UK call centre practices could put credit card data at risk

16 Oct 2009

The practice of leaving call recordings with security codes on servers could put to risk a large number of UK credit card holders, a research study has revealed.

Veritape, which specialises in audio recordings, conducted a countrywide poll in the UK and found 97 per cent of call centres leaving sensitive customer voice recordings on their networks that could be open to hacking.

The standards set by the Payment Card Industry Data Security Council advise against such practices, but over 60 per cent of call centres were found not aware of the guidelines.

A clause of the guidelines asks not to store the three digit verification code of credit cards in cases of card-not-present transactions.

The research paper, The Great Credit Card Gamble was released during the National Fraud Prevention Week. According to the report, the majority of voice recordings are not masked or deleted, and contain credit card security details.

Cameron Ross, managing director of Veritape, described the recordings as 'actionable data' that has the potential of  putting at risk millions of people.