In the age of cyberthreats and regulation, don’t forget your company phoneline

(Image credit: Image Credit: Flickr / Matt Reinbold)

We live in an age of increasingly tighter regulation and growing cyberthreats, in which companies are under increasing pressure to ensure the financial data of their customers is safe and secure. We have seen a worrying amount of security incidents in the news about breaches of credit card details, passwords and personal account information, all revealing the extent of the challenge that companies are facing. This year alone, British Airways, Delta and Cathay Pacific all suffered cyber-attacks that saw thousands of customers fall victim to the theft of their financial details.

Whilst the breaches were resolved, and customers informed, the impact on these companies’ brand, reputation and the trust of customers has been substantial. These incidents serve as a crucial reminder that companies can’t afford to just react to cyberattacks – they urgently need to think ahead of them and implement security strategies that will safeguard the financial data of their customers. However, the challenge for companies is to do this while also delivering a seamless and hassle-free purchasing and payment experience to their customers. That experience is being delivered, in most cases, well on online platforms and in person, but companies need to remember another crucial channel of communication with customers – the phone. Companies need to keep in mind that many interactions between them and their customers still take place via the phone, meaning that it is crucial that their financial services security strategies extend to calls where payment is being taken over the phone.

The majority of phone calls to companies take place in contact centres, which means that they play a crucial role in shaping customers’ perception of a brand, as they are one of the first ports of call for customers to contact when they face issues. Contact centres need to be at the forefront of financial security strategies, implementing measures that will safeguard customers’ financial data.

Online payments are already secure – why have phone payments not caught up yet?

Online payment systems already benefit from a high level of security, where payments go through the financial service or bank directly without any input from the company receiving it. Payments made over the phone, on the other hand, are unfortunately lacking the same high level of transparency and security at the moment. When customers make payments over the phone, they run a significant risk of divulging their sensitive and personal financial information without actually knowing what happens to it, how it is used and who has access to it.

For most people, and particularly for older generations, making a payment over the phone is still their preference – so contact centres need a system similar to that used in online platforms to ensure total compliance to regulation and the safety of the personal data of their customers.

To offer the greatest possible level of compliance and to protect both their customers and themselves, it is crucial for companies to equip their contact centres with payment systems that are GDPR-friendly and that will allow customers to connect in a direct and seamless way to the card payment network, in order to make payments while on calls. For instance, such payment systems should enable the customer to type in their credit card details directly through the phone keypad and share that information with the financial service provider straightaway, allowing for the contact agent to be removed out of the equation altogether. At the same time, it is crucial that while they make the payment, customers stay connected with the contact agent through voice at all times to ensure they can flag any issues that arise and complete their payments securely and safely while staying on the call.

The new demands of the regulation age

With the recent introduction of GDPR (which imposes heavy fines to companies who do not upgrade their security to meet standards and fail to disclose breaches they fall victim to) and PCI DSS (an information security standard designed for organisations handling branded credit cards from the major card schemes with the goal to reduce fraud), coupled with high-profile hacks, consumers and companies alike are getting more and more concerned about the safety of their personal financial data.

There is not a week that goes by without consumers hearing on the news about a new data breach impacting them and putting their personal data at risk. They hear about those stories and know they might be next on the list of victims – which makes them increasingly worried about what happens to their financial data when they pass it on to companies to make payments over the phone. Consumer trust is now effectively the hardest thing for companies to gain and retain, in the wake of high-profile data breaches. If that trust is breached, customers will not think twice about moving to a competitor to get their services. This creates an imperative for companies to stop holding their customers’ credit card information, so they can remove the risk of it being compromised, and losing customers in the process.

On top of this, empowering companies with the ability to record the calls that take place between them and their customers will enable them to add an extra layer of security and compliance, as it will give companies full transparency and vision on what happens during calls with their customers, as well as how call agents handle the customers’ data that’s given to them over the phone.

The lessons to take on for the future

Companies are well aware that they cannot afford the financial and reputational loss a hack or data breach could cause them in the GDPR era. On top of the heavy fines they would be subjected to in the aftermath, they run the risk of their turnover being seriously affected by customers deciding to switch to rival businesses. Companies therefore now have an imperative to invest in phone payment systems that are as robust and secure as their online payment systems. Only then will they be able to be fully compliant and retain their customers’ trust.

Neil Hammerton, CEO, Natterbox
Image Credit: Flickr / Matt Reinbold