by Bob | Oct 6, 2016 | Views
Yesterday (October 5th) saw two interesting news reports, one made headlines, the other didn’t. The first report was the fine of £400,000 imposed on Talk Talk following their data breach last October, we first reported on it here. The fine, the largest imposed by the Information Commissioners Office (ICO) was slightly less than the maximum that they could have levied, and is small change compared to the £42million – and the loss of 101,000 customers – that Talk Talk admit that the breach has so far cost them. The ICO’s full announcement is here and states that name and address, telephone number and email addresses of 156,656 Talk Talk customers were accessed. Also that some 10% of those customer details included bank sort codes and account numbers. The stolen data was stored on a database of customers that joined Talk Talk when, in 2009, it acquired the UK operations of Tiscali. The data was accessed by using the relatively simple technique of SQL Injection into a web page. Talk Talk had already suffered two similar cyber attacks in 2015 that should have highlighted system vulnerabilities. The Information Commissioner Elizabeth Denham said: “TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.” “Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.” While it was initially thought that the data breach had been committed by cyber terrorists, six people – all under 21 – have been...
by Bob | Oct 22, 2015 | Uncategorised
Experts Compliance3 highlight the technologies and processes continuously overlooked by contact centres which ensure card payment security By SLS Marketing – 22 Oct 15 London, 15th January 2015: Compliance3, a company that helps contact centres achieve and maintain PCI DSS compliance, has highlighted the technologies and processes contact centres should implement in 2015 to reduce the increasing risk of breaches, reputational damage and revenue loss. Ensuring card data is not ‘captured’: allowing card data to enter the business environment when exchanging data with trusting customers for payments, renders the merchant liable to extensive, expensive PCI DSS compliance obligations. Ideally, card data needn’t enter the business environment. Legacy recordings: using pause/ resume technologies to pause call recordings at the point of payment will allow card details to be provided to the advisor by the customer but they should prevent their storage, however many of these technologies are dependent on the advisor and are notoriously unreliable, meaning that many merchants may be storing card data unnecessarily. Implementing payment technologies such as DTMF or IVR: DTMF(Dual Tone Multi Frequency) uses the frequencies from handset keypad tones to determine which numbers have been entered, and IVR (Interactive Voice Response) is a voice-response technology that achieves the same purpose. Both solutions eradicate the risk of allowing the agent to capture card details. Applying the full PCI DSS programme: version 3.0 became mandatory from January 2015 and enables a business to be fully compliant with all card scheme requirements. Contact centres from small, niche operations to those representing major high street brands, despite a steep increase in “card not present” fraud, still need to embrace the...
