While many are concerned about the amount of their personal data that is held by large companies, and the potential for data breaches, it seems that people are surprisingly cavalier about sharing their own actionable credit and debit card data with complete strangers, according to a firm providing secure payment software.
A poll by Eckoh found that more than a third of people had heard friends or colleagues giving out their full credit card details, including the three-digit code, while on the phone within the last six months. A further 21 per cent had been privy to this information within the last year.
Although people may be forgiven for trusting their friends and colleagues not to take advantage of this information, the same can not necessarily be said for strangers. While the office was the most common place for people to overhear personal financial details (54 per cent), it seems people are quite happy to share this information in public too. Nearly a fifth of people had heard people giving their card details out on public transport, while on in ten (9 per cent) had overheard similar data being shared in cafes and restaurants, and 7 per cent having heard it in the street.
Tony Porter, Head of Global Communications at Eckoh, who commissioned the poll, said: “We rightly expect companies to be protective with our personal data, but there are precautions that we could also take in our day to day lives to ensure that our information doesn’t fall into the wrong hands.”
Three quarters (68 per cent) of consumers polled said that they had read out their card details over the telephone within the last year without checking the security of the line.
Tony Porter added: “It’s easy to forget the significance of the data you share over the telephone. In some cases, that information isn’t only being shared by the person on the other end of the phone, but with anyone who happens to be within earshot. Caution is always to be advised when it comes to handling data.”
Jeremy Duncan, a designer who works in a shared office space in central London said: “My office has big echoey corridors and one of the people in the adjoining office regularly shops by phone outside our office. We jokingly nicknamed her 4921 4556, etc, because me and my colleagues found it impossible not to memorise her card details. We’ve explained the risk to her since and suggested that she change her details. When I told her I prefaced it by asking whether she’d like me to buy anything for her in my lunch hour. She thanked me and called her bank immediately.”
Eckoh points out that PCI DSS (Payment Card Industry Data Security Standard) rules stipulate that companies should have systems in place to put the credit or debit card details of customers out of reach of call centre staff, by masking the sound of their voice as they read the card numbers or by providing an input method that is shielded from the call centre operative. Eckoh estimates that only around 20 per cent of businesses or call centres that take payments over the phone are compliant with the regulations, putting tens of millions of customers’ personal credit or debit card details in the hands of others and creating significant risk of fraud.
