Card Details Over Phone

Is it safe & secure ?
Asking because I have to renew my contents insurance

Thanks

Yes

As long as you’ve made the call and know it’s the right number

1 Like

Technically? No it’s not.

In terms of standards like PCI-DSS? Yes I believe so.

There’s also the ‘secure’ phone call entry (is anything secure?..) where the process of payment reaches a stage where you are basically disconnected from the human company rep and put through to a robot which takes your card details, via you typing the numbers on your phone, then you are reconnected if the details are good. The human rep has absolutely no idea what the card details were.

And I have no idea what the robot does with them. It sounds secure, therefore it is. :robot::money_with_wings:

1 Like

If they’ve called you - risky, don’t do it.

If you’ve called them - you should be fine.

Bonus special answer - Ask “Can I renew through your website?” and if you can do it that way, you’ll be alright.

(Source: have renewed various insurances many times over many, many years; many times of which involved speaking to call centre staff before going online to finish the process. Most of the time if you log in to their site using your account details, you’ll be able to renew at the quoted rate or better. I only recall once where I had to renew on the phone because the website was no longer showing the discounted rate but the call centre staff promised they would apply it if I renewed through them (my fault, I was late that year).)

4 Likes

It’s secure from the point of view of the person at the other end as they can’t get your details, but it does nothing about the long unencrypted link from your phone to their call server (that goes through several phone companies and carriers and can be intercepted by dozens of different parties).

In my opinion the main risk isn’t the person at the end of the phone (there are logs and everything, so it would be very stupid/risky for that person to attempt anything) but in the path of the call, where an automated, scalable attack can be achieved remotely and where the attacker’s identity can never be traced (it would originate from a compromised device for example).

2 Likes

To be fair, if I repeated this to my elderly Mum, I’d receive one of the biggest - and longest - blank looks ever made on this planet.

The key is not to explain how it technically can be done, it is educating the masses how not to fall for it before tech even gets there. My elderly M doesn’t do computers or mobile/smart phones. But she does rely on landlines for comms and that is an issue - for both her and me - right there. Unless I answer every call to her number (and call-forwarding has been seriously considered), I have to rely on me constantly drumming the issue in to help avoid ‘issues’. No guarantees though, unfortunately.

2 Likes

Hmmm I dunno, someone might be listening, through the walls… or maybe your phone is tapped?

You need to use a throwaway phone and destroy it afterwards

Your question is far too vague again.

What are your concerns?
What do you determine to be “safe” and “secure”?
Why are you only asking this now? Have you never paid over the phone before?

1 Like