Brokers risk £10,000 fine by PCI Security Standards Council.

Credit card

Almost all insurance brokers fail to protect their customers from the risk of fraud when accepting credit card details over the phone, according to call management experts Callstream.

The Payment Card Industry Data Security Standard (PCI-DSS) requires handlers of debit and credit card cardholder information to take prescribed steps to reduce risks of fraud.

Callstream conducted a ‘mystery shopper’ analysis of over 200 insurance brokers’ inbound call management.

The analysis revealed that only 1% of UK insurance brokers who take payment over the phone are minimising the risk of a security breach by ensuring that credit card details are hidden from staff and have no contact with IT infrastructure.

Most contact centres’ non-compliance was because customers were asked to read out card details to the call agent, or input details via the phone through a system that did not mute, hide or encrypt the touch tones.

The lack of a secure system to obtain payment details obviously puts customer data, and therefore the broker’s reputation, at risk.

Brokers also risk fines of fine of £10,000s or similarby the PCI Security Standards Council.

Callstream chief executive Mick Crosthwaite said: “One of the main reasons customers choose to contact brokers’ call centres rather than purchase online is because they simply don’t understand or trust online systems.

“But because brokers are asking customers to read out their credit card details – which could be written down by staff or captured in call recordings – ironically, these customers may actually be at a higher risk of fraud in the call centre than online.”

Alongside PCI-DSS compliance, Callstream’s research included how long it took for calls to be answered during peak and off-peak times, the number of automated options provided to callers, and the ability to solve problems on first contact.

Join the debate at our Insurance Times Fraud Forum on LinkedIn