Consumers in the UK have little understanding of the complexities surrounding the security of their personal data and are falling prey to a host of myths that could put them at risk according to a new report.
Relying on these misconceptions can lead people to fail to take adequate precautions and can expose valuable personal data to hackers and criminals.
Eckoh, specialists in managing secure payment systems and implementing contact centre technologies have drawn up a list of the five most common data security myths.
Cameron Ross, Director of Payments Strategy, Eckoh said: “We find that many people are concerned about keeping their data secure but aren’t always sure of the best way to do it. There are lots of common myths when it comes to dealing with contact centres, some of which are a long way from the reality.”
Call recording is purely for training purposes
“This is primarily about protecting both the customer and the call agent. Call recording prevents the customer from making claims that the wrong order was taken as any discrepancies can be checked. Looking at it the other way, ‘Pause and resume’ systems can be used to manipulate the customer into giving away additional details ‘off the record’ or to allow agents to be rude to the customer without leaving any evidence.”
Speaking my payment details directly over the phone is the most secure method
“Many people believe that when they give details over the phone it is completely secure, however both ends of the line are at risk from others listening in. Additionally, there are all sorts of situations where details are written down on Post-it Notes or scraps of paper. This is often due to ignorance rather than any sinister motivation, for example, popping off to check stock levels or to ask a question on behalf of the customer. This is particularly an issue in those organisations with multiple departments operating in silos.”
People who process my payments are security screened
“This is just not the case. Call centre workers can be some of the lowest paid workers and many temp workers are on short-term contracts. The high churn rate means that there is no point in investing huge amounts into security checks. This is not to say that breaches of this nature are common but there is definitely a misconception around this issue.”
The only person my details are exposed to is the contact agent
“In actual fact, it is likely that anybody in the ordering system will be able to access these details. Databases where your details are held are often accessible to a large number of people within the organisation. We have found that details are stored in widely accessible areas in more than 5% of the contact centres we have dealt with. In some cases, we have even seen customer card numbers being used as order numbers – meaning a license to print labels with your card data on!”
When I give my personal details to a company, I am trusting only them with my security
“Most of the time, the organisation you are dealing with is the one that looks after your data.
You make decisions about whether to trust them based on various factors such as your own experience or their reputation. There are exceptions. Aggregator services such as hotel or travel booking sites will take payment and personal info and pass it on to third parties via batch files. This sensitive data (belonging to multiple customers all in one neat bundle) is open to attack from criminals whilst in transit. Again, with the appropriate security measures this does not have to be an issue but customers need to consider who is actually looking after their sensitive data.”