Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites.
Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. For avoidance of any doubts and to make it easier, you may consider any links to external websites as sponsored links. Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


By Tim Critchley, CEO,Semafone

Tim Critchley, CEO, Semafone
Tim Critchley, CEO, Semafone

Recent research by law firm RPC found that the number of data breaches reported by the insurance sector has doubled in the space of a year. Just a few days after the numbers were released, the reality of the situation was aptly demonstrated by health insurer Bupa when the company found itself the victim of an insider data breach affecting almost 550,000 international health insurance plan customers. In the face of this serious lapse in data security, it’s unsurprising that consumers are questioning companies’ ability to keep their data safe. In fact, according to a new report, just 30 per cent of British insurance policy holders trust their insurance provider to manage their data securely.

Yet, in the face of rising threats and customer doubts, many insurers are still relying on a seriously inadequate data security solution that is putting customers’ sensitive information at risk. Our own research in 2017 of the top insurance firms in the UK and US found that 19 out of 20 use a process known as “Pause and Resume”. While this technology prevents contact centres recording customer’s payment card details on calls, it fails to provide the rigorous data security that is needed beyond recording the call, to protect customers’ sensitive information from the internal and external threats.

Don’t press pause on data security

Pause and Resume does what it says on the label; when a customer calls a contact centre and is asked to provide payment card information over the phone, the contact centre agent will use the system to pause the call recording, resuming it once payment details have been captured. At its inception, the solution was relied upon to help organisations adhere to industry regulations and standards for call recordings. Many businesses continue to use Pause and Resume to fulfil the role of a data security solution, ensuring that in the event the contact centre IT system suffers a cyber-attack, there is no valuable information sitting within the call recordings that can be stolen by the hackers.

However, in reality, the technology presents more data security problems than it solves. And looking one step further, when it comes to navigating a complex regulatory landscape, Pause and Resume is severely lacking the rigour to satisfy the compliance demands placed on insurers by regulators or governing bodies.   

The three pressure points 

  1. Insiders can be enemies too

Over seven billion data records have been exposed as a result of a data breach since 2013. And figures indicate that malicious insiders, looking to steal data for financial gain or revenge, account for 9% of all breaches. In fact, a 2017 survey of 4,000 office workers in the UK, Italy, France and Germany show just how dangerous an inside employee can be; 29% of respondents said they had intentionally provided third parties with sensitive information without authorisation. Pause and Resume solutions put contact centre agents in far too much control when it comes to having access to this sensitive data. While the technology may keep data from being recorded, agents can still hear the customer reading out the details – whether that be payment card numbers, dates of births, bank details or social security numbers. This means they have ample opportunity to note down sensitive data to either use for personal gain, or to pass onto others in exchange for money.

  1. Accidents can happen

On top of those malicious insiders looking to make a quick buck, there is also the damage that can be done as a result of human error. Accidental data breaches by employees were the number one cause of breaches in 2015, according to a PwC report. In much the same way as an unintentional data breach, when using Pause and Resume, an agent can put customers’ sensitive data at risk by mistakenly stopping the recording at the wrong time. This means that payment card data is captured on the call and stored on the recording or IT system, where a hacker or an opportunistic insider could gain access to it.

  1. Regulations add complexity

Most financial services organisations – including insurers – are required to record customers’ calls from start to finish. The main reason for this is to ensure compliance with the Financial Conduct Authority (FCA) regulations, which require full call recordings in the case of legal disputes between customers and financial firms. Pause and Resume solutions directly contradict this requirement, at the moment when the contact centre agent presses pause on the call recording, thereby making it incomplete and inadmissible as evidence in legal cases.

You can’t afford to compromise your data security

It’s true that your contact centre agents are one of your company’s biggest assets. They are the friendly, human voice of your organisation; answering questions, soothing stressed customers and often selling them things in the process. But if your company is relying on Pause and Resume to keep sensitive details safe in your contact centre, you are putting your valued customers at risk of fraud and theft; and your company at risk of significant financial and reputational damage.