Over the past couple of decades, the Internet has eliminated the need for large-scale mail-order businesses. Orders that were once completed by phone and postal mail can now be conducted online, where security is stronger and service can be more easily expedited.
However, phone-based credit card orders haven’t been completely wiped out. In fact, today’s businesses collect numbers to hold reservations, pay past-due bills, and process orders when website orders are unavailable. Whatever the reason for your business to collect credit card numbers by phone, there are some safeguards you should put in place to avoid putting your customers’ data at risk.
If your employees are taking the numbers within earshot of other people, they should be trained to be aware of those nearby. This is especially true if your business welcomes outside foot traffic into your work areas each day. Medical offices and hotels are especially susceptible to data breaches, especially if employees are asked to read back the card number to make sure numbers have been entered correctly.
While it may not always be possible, try to station employees so that those who may accept credit card payments by phone are a safe distance from others. Medical offices can situate their billing employees in a walled office that is out of earshot of the waiting room, for instance. Then if information must be recited back, the only people who might overhear are fellow workers.
Don’t Create a Paper Trail
As workers get busy, it can be tempting to write down customer credit card numbers, along with expiration dates and verification numbers. Scribbling numbers down on post-it notes to enter into the computer later can be disastrous, since those notes will either lounge on the desk or be tossed in the trash without being shredded. This can easily lead those numbers to fall into the wrong hands.
Instead of scrawling numbers on paper, train your employees to enter that information directly into the system. If they’re away from their desks, they should put the customer on hold or transfer the call to an employee who can handle the transaction securely.
Customer protection starts with hiring the right employees. Criminal background checks can make a big difference in preventing problems, especially if you’re hiring employees who will be dealing with sensitive customer data like credit card numbers. If you can, run a professional background check on every employee and consider the results as you make hiring decisions. At the very least, ask for references on candidates and call all of them to get insight into the people you’re considering hiring.
If you have multiple employees, try to keep the number of workers who deal with credit cards to a minimum. Those should be your most trusted employees and preferably they’ll stay with you for a long time. When you have only one or two employees handling sensitive information, you’ll limit the number of workers who have access to that information, reducing your company’s risk.
Protect Phone Recordings
One area of your business that may be forgotten is your customer service recordings. Many customer service desks record their calls now for quality control purposes, and those recordings are designed to be reviewed by supervisors, attorneys, and others who might have an interest in listening to the calls over the many years a company is in business. Businesses may not even think about the credit card numbers that are freely given out on those recordings and may fail to safeguard who has access to them.
If your business is recording calls, you should make sure those recordings are encrypted. Since they’re likely saved on a server that could be hacked, they could very easily become the source of your next data breach. By reviewing your business’s procedures when it comes to recorded calls, you may quickly identify a weakness that could eventually become a much larger problem.
Customers trust businesses with their credit card data. It’s important that businesses honor that trust by taking every measure possible to keep that information safe. By checking over this list and seeing which items you can improve, you can protect your company and its customers against a costly breach.