these descoping technologies, while empowering agents to provide the best possible customer service without fear of exposing PII. 

While the holidays may add an extra layer of risk in the retail contact center due to the influx of seasonal and temporary staff, data security must be a continual and evolving year-round effort. Using a combination of proper hiring strategies, employee training techniques and descoping technologies will best help you safeguard payment card data, protect your brand and ensure a frictionless customer experience.

Tags: Fraud Risk and AnalyticsPersonal DataSecuritySemafone
8
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily
    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

    Must Reads

    eBay’s Upgraded Approach to Payment Processing Meets the Demands of Modern Consumers

    eBay’s Upgraded Approach to Payment Processing Meets the Demands of Modern Consumers

    January 22, 2021
    It’s Time for Retailers to Offer the Best Gift of All In-Store: Digital Gift Cards

    It’s Time for Retailers to Offer the Best Gift of All In-Store: Digital Gift Cards

    January 21, 2021
    Building C-Store Customer Loyalty Programs With Relevant Rewards

    Building C-Store Customer Loyalty Programs With Relevant Rewards

    January 20, 2021
    How PayPal Achieves High Authorization Rates

    How PayPal Achieves High Authorization Rates

    January 19, 2021
    Explaining the Bill Payment Ecosystem

    Explaining the Bill Payment Ecosystem

    January 15, 2021
    QSRs Can Address Loyalty Program Shortcomings by Serving Up Better Offers

    QSRs Can Address Loyalty Program Shortcomings by Serving Up Better Offers

    January 14, 2021
    How Merchants Can Prevent Account Takeovers—and Why Failing to Do So Amplifies Operational Expenses

    How Merchants Can Prevent Account Takeovers—and Why Failing to Do So Amplifies Operational Expenses

    January 13, 2021
    How Banks Can Leverage Tech Partnerships to Enable Innovation for Commercial Clients

    How Banks Can Leverage Tech Partnerships to Enable Innovation for Commercial Clients

    January 11, 2021

    Connect With Us

    • Advertise With Us
    • About Us
    • Terms of Use
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • COVID-19
    • News
    • Events

    © 2021 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result
    ×

    Login

    Forgotten Password?

    Lost your password?
    | Back to Login

      Subscribe!

      Thank you for visiting PaymentsJournal! Please subscribe to our newsletter to receive consumer data insights and daily analysis from Mercator analysts and industry experts.

      ×

      How will COVID-19 Effect the Payments Industry?

      Check out our latest:

      – Consumer Data – Complimentary Reports
      – Podcasts – Mercator Analyst Commentary
      – Industry Opinions

      ×

      WEBINAR:
      How Digital Acceleration Will Affect Payment Industry

      Please join us for this panel discussion on addressing the challenges to pave the way to payments innovation and profitability and gain insights on the key trends and challenges impacting the payments landscape in North America.

      REGISTER