Wednesday, January 26, 2011

Can Service Provider Take You Down - Part 2 another first hand experience

Just received my Visa billing and I saw a line item for $1100 from a well know Fortune 100 software company. I had bought from them before, but I just cannot remember what it was for. So naturally, I called up the number on the line item right next to the company name and amount:  xyzcompany 617-xxx-xxxx  $1100.

The person answering was pleasant, she asks for my name and credit card info. Which I provided.

Then she said "Oh, I cannot access your account information and I have to transfer you". It is obvious she had no access to any account information let alone mine. I said "OK, but now that you have my credit card information, what are you going to do with it?" Silence - no reply. I then asked for her name and the name of the company she is employed at, knowing full well, it can be an outsourced answering service. She reluctantly did give me her name but she didn't provide the company".

My point to this whole encounter is that over the phone, we are used to the idea that these calls can be taken by 3rd party contractors. Phone calls can be transferred all over the world. And I have no idea who these 3rd party companies are and if they are PCI certified!

At this time, I still don't know if my credit card information is stored in a computer or just a piece of paper laying in the wastebasket waiting for malicious harvesting.

Contractors, whose work are related to handling credit card information, must be able to articulate security compliance policies just like they were working within one's company.  These security procedures must be entrenched into these operators' minds regardless of whether they are internal employees or 3rd party contractors. They must be able to show their understanding of the policies to me - the customer.

I, as a customer, need to be assured that my credit card information is handled with care!


No comments:

Post a Comment