Seeing Ashley’s excellent blog regarding PCI reminded me of another key problem in Call Centre credit card handling.
He was explaining the perils of an IT department storing customer records, and the associated damage to a company’s reputation if a security breach should occur. Pointing out that security not only needs a completely honest IT department, but expertise good enough to defend the data against the latest and greatest hacker technology, which of course improves by the day!
My topic today may resonate more with business managers responsible for the Call Centres. It is about the risks and threats associated with staff fraud in a company . Over the years I have had occasion to work with a wide range of security organisations, and have come to appreciate just how big the problem is. Nobody likes to think it would occur in their business, but on average we can expect a new staff fraud to be discovered in a UK high street branded organisation every working day of the year.
According to CEFAS, The UK’s Fraud Prevention Service, their 250+ members reported 178 cases of staff fraud in the first six months of 2011. CEFAS member companies include Tesco, Vodafone and Royal Bank of Scotland. It reports that “Dishonest actions by staff to obtain benefits by fraud or deception account for over 50% of all confirmed staff frauds committed in the first half of 2011, rising by nearly a quarter in the first half of 2011 compared with the last half of 2010”.
Shocking isn’t it! According to CEFAS, many of the frauds were picked up by internal controls, audits and other measures, but 40% apparently remained undiscovered until reported by a customer. In a world where customers can instantly blog or tweet their frustration over a fraud, as well as go to traditional media such as the newspapers, the impact of a single fraudulent transaction can have a very sudden and very significant impact on the sales of a business.
Imagine the case where customers lose confidence in a large “on line” retailer because of a single fraudulent action which is picked up by the tabloid newspapers. Millions of pounds worth of revenues can be lost overnight, due to a theft where the value of the fraud might be less than £1,000. The real cost of this fraud is the short term and long term damage to a company’s reputation, and can be thousands of times the cost of making good the customer’s deficit from the original fraud. This nightmare is all too real.#
Where reputations are worth a lot of money, Call Centres can take a number of measures to try and reduce the risk of agents fraudulently using credit card details of their callers. Some can be intrusive like employees having to prove they are not in debt, others can be quite draconian such as banning paper and pens from the Call Centre floor (to stop an agent writing the details down), banning mobile phones (for the same reason) and even removing modesty panels from the agent’s desk (to avoid devices hidden under the desk).
Even the best Personnel department cannot ensure the staff handling credit cards will be 100% honest, but the IT department can help their business eradicate credit card fraud by providing a machine, to take the customer details secretly over the phone, and thus remove the temptation from the agents.
Call centre agents can simply wait on the line while the caller secretly enters their card data into their telephone, and follow the caller’s progress on a screen, taking over the call again when the transaction has been completed. If customers only ever enter their card details into the phone system, or the web site, then no human beings in the company ever need to know the customers card details, completely removing the opportunity for card fraud.
So long as the IT department make sure the machine is safe (eg purchased from an Audited Tier 1 PCI DSS Compliant vendor) everybody in the Call Centre can rest easy, and agents can be treated as trustworthy human beings again – maybe even allowed to bring documents and personal items to their desk?