What Can We Learn from the Capital One Data Breach Affecting 106 Million Consumers and Businesses

On July 29, 2019 Capital One confirmed that they were recently the victims of one of the largest thefts of banking information ever. 106 million people and small businesses in the U.S. and Canada had information from credit card applications – including names, addresses, postal codes and zip codes, phone numbers, email addresses, dates of birth and income – made between 2005 & 2019 compromised. In addition, credit data was also compromised, including credit scores, limits, balances, payment history, contact information as well as some transactions made in the last three years. Perhaps most seriously, of the 6 million Canadians affected, 1 million had their Social Insurance Numbers (SINs) compromised, making them more vulnerable to identity theft.

In this latest incident, the breach was the handiwork of a hacker who has since been identified and arrested. However, whether the source of the breach is external or internal (as was the case in the recent breach at Desjardins where the perpetrator was an employee), the importance to businesses and their customers of implementing strong information security policies and procedures and monitoring them vigilantly cannot be overstated.

It’s not just financial services companies like Capital One and Desjardins that need to be vigilant in safeguarding sensitive customer information from hackers- be they internal or external. ANY company that handles client/customer personal information – like credit cards for example – is a potential target.

Where companies are struggling

Many organizations do a great job when it comes to securing their databases from the external cyber threats, however they tend to be more lax when it comes to implementing procedures that can protect them from internal threats (or even mistakes) by employees that can compromise their security and the security of their customers data.

For example, one of the more difficult challenges for businesses is securing credit card information when payments are taken by live staff over the telephone. A very common practice is for a customer to call in to the business to pay an invoice and a live agent captures (i.e. writes down, types) the credit card information and enters it into a virtual terminal for processing. PCI security standards mandate that businesses take the necessary steps to secure every payment channel and specifically the ones where their staff is involved. If you employ live staff to handle your payments, the work area needs to be locked down – i.e. no mobile phones, paper or writing material allowed, and a closed platform at employees’ computer work stations (no USBs or ways to screen capture for example). Even then (and even with vigilant supervision), vulnerabilities exist that can still lead to security breaches and theft of data.

Consulting with a qualified Cybersecurity expert can help you be prepared to successfully navigate the ever-changing Cybersecurity and payment security landscape.

Addressing the Issue of Live Staff in the Payment Flow

If your business relies on the phone to conduct business and part of the transaction involves collecting your customers credit card information, then a more secure and PCI Compliant approach would involve the use of Automated IVR Payments / Pay-By-Phone technology. By automating the payment process, you not only are taking the listening to and collecting of credit card information out of the hands of live staff, you also make payment easier and more convenient for your customers by enabling it on a 24/7 basis. An IVR Pay-By-Phone solution is flexible in that allows for either a fully automated approach, or one can opt for a system whereby which your live staff assists customers up to the point where credit card information will be exchanged, at which point the call is transferred to the automated PBP.

Regardless of the approach taken, IVR Pay-By-Phone technology provides customers with a more convenient way of making payments over the phone that is also much more secure, thereby improving customer satisfaction and confidence that their credit card information has been secured. Businesses will realize benefits in the form of reduced operating costs (since even the approach described above that still utilizes live staff up to a certain point typically needs fewer people to operate), improved efficiency, and enhanced peace of mind from knowing that they have secured this payment channel in compliance with PCI standards.

We’re Here to Help

What our clients are saying about us

“Never any issues with you guys! Things just work.”

Gerry Henstra, CEO, Henstra Business Solutions

“Customer service is a really big deal to us, and I am glad to do business with a company that obviously takes it as seriously as we do.”

Jeff Boatman, Global Client Solutions

“We’re happy with the IVR Payment system and it has been working well for us. Recently we also setup your newest SMS (text) receipts and found it to work great.”

IT Manager

“I want to command you and your team at Datatel on the job just completed for Tele-Response Center. The attention to detail and professionalism with which you approached the project was exemplary and greatly appreciated especially considering the several applications that needed to be implemented on short notice. Thanks again for your assistance getting this project off the ground so smoothly.”

Joe Grossman, Sr. Vice President, 121 Direct Response

“My team and I would like to commend Datatel on creating an IVR application that adds great value to our new Travel product. Your knowledge, input and expertise in IVR scripting, call flow management and overall IVR logistics made the development and implementation stages extremely easy to manage. Thank you for a well executed campaign that was launched on time and on budget.”

Ryan McCullough, Marketing Manager, Aegon Direct

“Great team to work with. I look forward to utilizing some additional capabilities in the future.”

Bob Griffin, VP of Operations, MedA/Rx

“We are very grateful for many years of mutually beneficial business relationship with Datatel and for impeccable customer service we have received during these years.”

Director of Student Accounts

“We, Standard Life, very much appreciated Datatel’s expertise, knowledge and support as we worked through the development and implementation stages. Our Clients appreciate the simplicity of the capability, while gathering very valuable feedback. Thanks for making this a very positive experience.”

Anne Pennell, VP, Customer Services Operations, Standard Life

“This was one of the best implementations I have been a part of. The communication was excellent and everything was responded to and dealt with swiftly. A real pleasure. We are looking forward to the impact this will have on our patient payments! Thank you!”

Kim Pace, Director Patient Accounts and Revenue, Chatham-Kent Health Alliance