Identity theft was the number one source of consumer complaints to the Federal Trade Commission (FTC) in 2007. Estimates by private market research firms peg the incidence of identity theft as high as 15 million consumers. The most common form of identity theft, according to the FTC, is the misuse of credit and debit card accounts. Approximately 3.4 million adults can expect to have their payment card data compromised every year. While for most consumers the impact is modest, according to the FTC one out of twenty victims suffer median out of pocket loses of $400 and spend 60 hours trying to clean up the mess that resulted.
Contact centers can become unsuspecting targets of cyber criminals. Outbound telemarketing centers, inbound centers that engage in up-selling and/or cross -selling, service providers, and collection companies always take payment in the form of credit or debit cards. The card information is entered into a CRM or other sales automation software and recorded by voice and screen recorders. And there it resides – thousands and even millions of card records inviting remote criminals or even greedy employees to extract for personal gain or sell into a sophisticated secondary market.
In order to reduce fraud, the Payment Card Industry established the PCI Security Standards Council in September 2006. The aim of the council was to establish a set of rules that merchants and service providers must comply with in order to accept payments through the credit and debit card apparatus set up by the card vendors.
The Council subsequently issued a Data Security Standard (PCI-DSS) which details security requirements for members, merchants and service providers that store, process or transmit cardholder data. You can read that data in a Pelorus Call Recording Guide to PCI-DSS Compliance – compliments of VPI