Call centres criticised for credit card policy


Call centres violate security standardsUK call centres are keeping hold of recordings containing customers' credit card details, contrary to payments industry guidelines.

This is the key finding of new research from call recording firm Veritape, conducted to mark National ID Fraud Prevention week.

According to a poll of 133 call centres conducted by the firm, over 95% of those call centres that store customer transaction conversations are not deleting mentions of credit card details.

PCI DSS, a global security standard developed by payments firms, states that this sensitive information should not be kept.

Moreover, 61% of call centres told Veritape that they were not aware of these guidelines and 18% said that they were aware, but would not comply because of "technical or budgetary reasons." Another 11% were aware of the guidelines but were choosing not to follow them.

"What we have is a global industry standard that is routinely ignored by call centres throughout the UK," Cameron Ross, Veritape managing director, said.

"Hardware and software interventions are available that automatically delete credit card data from audio recordings."

Records of credit card-related conversations from call centres are highly useful to fraudsters, who can use the details to access accounts and steal money.ADNFCR-2308-ID-19410757-ADNFCR

Published: 20 October 2009