Call centers are a prime target for hackers and fraudsters thanks to the collection of sensitive data, like payment card numbers, Social Security numbers, and other personally identifiable information (PII) from millions of consumers globally each year. In 2015, AT&T was fined $25 million by the FCC for breaches that exposed the personal information of 280,000 AT&T customers. And a 2017 report from Pindrop Labs found that based on a review of more than 500 million calls in 2016, fraud rates soared 113% over the previous year.
2017 set the record for data breaches, with the Identity Theft Resource Center reporting 1,579 breaches compromising 179 million records. Some of the lowest-hanging fruit for hackers continues to be credit card information, since these records can be quickly sold on the Dark Web for as much as $110 per card – making any company, regardless of industry, that collects customer payment information attractive for malware and ransomware attacks to steal this information.
There are two security paths companies can take to protect cardholder data: Defend the Data or Devalue the Data. To Defend the Data, companies must build stronger, higher and more expensive walls of security around their systems for protection. With the Devalue the Data approach, companies employ security technology to devalue the cardholder data before it reaches their POS systems and networks, rendering the data useless to hackers if it is exposed.
PCI-validated Point-to-Point Encryption (P2PE) is an integral security component in devaluing data, since it encrypts credit card information at the Point of Interaction (POI) in a PCI-approved P2PE device and decryption is done in hardware and outside of the call center environment.