Back to Blog

Exploring the “What ifs” of insider security threats

No industry is immune from the risk of malicious activity from business’ own staff. The “Employee FraudScape” report produced by CIFAS show statistics that there was reports of 585 fraud cases in the UK alone in the last 12 months. The occurrence of these fraudulent account withdrawals had more than doubled in comparison to the previous year.

PCI’s cloud-based payment solution prevents card detail from being accessed by contact centre staff – visually or audibly. It specialises in facilitating payments without allowing card details to enter the company’s infrastructure, leaving no room for fraudulent activity by members of staff, which in turn gives customers peace of mind.

Breaches such as these often lead to more worrying questions, including “what if these actions weren’t noticed as quickly?”, “what if the transactions were for larger sums of money?” or potentially even “what if that employee sells on this data?”. These types of threats can seriously endanger a businesses reputation and credibility, especially with the rise in importance of being GDPR compliant and handling data securely.

Situations such as these may sound far-fetched or easily avoidable, however healthcare leader Bupa have recently been the subject to these type of employee breaches. It has been issued with significant fines by UK regulators for “systematic data protection failures” after an employee attempted to sell 500 million client records on the dark web.

Another strikingly similar example is a major broadband company which had to suspend a customer service team member following allegations of fraudulent activities on customer cards. The case is currently undergoing police investigation.

It is extremely important for businesses to ensure that their customer’s personal data is protected from both insider and external sources. In today’s digital age, the need for contact centre staff members to be exposed to payment card information should be non-existent. Especially when you consider the robust PCI DSS and GDPR frameworks, and the penalties which have been put in place when a breach occurs.

Natterbox works together with PCI Pal to ensure payment compliance is met when taking payment details over the phone. This negates the need to go through old recordings to remove any card details recorded in error, or for agents to need to manually ‘pause and resume’ the recording when payment details are being provided by the customer. With PCI, the customer is instead routed to a secure payment platform before being passed back to the agent, ensuring the staff have no view of customer’s card details.

By handling telephone payment with PCI, the risk of insider fraud is effectively eliminated, the customer experience is positive and the contact centre is a step closer to PCI DSS compliance.

Share this article