blog hero2x
Data Security & Privacy

Are Your Employees Dangerous to Your Customer's Credit Card Information?

By Lindsay Shugerman May 03, 2015

Credit card security breaches are everywhere in the news. It seems that each week, a new retailer or service business falls prey to customer information data theft. 

Sometimes it's due to poor data base design security or even lax access to passwords and permissions (yes, I have worked for companies where the admin user name was ADMIN and the password was PASSWORD!)  And those kinds of issues get a lot of press. 

But did you know that your customer facing employees could be one of your biggest risk points when it comes to customer information safety?  The people who hold a shopper's credit card in their hand, or call in a store credit card application. The ones taking orders over the phone or helping via live chat. Those individuals represent hundreds (or thousands) of possible points of data security compromise every day.

It might be a case of a dishonest employees who is there for the purpose of stealing and selling or using customer data. That's a case for law enforcement.  But more often than not, the breeches happen as a result of accidents or mistakes by employees when handling customer financial or identity information. And that is something you as a business owner or manager can address with training and better business practices. Not convinced? Here are some some examples I've seen or heard about just in the past few months:

  • A store associate receives a completed paper charge card application from a customer, and sets it down on the cash wrap counter while waiting on other customers. 
  • A customer provides their charge card to pay for a purchase, and the associate asks if they would like to apply for a store card, then asks for personal data for the application verbally, while others are within listening distance. 
  • A customer is having trouble with a debit card, and the associate offers to help by reentering their pin number, which the customer is asked to provide verbally
  • A restaurant associate takes the customer's credit card to settle a bill, and goes into the kitchen to check on another order, picks up and delivers another table's food, all the while, card in sight and in hand. 
  • In a medical office, a customer has a past due balance on their account and is asked to settle it before being seen. And they are instructed to use a phone on a table (connected to their main office) to do so. They are then required to provide their name and credit card information (including security code and expiration date aloud in a crowded waiting room.)
  • A store computer is down, so credit card information is accepted via paper slips run through an old style card swiper. The paper slips are stacked on the counter to be entered "once the computer comes back online
  • A company has a Bring Your Own Device computer policy. Customer orders are accepted on some of these devices, which are then used by the employee on a home network, in coffee shops and in other potentially insecure locations. 

The list could go on and on, but the problem is clear. Front end associates can and do put your business reputation and your customer's private financial and identity data at risk. But there is one answer that works for all of these examples and the dozens of others we hear about. Training. The employees I mentioned above aren't trying compromise data security. They're making mistakes. And training is the single most effective way to minimize costly employee mistakes. 

And now it's your turn

Think about your business as it exists right now. How much training do your employees receive on data security awareness?  Are there procedures in place to protect customer data at all levels, and are new employees made aware of what these standards are?  

Do you conduct security audits to test how effective your policies are, and well they're followed?  Are existing employees provided with additional training as issues are discovered or as policy or technology changes? If you surveyed your employees today, how many of them would be aware of the risks to customer information security which exist as a part of their day-to-day responsibilities? 

The time to address weak points in your organization's data security policies isn't after a breach occurs. A new emphasis on the employee's role in information safety now could very well keep your company out of the headlines some day in the future. 

Workplace Answers &
Click 4 Compliance Join Forces

We’ve created the world’s most comprehensive and engaging online compliance training library for companies around the globe.

Learn more View courses

We're sorry this resource is no longer available, we've redirected you to our Resource center.