Trust and Trustibility

Doing the washing up on Thursday night I heard yet another story of a security breach involving an off-shore contact centre. The BBC (in the guise of The World Tonight) secretly recorded an undercover reporter buying “leads” with names, address & credit card details.

This is nothing new, of course, there was a Dispatches programme in 2006 that found evidence of data theft in UK as well as overseas contact centres, but it is a little depressing to know that it is still going on.

The problem isn’t limited to off-shore contact centres, of course. Earlier this month, a manager in a UK call centre (Barclaycard) stole £11,000 from a customer having stolen his details when he called in.

The fact is that credit card fraud happens. It happens in shops, pubs, petrol stations, ATM machines (that’s Cashpoints in English), restaurants and anywhere else people use plastic to pay for goods and services.

What’s more, occasionally bad people work in call centres. And in banks, newspaper publishing, restaurants, petrols stations, shops, pubs etc.

So why the interest? Why the undercover operation and top billing for a report that might be considered a bit “dog bites man”?

Well, I think there are a three things in play here.

Firstly, the brand on whose behalf the transaction was made and from which the details were subsequently stolen, was Symantec (marketing strap-line, "Confidence in a connected world") taking payments for the renewal of antivirus software. Antivirus software is surely something you need to think you can trust. It is also one of the few applications that regularly (well, every year or so) pops up and asks us to feed it with money. The thought that the software you installed to protect your computer and your data is actually inducing you to pass your credit card details on in order that they can be stolen is unsettling at best.

Secondly, it happened offshore. In these days of “British Jobs for British Workers”, a tendency towards protectionism in governments about the world and, let’s face it, a considerable lack of love towards the financial services sector, a good old-fashioned off-shore bashing session was definitely on the cards.

Thirdly, and perhaps more importantly, our details are now (despite what it might say in the papers) more secure than ever before. Chip & PIN has stopped the dodgy waiter from double-swiping your card at the back of the restaurant. Initiatives like the Payment Card Industry (PCI)’s Data Security Standards (DSS) have made businesses more aware than ever before that they need to protect data, from their staff as well as from external attack, protect their networks and be open about how they handle sensitive information.

So, what’s to be done. Over the web we have services like “Verified by Visa”, WorldPay & PayPal that give consumers confidence. We have Chip & PIN in face to face environments and a mattress to hide our worldly wealth in if we don’t trust the banks. Call centres are one of the few remaining situations where we still hand over our card details to an individual. How do we get the trust back?

Technology can have a part to play – the transfer to an automated system for the collection of the sensitive credit card information before passing the call back to an agent – has been used successfully. However, if you don’t trust the organisation you’re calling, how do you know that their IVR isn’t bent too?

Perhaps there is a scope for an IVR version of a “Verified by Visa” scheme, or perhaps a more public awareness of an accreditation like the PCI DSS. If this trust issue isn’t solved, it’s not only going to be overseas call centres that attract suspicion.

Ideas, anyone?