Close Menu
Contact Centre MonthlyContact Centre Monthly
    Facebook X (Twitter) Instagram
    Saturday, July 12
    Facebook X (Twitter) LinkedIn
    Contact Centre MonthlyContact Centre Monthly
    • Home
    • News
      • Industry Appointments
    • Events
      • What’s On
      • Event reviews
    • Career Opportunities
    • Technology Corner
    • Articles
      • Blog
      • Case Studies
      • White Papers
    • Contact Centre Directory
    • About CCM
      • Meet the Team
      • Advertise on CCM
      • Contribute
      • Submit an Article
    Contact Centre MonthlyContact Centre Monthly
    Home » Why payment data in the Cloud means risk and complexity
    Blog

    Why payment data in the Cloud means risk and complexity

    01/07/2021Updated:07/09/20215 Mins Read
    Share
    Facebook Twitter LinkedIn

    Major changes over the last few months have led to a dramatic change in strategies. Adopting permanent hybrid working models for employees has left organisations questioning the need to maintain premised hardware and infrastructure. As a result, they’re looking to downsize their footprint in this area and move everything into the Cloud.

    The Cloud is offering what could be defined as a silver bullet for reduced costs, agility, scale and flexibility. For new virtual contact centres, these benefits are particularly attractive, especially when introducing agent-assisted online tools such as web chat to add to their customer contact mix.

    However, in the wake of migrating to the Cloud, is the security and compliance around data getting enough attention? While 75% of contact centres say data security is no longer a barrier to Cloud migration,[1] where you involve payment and personal data, things get a little more complicated.

    As we take the first steps to a different looking future, for many businesses with contact centres, there remain some hurdles to overcome.

    Things to consider when embarking on a Cloud transformation project for your contact centre:

    Responsibilities are unclear. Cloud providers need to make it quite clear how they will manage your data, what their roles and responsibilities are. You also need to understand where your liabilities and ownership lie otherwise security issues can fall through the gaps and open you up to greater risk.

    You are not alone in the cloud. In public Clouds other businesses are sharing the space and this can increase the risk because it’s possible that someone could go beyond their environment and into yours to access your data, through either misconfiguration or poor design.

    Some control is lost. Once in the Cloud you’re storing data on someone else’s server.  So, you don’t have as much control over it, or the access to it, that you may have on-premise. You rely on your Cloud provider to protect that data for you and they should be ready to provide you with their AOC for your annual audits. Remember however, responsibility of logical access control is not always covered by a Cloud provider.

    Data is more attractive. Hackers want data and the increased shift to the Cloud has created more opportunities for them to get their hands on it. Defining the value of your data and knowing who has access to it will help, as will encryption, monitoring, strict identity or access controls and a tested incident response plan.

    Existing security controls may not be effective. Cloud-based resources can be complex to configure so it’s best not to assume that the controls you traditionally used will work as well in a Cloud environment.

    Biggest threat could still be an insider. The threats from trusted insiders are as serious in the Cloud as they are on-premise. 64% of all reported insider incidents were due to employee or contractor negligence[2]. Robust education and training plus restricted access to critical systems can help.

    What can you do to maintain payment security in the Cloud?

    Keep data out – full stop.

    Preventing sensitive personal or payment data from entering your Cloud environment in the first place is certainly the most robust way to ensure payment security. If there’s no data in your environment, it can’t be stolen.

    Cloud contact centres are great tools to enable contact centre services. However, they do need to be built and configured properly, with correct access controls added. One simple change to a call flow can suddenly open a floodgate of payment data surging into your organisation. The last thing you want to show in your audit.

    Eckoh has been providing cloud-enabled secure payment and customer engagement solutions for over 20 years. Our watertight solutions are built to keep data out and de-scope all, or part, of your contact centre from PCI DSS – reducing the burden of compliance and security, so you can focus on your core business.

    Our telephone, chat, chatbot and IVR payment solutions plug straight into your cloud contact centre environment to give you the reassurance that sensitive payment data is secure and cannot enter your organisation.

    To summarise

    • Personal and payment data in a Cloud environment is a security risk
    • You’re responsible for payment data, so get to know where you sit in the responsibility matrix
    • Truly get to know your Cloud environment and provider
    • Preventing payment data from coming anywhere near your systems, is the most secure option.

    Our security specialists – Dave Holliday, Global IT Director and Kevin Vaughan, Head of Information Security – presented a session at PCI London Virtual on 30th June called ‘Your Cloud provider may be compliant but is your payment data secure’. If you missed it, here’s your chance to watch it and benefit from their insight into the complexities, pitfalls and answers to securing payment data in the Cloud.

    References

    [1] Calabrio – State of the Contact Centre 2021

    [2] Ponemon Institute 2018 Cost of Insider Threats Study

    Share. Facebook Twitter Pinterest LinkedIn
    Previous ArticleBPO Sigma announces new ‘connected’ brand as part of next phase of growth
    Next Article ResQ opens third site in Hull’s newly refurbished Hammonds building

    Related Posts

    NSN – Good support, or just optics? Why trust in the moment must be matched by quality referrals

    10/07/20256 Mins Read
    Read More

    Consumer exodus: 66% of British consumers abandon brands over one broken promise

    30/06/20253 Mins Read
    Read More

    The Rise of Boutique BPOs: Why Smaller is Often Smarter

    25/06/20255 Mins Read
    Read More
    Add A Comment

    Comments are closed.

    Upcoming Events

    11/07/2025

    UPDATE – UKCCF CX Webinar

    2 Mins Read
    09/06/2025

    FREE Webinar Series: Cyber Security in Contact Centres

    2 Mins Read
    28/05/2025

    Step into a smarter, more connected future.

    2 Mins Read
    About
    About

    Contact Centre Monthly™
    Chantelle Newton – Editor
    news@contactcentremonthly.co.uk
    07540 227 288

    We're social, connect with us:

    Facebook X (Twitter) LinkedIn
    Popular Posts
    11/07/2025

    UPDATE – UKCCF CX Webinar

    2 Mins Read
    11/07/2025

    Engage Hub wins at Sainsbury’s Tech Supplier Awards 2025

    2 Mins Read
    10/07/2025

    NSN – Good support, or just optics? Why trust in the moment must be matched by quality referrals

    6 Mins Read
    • Submit an Article
    • Home
    • Privacy Policy

    Copyright © 2021 Contact Centre Monthly.

    Type above and press Enter to search. Press Esc to cancel.