We’ve already learned the definition of encryption in this 4-part blog series and now we’ll take a look at how call centers use encryption to secure private data.
According to Business Insider, more money is stolen through credit card fraud in the United States than in the rest of the world combined. LexisNexis reports that merchants in the United States are losing approximately $190 billion a year to credit card fraud, and a recent study from New Javelin Strategy and Research showed that in 2016 alone, identity theft and credit card fraud cost U.S. consumers $16 billion.
Cyber criminals are targeting the $3.3 trillion U.S. healthcare industry because much of the information contained in a medical record is permanent and can’t easily be replaced like credit card numbers. Prescription and health records are permanent, social security numbers are difficult to reissue, records can be used for insurance fraud, and fake IDs are created to purchase medical equipment and prescription drugs for resale.
Call centers that are PCI DSS-compliant must meet 12 requirements or risk fines and/or lose their ability to process credit cards. The use of encryption is included on this list of requirements and must be used when transmission of cardholder data is sent across open networks, during call recordings, when storing call recordings, and during Voice over Internet Protocol (VoIP) transmissions. Bluetooth-enabled devices such as headsets and keyboards themselves need to support encryption.
HIPAA-compliance is essential for medical call centers. End-to-end encryption (E2EE) is used for all electronic medical records (EMRs) and any hardware or software connected to EMRs. Computers typically have encryption software pre-installed on each machine, and any communication device and/or mobile apps used between operators and hospital staff are encrypted (commonly used when an agent contacts staff who are on-call).