Call centres put card details at risk Only 3% follow security guidelines

17 October 2009

A row of smiling call centre workers

Consumers paying for goods with a credit or debit card over the telephone may be at increased risk of card fraud, a study has suggested.

Veritape, a company which provides software-based call recording services, surveyed 133 UK call centre managers to check whether their practices were in line with global industry guidelines.

According to the report, just 3% of the call centres assessed by Veritape were compliant with the Payment Card Industry Data Security Standards. These state that call centres should not store recordings of customer conversations which contain card details – even where this information is encrypted.

Card fraud risk

According to Veritape, personal details including credit and debit cards’ three digit security codes are being stored on the data servers of call centres across the UK. If thieves get hold of these, they have all the information they need to make fraudulent transactions on their victims’ accounts.

A report by Verizon Business, Veritape’s sister company, shows data breaches due to hacking rose 5% in 2008, while some 81% of businesses that had their data stolen were not compliant with global data security standards.

Of the call centres surveyed by Veritape in September 2009:

  • 61% were unaware of the existence of industry guidelines;
  • 18% were aware but said they could not comply for technical or budgetary reasons;
  • 11% were aware of industry guidelines but had chosen to ignore them;
  • 6% were aware of the rules and were working towards compliance;
  • 3% were properly compliant with the Payment Card Industry Data Security Standards.

Protect yourself from fraud

Cameron Ross, managing director of Veritape, said: ‘What we have is a global industry standard that is routinely ignored by call centres throughout the UK. The storage of actionable data creates a huge reservoir of sensitive information that is putting the financial resources of millions of people at risk.’

Which? money editor James Daley commented: ‘No doubt Veritape’s findings will concern consumers who use their credit and debit cards to pay for things over the phone. Although companies often make recordings of telephone conversations for good reasons – to enhance customer service and help with staff training – it is crucial that no record is kept of conversations where sensitive information such as credit card details is revealed.

‘Companies must take their responsibility in this regard seriously, in order to protect people falling victim to fraud.’

Another recent report on fraud, from Financial Fraud Action UK, showed plastic card identity theft and online banking fraud had increased during the first six months of 2009. To find out more about protecting your personal details, read the Which? guide to beating identity fraud and our .

Which? Money Email

Subscribe to the Which? Money Email for independently reviewed Best Buys and impartial expert advice, plus the latest money news and money saving tips.

If you have an older web browser you may need to copy and paste this link into your newsreader:

Find out more about RSS in the Which? guide to news feeds.