A seismic shift in consumer spending away from high street, but are retailers’ payment processes leaving them open to attack?

The January sales are in full swing and one thing is clear – more and more consumers will be looking to purchase their bargains from the comfort of their own homes.

Dubbed the first truly “online Christmas” by some retail experts, statistics from retailers and analysts released over the past fortnight clearly show a significant shift in spending away from the bright lights of town and city centres. With high street footfall down by 3.1% on Boxing Day – the third consecutive annual decline in footfall – consumers now see their mobile phones as the easiest and most convenient way to buy items. Retail giant Next reported a 14.9 per cent increase in online sales for the year to the end of December, while in-store sales were down seven per cent – and this trend will undoubtedly be mirrored across the retail sector.

Despite this seismic shift in consumer habits now really biting the industry, it’s clear that many retailers are still playing catch up in terms of the way they take payments over the phone. It’s now second nature for consumers to buy online using their debit or credit cards and it’s often hugely convenient to call the retailer and read out card data to the agent. A win-win for both the consumer and retailer, one might argue.

But at what potential cost? The truth is that unsecure telephone payments are easy pickings for fraudsters and this worrying trend is only set to escalate in 2019. Card fraud from telephone payments, in particular card-not-present (CNP) theft, has risen by almost 10 per cent in the past two years. Official figures show that CNP fraud was valued at £432m in 2016, up eight per cent on the previous year, and is expected to rise to an estimated £680m by 2021.

With the stability of the retail sector on increasingly thin ice, owing to Brexit uncertainty and evolving consumer habits, can retailers really afford a data breach in 2019?
The big risk of data breaches is, of course, financial. Under the General Data Protection Regulation (GDPR), companies can be fined £16.5m or 4 per cent of their worldwide turnover – significantly more than the maximum penalty of £500,000 under the old law. We have yet to see a big-time retail casualty of GDPR compliance – but all the evidence points towards increasingly robust enforcement now that the legislation has bedded in.

There is also the risk of fines from the Payment Card Industry Security Standards Council (PCI SSC), which recently issued an important update to its guidelines for telephone payments. The revised guidelines reiterates the risks for retailers who continue to use Pause and Resume methods for processing telephone card payments. The PCI SSC warns that removing payment card data from the contact centre environment is the only secure solution to prevent fraud attacks and ensure compliance.

The liability is not only financial and retailers also risk significant reputational damage from a data breach or non-compliance.

So, taking account of all the evidence and with a fresh year ahead, now is the ideal time for retailers to review the way they take telephone payments over the phone.

The technology is available, and is simple to integrate without significant investment in infrastructure.

PaySure has been pioneered by Ultracomms and offers a secure and affordable solution to retailers. The technology allows customers to enter their payment card numbers directly into their telephone keypad, removing the risk of a card data breach that could occur reading them out loud to an agent over the phone.

The key features of the PaySure solution are:

  • Data security – fraud risk is minimised.
  • Descoping businesses/contact centres from PCI DSS.
  • Delivering significant savings as it avoids capital investment for on-site PCI compliance and minimises the need for PCI audits.
  • Improved customer and agent experience – no break in the call as the agent stays on the call throughout the payment process.
  • Fully managed, resilient cloud-based solution – hosted in dual secure data centres, offering rapid roll out and scalability.

To find out more about securing your business from the risks posed by card fraud from telephone payments click here.

Back to all news

5 reasons why employee engagement is no game.

5 reasons why employee engagement is no game.

If you read a lot of industry news and commentary, you’ll notice that gamification is often promoted for its employee engagement benefits, particularly in a...

Read article

The most memorable days usually end with the dirtiest clothes!

The most memorable days usually end with the dirtiest clothes!

On Sunday 22nd September, the Ultracomms team set off to Tough Mudder to take part in a 5k course including obstacles, heights and a LOT...

Read article

Making the grass greener is easier than you think…

Making the grass greener is easier than you think…

Customers don’t always behave how companies expect. As customers ourselves, we’re all too busy juggling jobs, family commitments, bills and appointments and we sometimes forget...

Read article

Take advantage of Ultracomms solutions

Let's chat