Card Fraud Reduction

Card Fraud Reduction in Contact Centres: Take Your Pick

Rob Crutchington at Encoded recommends asking three simple questions when deciding which fraud control method to use.

Many methods of taking card payments have emerged over the years as companies strive to be PCI DSS compliant. When the standard was first created the aim was to clarify and align various fraud prevention measures and regulations into a single agreed global framework. Therefore, it comes as a real surprise that in the latest UK Contact Centre Decision-Makers’ Guide (DMG) published by analyst ContactBabel, eleven different ways are listed as to how contact centres attempt to reduce card fraud.

The research outlined that respondents use on average 2.5 different fraud reduction methods from the following list (in descending order of popularity):

Pause and resume recording
Manual processes and training
Obscure the data entered on an agent’s screen
Clean desks/rooms – where pens, paper and mobiles are prohibited
Screen recording application (that does not capture card details on-screen)
Detect and block the phone’s DTMF tones
Cloud-based solution (card information does not enter the contact centre)
Specific internal team dedicated to taking card payments
Take payment via automated IVR at the end of the call
Take payment via automated IVR mid-call
Tokenisation

Time to take your pick – 3 questions to ask first

The ContactBabel survey showed that software and/or payment technology is the single biggest cost associated with fraud protection and PCI DSS compliance for almost three-quarters (70%) of survey respondents. Only one-third reported that they hadn’t had to increase their costs or change the way in which they operated for compliance. Therefore it is important to ask yourself these three questions before deciding which route to take:

1. What are we trying to achieve?

While understanding the importance of protecting customer data from fraud and cybercrime, not all contact centres realise that in the event of a security breach the buck stops with the merchant and it will be the organisation that is fined. However, there are ways to reduce the scope of the cardholder data environment. When choosing from the various fraud reduction methods it’s important to establish what you are trying to achieve? Typically the answer is to prevent lost data and to make PCI DSS compliance easier and less costly.

2. Is this good for the customers? How will customer service be impacted?

While there are many different glossy systems to choose from it is important to think about how your customers will react. Will partially sighted, elderly or disabled people be able to use the service? Sometimes simple is best for example “pause and resume” recording, which is still used by over 60% of survey respondents, caters for everyone, is typically cheaper to implement than other options and offers the highest level of customer service.

3. How much is it going to cost?

There is no such thing as a PCI DSS compliant technology solution. However technology can help achieve compliance. It is important to check that any third party payment service provider is able to prove it is PCI DSS compliant. While a third party cloud-based payment solution can remove cardholder data from the contact centre, the security processes and operational effectiveness of the provider must be checked. Remember compliance is ultimately the responsibility of the merchant. One of the most cost effective methods of dealing with payments is an automated IVR process to take card details from the customer while removing agent risk entirely. Often the simplest ways are also the least expensive, but just as effective.

Whatever method of card fraud reduction is chosen, by complying with PCI DSS merchants and their service providers meet their obligations to the payment eco-system. They also help to build a culture of security and confidence that benefits customers and contact centres alike. The key is to ask the right questions and choose carefully.

Top PCI DSS challenges and how to overcome them

Make PCI DSS compliance an intrinsic part of your Information Security framework but ensure it’s not a one-off exercise. That’s the message from Rob Crutchington, CEO of Encoded. Here, he shows how to reduce customer effort and boost payment success while protecting...

How to boost payment card security and customer confidence

Cross-generational fears over security are triggering new payment trends that potentially threaten the advent of a cashless society. Rob Crutchington believes it is the perfect opportunity to win back customers by blending compliance standards with secure payment...

MOTO still matters and frictionless payments matter even more

People in the payments industry like talking about ‘the next big thing.’ However, with debit cards remaining the most popular payment method with half of all payments in the UK being made using debit cards. Rob Crutchington from Encoded shares his top tips for a...

Speak to the team

To discover how our secure payment solutions can free up your contact centre agents’ time allowing them to focus on customer service, more complex enquiries and revenue-generating activities.

Book a call

Card Fraud Reduction