Is It Safe to Give Credit Card Information over the Phone?
by Audrey Oh
In recent years it seems a month barely passes without a new data breach scandal hitting the headlines. In 2018, the hotel group Marriott International revealed that around 500 million customers had been affected by a data hack in which credit card details were illegally accessed. Most recently, British Airways was fined £183M after customers’ credit card details were stolen. Fraudsters are constantly developing more advanced techniques for accessing our card data. Yet most of us continue to make telephone payments — and some service providers insist on it. So how can you stay safe when giving your credit card information over the phone?
Is the Vendor PCI Compliant?
In 2004, all the major credit card companies — American Express, Mastercard, JCB International, Discover Financial Services and Visa — united to tackle increasingly frequent security breaches. As a result, the Payment Card Industry Data Security Standard (PCI DSS) was born. This standard introduced a set of rules businesses must adhere to, to protect customer card data. In 2006, the PCI Security Standards Council (PCI SSC) was established as an independent group tasked with overseeing the implementation of the standards.
Any business that accepts payments by card must comply with the PCI DSS to a level commensurate with the number of annual transactions they process annually. To achieve PCI DSS certification, a company must meet the twelve requirements for compliance set by the PCI SSC. These cover six overarching goals:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
If you purchase from a company that accepts card payments, PCI DSS gives you peace of mind they are compliant. If another form of payment is required — such as PayPal — it is likely the company you are buying from is not PCI compliant.
PCI compliance is the best way a business can ensure the highest standards of security. If you want to feel confident it is safe to hand over credit card information over the phone, check the company you are purchasing from is legitimate and compliant.
Are You Given the Option to Enter Your Card Details Securely?
If a company is using a secure payment system, you will not be asked to read out your credit card number or other personal information over the phone. Such a practice would give the call agent access to your data. The company could also have recorded your call, meaning they can access your data at any time in the future. With a secure payment system, customers enter their card data using their telephone keypad. The call agent cannot hear keypad tones or see you enter the numbers. Payment details are then sent directly to the merchant’s credit card processing platform and not retained by the company.
Make Sure You Know What You’re Paying For
If you purchase in-store, you know exactly what you’re getting as you can see it, touch it, play with it or try it on. Online, you can only view images of products. If you’re buying over the phone, you may be reliant solely on the information provided verbally by the sales agent. This makes you more vulnerable to being fraudulently mis-sold items or services.
Take the time to ask questions about the product or service. A reputable company will understand the importance of this and will not try to rush you into making a card payment before you are happy to do so. If there is a website, double-check the details of your item before committing to pay. Once you have confirmed your order, ask the agent to read back through the details to ensure there have been no misunderstandings or mistakes.
Use Credit Cards Where Possible
Credit cards provide a higher level of consumer protection than debit cards. If the company you’re purchasing from is using a secure payment system, you have nothing to worry about — regardless of your choice of payment card. But if you want to play it super safe, pay with a credit card to ensure you’re protected if something is amiss. Most card companies offer zero-liability, so if there is fraudulent activity, you won’t lose a penny. With a debit card, you could be liable for the full amount.
With a little common sense and due diligence to check the legitimacy of a company, it’s relatively easy to provide credit card information safely over the phone. Trust your instinct. If something doesn’t feel quite right, do some more research or find another company to purchase from. Never give your card details over the phone. Additionally, make sure that when you do share your details, you can trust the recipient has security systems in place to protect your data.
Play It Safe
These steps will keep you as safe as possible from credit card fraud when making purchases over the telephone. However, where possible, avoid providing credit card details over the phone. If calls are being recorded, as they often are for quality control purposes, the company will have access to your information in the future as it will be stored in their system. While the company itself may be reputable, criminals could hack their system and access your payment information for fraudulent purposes. Any business that is committed to protecting customer data should explore a cloud-based PCI compliant solution.
Are you looking for a way to enhance security levels in your business? Do you want to reassure customers you are committed to keeping their card data safe? Why not take a look at Callstream Vault? It’s the most comprehensive cloud-based PCI Level 1 certified solution currently available for the contact centre environment.