Thwarting Thieves and Hindering Holiday Hackers


Contact Center Thieves and Holiday Hackers
Illustration by David Grey for Contact Center Pipeline

Holiday spending and the quickly evolving ways people buy and sell things was on my mind on a recent trip that took me through Shanghai. In China, there are two prominent apps used by companies and consumers. When conducting a payment transaction, the flick of the finger delivers a bill and another flick of the finger approves the payment. This observation demonstrates a trend. In the U.S. and Europe, there will soon be a day where invoicing and paying will be much more simplified than it is today.

We are firmly on the road to making this happen, but in the meantime, security must increase and fraud must decrease. Today, fraudsters follow the money and we’re seeing an increase in credit card data thefts, some of them impacting businesses with call center environments.

Happy Holidays, Stick ’Em Up

The holiday season is a favorite time of year for bad guys; everyone is in a hurry and in a buying frenzy. There are more transactions and as a result, more opportunity to take advantage. In neighborhoods, presents under the tree may entice burglars; in call centers, fraud goes up due to insiders stealing credit card data and hackers breaking in to do the same. This will always happen where there is money and an opportunity for theft.

To combat this you must remove temptation and opportunity. In a house, remove the presents. If crooks can’t see pretty packages sitting on the porch or under a tree, they will move on. Nothing to steal means no temptation. In a contact center, the answer is removing the credit card information from the equation.

This is why it is extremely important for companies accepting credit cards to adhere to PCI Standards. BUT, even if they are 100% PCI-compliant, there is no guarantee they will stop hackers from breaching the system or stop a contact center agent from writing a credit card number down on a scrap of paper on their way out to lunch. On the other hand, if you do not store any credit card information at all…thieves have nothing to steal and hackers have nothing to hack.

Hampering Holiday Credit Card Fraud

Two approaches call centers can use include DTMF (dual-tone multi-frequency) suppression and SMS text messaging. These technologies bypass the agents and the contact center data infrastructure, going instead directly to a tokenization service provided by the company’s payment processor or acquiring bank. This means that neither the agent nor supervisors monitoring the call will ever see, hear or touch the customer’s credit card information.

DTMF is the sounds the numbers on a phone make when pressed. DTMF suppression is a technique that enables customers to enter their credit card information using the keypad on their phone. The agent stays on the line and never sees the numbers or hears the tones.

The second approach is to leverage SMS, or text messaging, so customers don’t have to give their credit card information verbally over the phone to an agent. Consumers of all generations today are more comfortable using mobile devices for payments transactions. Turning a customer’s phone into a payment kiosk and giving several options for payment to the customer such as Apple Pay, Venmo, PayPal and so on can be done with SMS. The call center will receive a confirmation or token showing that the transaction was approved with the payment processor, and credit card data never touches the company’s infrastructure.

The risk to the company and to the consumer is eliminated because the card data isn’t present, stored (recorded), or transmitted within the company’s systems, PCI scope is eliminated as well. This can save cash… that can be used for holiday bonuses!

Art Coombs is the President and CEO of KomBea. He has more than 25 years of experience with a number of global firms and their call/BPO centers worldwide. Art is also a best-selling author on business and human performance as well as methodologies for BPO/contact centers, outsourcing, and technical support. For more information, please visit