All posts by Debra Patrizi

cost of cybercrime 2015

Financial Cost Of Data Breaches On Affected Companies In Australia 2015

Cybercrime continues to rise across the globe and Australian organisations have so far been somewhat complacent about the impact of a data breach.

With the mandatory breach notification law still on the government’s agenda, organisations in Australia should be thinking about securing their sensitive data now.

Many organisations in Australia struggle with security and legislative compliance.

The global landscape is changing and changing fast.

Businesses must consider an explosion of new technologies and find ways to handle and protect large volumes of sensitive data. Businesses require solutions, which achieve optimal business performance, staff productivity, comprehensive security of sensitive data and control of their digital interactions in more holistic cost effective ways.

Securing a business does incur costs of course but not protecting your business appropriately could cost you, your clients, your reputation and ultimately your business.

This infographic highlights the cost of cybercrime on Australian organisation in 2015.

 

Loading...

Loading…

Organisations that embrace solutions regarding data security and the new privacy laws can increase customer satisfaction, reduce costs, secure the business infrastructure, foster a better working environment and broaden service options.

It’s a compelling opportunity for businesses to leverage security and compliance investments to maximise returns for the business. In short, certified cloud-based services are available which reduce compliance costs, secure customer data and payment processes while offering opportunities to improving the customer experience – improving the bottom line for business.

DON’T BE THE NEXT HEADLINE, USE OUR FREE TOOL TO FIND YOUR UNPROTECTED CREDIT CARD DATA BEFORE THE CRIMINALS DO!

Free Credit Card Discovery Tool (3)

Read more here about why some of the largest merchants in Australia trust us, to help them achieve and maintain their PCI DSS compliance.

Click here to get in touch with us today or if you wish to keep updated with the latest information, news stories, Fintech and digital payment solutions in Australia, subscribe here.

 

 

 

You may also like Australias New Privacy Laws – Important Insights

How To Reduce The Average Call Handling Time in The Contact Centre

How To Reduce The Average Call Handling Time In The Contact Centre

Average call handling time is one of the most important KPI’s in the contact centre and one of the most challenging for Contact Centre Managers.

We have collated the best tips from various sources to help you address some of the common issues that prevent many Call Centre Managers from achieving this KPI.

With the correct approach and the right tools at your fingertips, this challenging KPI will be much easier to achieve. Click here to read the whitepaper

Pause call recording is quickly becoming legacy technology in the contact centre

Pause and Resume call recording in the contact centre

Pause-and-resume recording is quickly becoming a legacy solution that no longer efficiently serves the purpose it was designed for, namely to facilitate and ensure Payment Card Industry Data Security Standards (PCI DSS) compliance in the contact centre.

Technology has matured over time, thus rendering pause-and-resume to be an antiquated process compared with newer solutions that reduce fraud exposure and PCI DSS compliance costs, while improving customer service & confidence.

Nevertheless, 59 percent of contact centres still use pause-and-resume as their primary response to credit card security concerns. So, for those organisations still making the best of an antiquated solution, we’ve laid out the five reasons why pause-and-resume payment processing puts the call centre, PCI compliance, and the customer at risk, and why you should consider more effective solutions.

  • Manual pause-and-resume is unreliable

Just over half of the contact centres that still use pause-and-resume, deploy it using manual processes. Considering that contact centre agents are focused on the customer and customer service, even the best agents will occasionally divert their attention away from an exacting pause-and-resume process. The impact on PCI DSS compliance is obvious, as the whole recording solution is dragged back into scope every time human error occurs as credit card numbers get captured in call logs. That makes manual pause-and-resume an unsatisfactory solution. Fortunately, there are alternatives that can integrate with legacy solutions, positively impact workflow, and ensure that your agents are serving customers without the risks associated with handling sensitive credit card data.

  • Automated pause-and-resume is often complex and costly

Automatically pausing call recording, for example when an agent opens a payment page, does not guarantee that the customer will find their payment information and present their details in the allotted “pause” time. If “resume” starts recording again, then the call and PCI DSS compliance may be compromised. This means an automated pause-and-resume solution doesn’t always prevent sensitive card data from being recorded or stored. Of course, that leads to other process requirements to cleanse the recording and protect stored card data. Automated pause and resume is often complicated and relatively costly to deploy, with much more cost effective solutions now available which facilitate compliance while also preventing card capture in call recordings and downstream systems.

  • Agents remain exposed to credit card data

Unfortunately, pause-and-resume solutions don’t prevent agents from hearing the customer’s credit card details, and “paused” recording can make it easier to engage in malicious activities off the record. This can be problematic for call centre environments, and is especially troublesome given the growth of work-at-home agents. Turning off or pausing call recording may also have negative regulatory, governance and training implications.  Customer interaction through the call centre is part of the brand experience, and it seems more prudent for companies to have agents focusing on servicing customers rather than thinking about security and PCI DSS compliance on each and every call. Integrated technology solutions are now available which prevent agent exposure to sensitive data, and allow them to focus on customer services, sales and support.

  • Screen capture processes remain in scope for PCI DSS

For reasons ranging from quality assurance to regulatory requirements, many call centres use screen capture technology during calls. Screen captures fall within the scope of the PCI DSS requirements and all networks ‘connected to’ workstations displaying cardholder data are in scope, therefore screen capture processes pull systems and processes into the scope of PCI security compliance. In addition to which any time credit card data is displayed on screen, there is a risk of fraud be it via printing, photos and/or agents manually writing card details down.

Advanced services such as IP Solutions AgentSecure service can prevent credit card data from entering the call centre environment while still allowing credit card payments to be processed quickly and efficiently, as such existing screen capture process will no longer scrape sensitive card data within the process.

  • Contact Centre Agents no longer need to fall under the ‘need to know’ category

The Payment Card Industry Data Security Standards (PCI DSS) requirements state companies must limit access to credit card data to only those individuals whose job requires such access i.e. on a need to know basis.

Now that cloud based services are available in Australia, which enable contact centre agents to securely process credit card payments in real time without being exposed to credit card data, the previously held belief that agents need to hear credit card details to process payments and service customers is no longer valid. With IP Solutions AgentSecure service, agents have no exposure to credit card data, and the agents’ communication channel with the customer remains open and the highest levels of customer service are maintained throughout the payment process.

Pause & Resume solutions do not adhere to the principle of “restricting access to card data on a need to know basis” as more advanced services are now available which can eliminate agent exposure to credit card data entirely.

Watch a short video to learn how more advanced solutions will protect your staff and secure your payment processes, in line with the PCI DSS compliance standards.

 

And there you have it. Pause-and-resume recording has had its day and it’s time contact centres considered more secure, customer centric processing solutions that improve customer service & payment security while opening the potential to improve customer service, cash flow and average call handling times.

Click here to discuss with us today or if you wish to keep updated with the latest information, news stories and contact centre solutions,  subscribe here.

Don’t Be The Next Headline, Find Your Unprotected Credit Card Data Before The Criminals Do!

You may also be interested in:





PCI DSS Compliance

Mandatory data breach notification still on government’s agenda

The rise of Cybercrime is creating legitimate business risk and privacy concerns for Australians.  

The government has confirmed it is still planning to legislate a mandatory data breach notification scheme before the end of the year.

The legislation will compel organisations to notify people when their privacy is potentially compromised by a data breach.

Read the full article here.

Organisations that embrace solutions regarding data security and the new privacy laws can increase customer satisfaction, reduce costs, secure the business infrastructure, foster a better working environment and broaden service options. It’s a compelling opportunity for businesses to leverage security and compliance investments to maximise returns for the business. In short, certified cloud-based services are available which reduce compliance costs, secure customer data and payment processes while offering opportunities to improving the customer experience – improving the bottom line for business.

Contact us and discover why some of the largest merchants in Australia trust us, to achieve and maintain PCI DSS compliance.

img-banner5

Australian Call Centre Employee Stealing Customer Information!

High profile data breaches are becoming common in mainstream news reports across Australia. It was reported that an Australian call centre employee stole customers personal information and sold them to an organised crime syndicate who used them to take out fraudulent credit cards and loans totally more than one million dollars.

Details of the call centre and the breach have emerged with 4 people arrested in Sydney along with a call centre worker at the centre of the breach.
Click Here to Read The Full Article

Australia’s New Privacy Laws, Important Insights

The reforms to the federal Privacy Act include significant changes to the existing privacy principles which apply to private and public sector organisations and businesses. The new laws place more noteworthy obligations on Australian companies to guarantee that they have thorough and transparent practices, methods and approaches in regards to protection of customer information.

Accordingly, a review of current protection approaches should be undertaken to ensure compliance with the new laws.

On March 12th 2014, Australia strengthened its Privacy Act by making significant changes to:

● The Australian Privacy Principles (APP’s) which applies to both Government agencies and the private sector

● Credit reporting for consumer credit

● The Australian Information Commissioner’s power and function

● The privacy and credit reporting codes, including those binding on specified organisations and agencies

What are the new Australian Privacy Principles (APP’s)?

The key changes to the act are:

1. Privacy Policies – organisations are now required to have a clearly expressed and an up-to-date privacy policy which must deal, amongst other things, with:

● The types of personal information that an organisation collects and holds;

● How the organisation collects and holds personal information;

● To whom the organisation discloses personal information; and

● If the organisation is likely to disclose personal information to overseas recipients, the countries in which such recipients are likely to be located.

2. Cross-border disclosure of personal information organisations, before disclosing personal information to an overseas recipient, to take reasonable steps to ensure the overseas recipient does not breach the APPs (subject to specified exceptions).

3. Collection of unsolicited personal information where an organisation receives unsolicited personal information (for example, through a social media platform), it must determine within a reasonable period whether that personal information could have been collected lawfully. If not, then the unsolicited personal information must be destroyed.

4. Credit Reporting – the changes have brought about more simplified and enhanced processes and the introduction of civil penalties for breaches of certain credit reporting provisions.

5. Collection of sensitive information – under the new rules, sensitive information, including, for example, medical and health records or details of criminal prosecutions may (subject to certain exceptions) only be collected by an organisation if the individual has consented to the collection and the information is reasonably necessary.

In addition to these changes, the Privacy Commissioner, who is in charge of monitoring and enforcing breaches of the new rules, has been provided with a range of new powers including the power to:

● Conduct an assessment of whether the personal information held by an organisation is being kept in accordance with the APPs;

● Make various determinations relating to the acts and practices of an organisation, such as compensation.

● Accept enforceable undertakings by organisations in respect of breaches of the Privacy Act.

● Undertakings could include the payment of a fine, implementation of new systems and procedures, privacy training for staff, compliance reporting and audits; and

● Apply for civil penalty orders for serious or repeated offences of up to a$340,000 for individuals and a$1.7 million for corporations.

Under the new budget, the Office of the Australian Information Commissioner (OAIC) is to be closed in January 2015, please note however that the new privacy requirements will still apply thereafter. The organisational structure and offices of the Privacy commissioner may change, but the requirements do not. We note also from David Braue’s article in Information Security ANZ that the privacy commissioner’s office is anything, but dormant in Australia “In the four years of its existence the OAIC closed 5,303 privacy complaints, handled 40,584 phone, and written enquiries, received 193 data breach notifications and conducted 91 own-motion investigations and 10 audits” including the fines imposed on Telstra, following publication of personal information.

The rise of Cybercrime is creating legitimate business risk and privacy concerns for Australians.

 There’s enough information available now, which highlights that Australian merchants capture and store huge amounts of personal information, including financially sensitive information.

One of the more recent media articles on the topic of data breaches, focus on Catch of the Day, whereby customer data had been stolen three years ago. This demonstrates the importance of data protection and the need for prompt notification, particularly to the customers affected.

It is vital that organisations dealing with personal information are sophisticated enough to have a plan in place. This triggers the need to immediately notify affected users. Catch of the Day’s failure to inform users of a data breach that occurred three years ago suggests the online retailer wasn’t appropriately prepared. This will most definitely have a negative impact on the brand, as more customers rate trust as one of the main factors when shopping online.

A mandatory data breach notification law will encourage businesses to protect themselves from significant financial losses and the silent epidemic affecting companies in Australia, Europe and the United States (please note mandatory data breach legislation while proposed by parliament has yet to be passed).

Businesses should already have policies and procedures in place to ensure the information they hold is protected from data breaches, including notification where there is a risk of serious harm to affected people. In practice, however the data paints an entirely different story, the event and costs of computer-based crime continues to grow significantly in Australia.

Securing a business does incur costs of course but not protecting your business appropriately could cost you, your clients, your reputation and ultimately your business. The global landscape is changing and changing fast and it’s the Australian government’s responsibility to educate and encourage protection in these changing times. The fact that consumers are not being notified when their data is stolen is unacceptable.

Cyber security threats are increasing rapidly, causing many companies to struggle with security and legislative compliance.

At the same time, businesses must support an explosion of new technologies and find ways to handle and protect large volumes of sensitive data. Businesses require solutions which achieve optimal business performance, staff productivity, comprehensive security of sensitive data and control of their digital interactions in one simple, cost effective service, our professional services assist companies to navigate the security landscape to achieve both PCI DSS Compliance and/or facilitate compliance with Australia’s Privacy requirements.

Organisations that embrace solutions regarding data security and the new privacy laws can increase customer satisfaction, reduce costs, secure the business infrastructure, foster a better working environment and broaden service options. It’s a compelling opportunity for businesses to leverage security and compliance investments to maximise returns for the business. In short, certified cloud-based services are available which reduce compliance costs, secure customer data and payment processes while offering opportunities to improving the customer experience – improving the bottom line for business. 

Contact us and discover why some of the largest merchants in Australia trust us, to achieve and maintain PCI DSS compliance.