The protection of customer data has become a massive global industry with billions of dollars spent annually on software, hardware and insurance in an attempt to protect against attacks and maintain confidence in online commerce.

However even with this increase in spend and corresponding boost to regulation, through the likes of General Data Protection Regulation (GDPR) and Notifiable Data Breach scheme (NDB), the number of incidents involving credit card details, passwords, and account information being stolen continues to rise with the potential for a nightmare scenario for many companies.

In 2018, Ponemon’s Cost of Data Breach Study found that the global average cost of a data breach increased by 6.4 percent to an average cost of $148 for each lost or stolen record containing sensitive or confidential information[1].Both VISA and American Express also started offering consumers a tokenisation service, where sensitive account information, is replaced with a unique identifier, allowing payments to be processed without exposing actual account details, in order to stop Australian online merchants from storing credit card information and help alleviate some of the risk involved with keeping a customer’s financial information.

For businesses, this presents a huge challenge to deliver a seamless, hassle-free purchasing and payment experience for their customers at all touch points. This includes phone calls, as they are still a crucial channel of communication for customers to not only interact but also purchase from brands. With this in mind, it is vital that security strategies extend to calls where payments are being made.

Given that phone is still being a first touchpoint customers use especially when they face problems, contact centres need to be aware of the importance of payment security and ensure that they implement security measures that place top priority on protecting customer’s financial information.

Phone payments need to have the same security as online payments

Unlike online payment systems, payments made over the phone do not have the same level of transparency and security. Online payment systems already have a high security level as payments go directly through the financial service without having any interference from the company receiving it. In contrast, there is still a relative lack of security awareness around over the phone payments and customers risk disclosing their personal financial information without having any clear knowledge of who it is being shared with or how it will be used.

Encryption and tokenisation technologies can play a part in lowering fraud rates, modern Dual Tone Multi Frequency (DTMF) masking technology which blanks out card holder information between consumers and merchants will become more critical considering the rise in contact centre operations for scaling customer service and sales.

Last year research conducted by PCIPal found 44 percent of US consumers have suffered from the negative consequences of a data breach, and 83 percent will avoid spending money with a business for several months immediately following a security breach. In fact, data breaches like those recently experienced by Cathay Pacific and Marriot serve as a reminder to companies that they need to be proactively implementing security strategies that will protect their consumers’ financial data, regardless of the medium used to collect it.

This provides little comfort  particularly for senior consumers who often feel nervous about sharing their financial information online, however in contrast vast segments of consumers at ease with providing their card details over the phone without any knowledge of how the person on the end of the line is recording and storing this information. In response to this, contact centres need to establish a system that is similar to those used for online payments to ensure that there is a total compliance to regulation and their customers’ personal data are protected.

Businesses both globally and locally need to equip their contact centres with PCI Compliant payment systems that allow customers to make payments during phone calls. This ensures that maximum compliance and protection is offered to both customers and businesses. When taking over the phone payments businesses need to implement a system that offers their customers an extra level of security for their data by allowing them to pay for their product or service, while staying connected to the agent over the phone, yet not actually sharing their payment information with the agent directly. This protects both the business and the customer.

The regulation age

With regulations around the globe becoming an essential part of any business operation, it’s crucial to invest in solutions that will help avoid the risk of cyber-attacks or data breaches. For instance, GDPR laws and PCI DSS regulations combined with high-profile data breaches have only increased concerns about the safety of financial data.

According to Verizon’s 2018 Payment Security Report, only 52.5 percent of organisations were fully compliant with PCI regulations in 2017[2]. This illustrates the enormity of the challenge for many businesses – maintaining compliance with PCI regulations. It also shows that companies are looking for safer alternatives for collecting necessary payment information in order to reduce the risk to themselves and their customers should their information be compromised.

In a time where there is an erosion in trust in how our information is stored and tighter regulations around this, organisations cannot afford to risk the financial and reputational loss that a hack or data breach creates. In addition to being subject to the costly fines, their bottom line turnover can be seriously affected by consumers choosing to switch to rival businesses. In order to fully retain their consumers’ trust, companies must invest in a phone payment system that offers the same security and stability as their online counterparts.


[2] Verizon Payment Security Report 2018