Card Fraud Reduction in Contact Centres: Take Your Pick
Rob Crutchington at Encoded recommends asking three simple questions when deciding which fraud control method to use.
Many methods of taking card payments have emerged over the years as companies strive to be PCI DSS compliant. When the standard was first created the aim was to clarify and align various fraud prevention measures and regulations into a single agreed global framework. Therefore, it comes as a real surprise that in the latest UK Contact Centre Decision-Makers’ Guide (DMG) published by analyst ContactBabel, eleven different ways are listed as to how contact centres attempt to reduce card fraud.
The research outlined that respondents use on average 2.5 different fraud reduction methods from the following list (in descending order of popularity):
- Pause and resume recording
- Manual processes and training
- Obscure the data entered on an agent’s screen
- Clean desks/rooms – where pens, paper and mobiles are prohibited
- Screen recording application (that does not capture card details on-screen)
- Detect and block the phone’s DTMF tones
- Cloud-based solution (card information does not enter the contact centre)
- Specific internal team dedicated to taking card payments
- Take payment via automated IVR at the end of the call
- Take payment via automated IVR mid-call
Time to take your pick – 3 questions to ask first
1. What are we trying to achieve?
While understanding the importance of protecting customer data from fraud and cybercrime, not all contact centres realise that in the event of a security breach the buck stops with the merchant and it will be the organisation that is fined. However, there are ways to reduce the scope of the cardholder data environment. When choosing from the various fraud reduction methods it’s important to establish what you are trying to achieve? Typically the answer is to prevent lost data and to make PCI DSS compliance easier and less costly.