Do you offer a product or service using a call center agent over the phone? Whether purchasing retail, paying a bill, or covering a premium for insurance there are thousands, if not millions, of transactions which require a client to verbally give out their credit card, and other sensitive information, to a complete stranger over the phone. The practice of verbally authorizing this type of transaction predates the internet. Consumers have used this platform since the age of ordering items from store catalogs. Speaking with and carrying out a transaction with a human provides a valuable opportunity to personalize business and is preferred by many individuals. It also comes with its fair share of risk.
Highly sensitive financial information that can easily be utilized for fraudulent activity is an extremely attractive target for today’s criminal element. This is why call centers, in particular those where financial transactions are handled over the phone, can be a target for those ingenious enough to exploit this susceptible model. Predatory practices have an impact on the merchant and customer alike. Many companies that like to have an intimate relationship with their clients rely heavily on being able to provide a human element to their customer’s experience. Rather than direct their patrons to a website, or automated system, it is their preference to offer a person – not a machine – as the point of contact. In this case, a solution that is flexible enough to guard against the open exchange of privileged information is needed to secure the best interest of the consumer as well as the company.
Brilliance Security Magazine had the opportunity to talk with Tim Critchley, CEO of Semafone, to discuss the threats involved with verbally authorized transactions, and how Semafone offers a solution to minimize the opportunity for criminals to tarnish the warm and personable practice of having people at the forefront of your venture.
Semafone, founded in 2009, is a global leader in securing networks and voice transactions. Their patented technology is compatible with most payment service providers and is deployed internationally to provide a solution for some of the most important challenges that face the world’s leading telecommunication and network specialists. Semafone offers a control to mitigate the arduous task of PCI DSS compliance by taking much of a call center’s operations completely out of scope for PCI regulations. It works by acting as a barrier between a cardholder and the call center/chat window agent when sharing financial data. This is accomplished using controls, including DTMF masking, when consumers enter their credit card information as well as redacting data shared in chat conversations while expediting the information to financial institutions to complete the transaction. The agents never handle or even see the data provided.
Tim tells us that when they started Semafone, about nine years ago, the founders were running a call center. They were very much in the midst of dealing with the problems they now help to solve. They would find agents who, opportunistically, would take advantage of some of the information they had access to. He said, “The threats came by various approaches. It would often be a call center agent, who perhaps was quite new and perhaps didn’t realize just how much trouble they would be in if they mishandled a customer’s data, that would take advantage of access to credit card information. There are also quite a few examples of call center agents when they deal with famous people. They sometimes find it too tempting to contact the press, or otherwise exploit confidential information.”
Many times the breach of data comes from an elaborate fishing scheme. Untrained, unaware agents often fall victim to “smart e-mails” where criminals can gain access to personal information, passwords, or gain access to customer funds by uncovering credit/debit card numbers.
By far the most troubling trend involves organized criminal efforts to steal and fraudulently use financial data. These attacks can come with a heavy financial cost for consumers, but also a huge hit to the reputation of the merchant. These attacks can permanently damage their relationship with their customers, and also the communities they operate in, thereby damaging their ability to operate.
While many of Semafone’s clients have a consistent rate of business where their call volume and daily transactions remain at a steady volume throughout the year, they also deal heavily with companies that have seasonal and conditional spikes in activity requiring them to take on new or temporary agents. Sometimes these situations prompt sophisticated gangs to infiltrate into call centers as employees to deliberately and maliciously obtain access to critical data or by using coercion to obtain the information from callers.
Semafone stresses the importance of properly vetting new talent acquisitions with thorough background checks. They advocate in-depth training of new employees and refresher courses for an established base of workers. Such practices can significantly reduce the opportunities for breaches of financial information. The most diligent hiring processes and security checks can often fail, compromising a company’s reputation and opening the door for criminal activity. However, Semafone’s platform offers the potential of being a nearly failsafe approach. The system provides a firewall between the customer’s data and the unpredictable human element. Even if a criminal gets in, there isn’t anything of a sensitive nature available for them to see.
With the massive retail surge of the holidays approaching it is wise counsel to consider having a solution in place that serves as a barrier to protect the information criminals are after. The Semafone solution, with its unique technology, has the potential of being a feasible option for companies looking to protect themselves and their customers.
Watch the below video for an entertaining description of how the Semafone platform works.
By Cody Bowcut, Contributing Editor