How to Protect your Customers' Credit Card Data
On the heels of Equifax's settlement with the Federal Trade Commission following its 2017 breach of over 145 million records, deemed the largest hack in US history, Capital One announced another large-scale breach exposing the financial data of over 100 million customers.
The hack was carried out by a former software engineer at Amazon Web Services, where Capital One stores its data. It's unknown if the hacker worked with Capital One at AWS or if her knowledge of AWS aided the hack in any way, but she managed to identify and breach a misconfigured firewall on a web application. This enabled her to obtain data, including 140,000 social security numbers, 80,000 bank account numbers, one million Canadian social insurance numbers and more.
This breach is expected to cost the company up to $150 million, and it should serve as a warning to companies across industries - especially those that operate contact centers - that insider threats can be just as costly as data breaches perpetrated by outsiders.
According to Verizon's recent 2019 Data Breach Investigations Report, insider threats are on the rise, and with the contact center industry's high employee turnover rates, there are so many opportunities for sensitive data to be mismanaged by negligent insiders or stolen by malicious ones.
While it's important to put trust in employees, it only takes one bad actor or disgruntled employee to carry out an insider threat. With 72 percent of contact centers accepting card payments by phone, it is imperative that companies ensure customer data is secured from these and all kinds of attacks. The risk of not doing so hurts a company's reputation and negatively impacts a company's revenue streams - as evidenced by a recent survey we conducted which found that 83 percent of US consumers will stop spending with a business for several months in the immediate aftermath of a security breach or a hack.
We have solutions what can help protect against insider threats. Let us help you with cloud-based PCI security solutions to prevent any payment card data from being visible or audible to contact center staff. Payments are routed directly to a secure platform where customers provide masked card details using their telephone keypad, while still maintaining contact with the customer service representative. By operating this way, the risk of insider fraud is eliminated.
Contact us to learn how we can help guard your company and customers against threats like this and more.