Following claims that British Airways is still failing to protect customer payment information in its German call center, PCI Pal’s Geoff Forsyth has advised businesses in the travel sector that the most effective way to protect customer data is by de-scoping their entire payments process from regulations such as the PCI DSS.
It is reported that BA employees told the Financial Times that although British Airways allows staff to take part in flexible working practices, this means staff have access to customer data while working at home.
Additionally, it was reported that many employees working for the airline had not been sufficiently background checked and this meant they could be stealing data without the firm knowing.
This means that customer data is potentially put at risk and in fact, less than a year ago, the airline did report a data breach that affected 40,000 customers.
The answer to this is to “de-scope” the business from the requirements of PCI DSS. By not allowing data to enter the contact center in the first place, businesses can ensure that customer information – whether payment data or personal data – is safe from prying eyes or data thieves.
Implementing alternative payment technologies such as DTMF masking means contact centers de-scope the infrastructure from the requirements of PCI DSS, and contact center staff – whether office or home-based – never hear credit card information, meaning they cannot surreptitiously write it down.
Cloud-based DTMF security systems instead allow customers to type their card details in using their telephone keypad. The information is then sent straight to the payment processor, bypassing the call centre, while the customer can continue to talk directly to the contact center staff.
This means there is simply no data for call center staff to access or for hackers to steal.
With more businesses allowing their employees to work from home or away from the office, it’s vital that security processes don’t slip and data remains as safe as if all employees are under the same roof. Using a solution like PCI Pal’s Agent Assist allows businesses to do just this, while ensuring employees have flexibility and remain motivated and productive.
Take a look at how our Agent Assist solution works.
The post De-scoping the contact center mitigates staff security threat appeared first on PCI Pal.
*** This is a Security Bloggers Network syndicated blog from Knowledge Centre – PCI Pal authored by Stacey Richards. Read the original post at: https://www.pcipal.com/en/knowledge-centre/news/de-scoping-the-contact-center-mitigates-staff-security-threat/