I recently experienced what is probably an everyday occurrence, but it still rather shocked me. I was on a packed commuter train when a young lady made a phone call, talked for a bit about some purchase she had made, and then proceeded to rattle off all her personal information: name; address; date of birth; credit card details.
Anyone in our carriage could have taken down those details and gone on a wild spending spree - and with the ubiquity of mobile internet probably cleaned out her account by the time she got off the train.
There should be just as many rules, and equally strict penalties, for companies that allow customers to read out their details over the phone as there are for online card payment transactions.
The number of companies who expect customers to reel off their card details to a stranger sitting in a call centre is bewildering. Just yesterday, I called a major financial institution to settle my balance and I didn't even have the option of using an automated touch-tone system. I had to speak to a live operator.
Aside from that operator (and possibly even myself) not knowing who's listening to me, there are so many risks involved with this kind of transaction:
- The call centre operator could make a note of my card details and use or sell them. There have been several cases of this within UK and offshore call centres and I'm sure it happens all the time.
- If the call is recorded, as so many are these days, who else is going to hear my card details?
- My card details could just be written down and passed to another member of staff to process the payment - more eyes on my credit card number and more opportunities for them to 'disappear'.
The solution, of course, is to offer me an automated IVR channel for paying my invoice or statement. I just punch my card details into my phone and, assuming the transaction is processed in real-time without human intervention, no-one is going to be able to eyeball my personal details. There shouldn't even be any need for the company to record or store my card details at all.
Then, not only are my details safe and secure, but I've saved time by not having to queue for an operator and I can pay at a time convenient to me - day or night.
With online merchants having to pay a small fortune to achieve PCI compliance to process payments - and facing large fortune fines when things go wrong - isn't it time to stop allowing complete strangers to access our credit card details over the phone?
Who have you given your credit card details to recently?
Comments