Adhering to Strict Security and Compliance Practices During Telephone-based Payment Card Transactions Now More Critical Than Ever
Boston, MA and Guildford, UK– Jan. 22, 2019 – Semafone, the leading provider of data security and compliance solutions for call and contact centers, urges businesses to focus on implementing strict security and compliance practices during telephone-based transactions for the sake of customer and organizational data privacy in 2019. Semafone CEO Tim Critchley, Chief Innovation Officer Ben Rafferty and Head of Information Security Shane Lewis, share their top security and compliance predictions and insights for the new year:
1. Hackers and insider threats hungry for Personally Identifiable Information (PII) will put contact centers at risk
Because contact centers process and store a host of PII – including payment card data – they are prime targets for fraudulent activity. However, outside threats (like hackers and phone scammers) aren’t the only ones eyeing the contact center’s PII goldmine, as those inside the organization can also put sensitive data at risk. Potential inside threats can come from contact center agents and customer service representatives (CSRs), who may be tempted to copy down verbalized customer payment card data; to coerce or bribe a colleague into sharing PII; or even accidentally leak data by falling victim to a phishing attack. While the vast majority of agents are diligent, customer-focused and trustworthy, it only takes one employee succumbing to curiosity to violate compliance laws and potentially cause a massive data breach.
2. After the CCPA goes into effect, other states will follow
The California Consumer Privacy Act officially goes into force on January 1, 2020, so we expect to see companies racing to get to grips with this regulation over this coming year. We will also see several other states following suit. California is a trend setter when it comes to data protection regulations, so we predict that states such as Massachusetts, Illinois and New York will look to draft their own form of the regulation soon.
3. In the race to modernize, vulnerabilities will be exploited
In the increasingly flooded technology market, companies are attempting to get their new solutions on the shelf as quickly as possible to stay competitive. However, in this race to modernize, companies are bypassing security controls and requirements. Glaring vulnerabilities are making these new technologies, such as IoT, a target for hackers, and we will see some serious hacking of these devices in 2019. Companies that offer products to consumers without having considered privacy and security by design, will be putting peoples’ homes at risk. With Wi-Fi enabled appliances, energy management systems, and more with little to no security, hackers could easily find a way into the network through these devices. DDoS attacks on IoT devices will therefore be increasing even more over this next year.
4. Old hacking techniques will thrive
While new technologies are leaving doors wide open for hackers, 2019 will also see the age-old hacking techniques, such as ransomware and phishing, making serious headway this year. Sadly, it is smaller organizations, armed with fewer resources to protect themselves, that are becoming the prime targets. Even those companies who do perform security awareness training are still seeing 20 percent of staff fall for basic phishing campaigns, so organizations need to make this a top priority in 2019.
Tim Critchley, CEO, commented: “With so much technological advancement happening so quickly, we’ll see hackers working harder than ever in 2019, using both old and new attack techniques to exploit consumers and organizations of all sizes. But demand for our services has never been higher, and we see our customers heavily investing in proper data security and compliance practices. Security and compliance finally seem to be on the agenda in the right way for a lot of large and small organizations who are now more aware of the financial and reputational dangers of lax data practices. With new US data regulations on the horizon, we can expect to see companies updating their IT infrastructure and ensuring their staff are well educated so they can stay ahead of the compliance changes and out of the data breach news headlines.”