I've done security assessments of outsourcers providing this service before. One was mostly aligned with credit card companies, one was an company that offered this in conjunction with travel insurance. Interestingly, all agents in both cases were in the US. (It's possible some call QA was offshored, I don't recall in these instances but that's very common.)
In my review, the providers had little familiarity with the data security controls of the credit card industry (aka PCI). One was PCI certified, one was not but 'working on it'. The one that had been certified had somehow convinced their QSA (the PCI auditor) to not review the systems their agents used, only the core infrastructure.
The provider with home-based agents let their agents use their own computers to service callers, and it was quiet possible that the agent had never met anyone from the hiring company face-to-face.
Now, as a matter of course, probably only 1-3% of the calls actually required the agent take a credit card number (to order something for the customer). Most of the time the agents were just answering questions. Most of the agents would never see the caller's credit card number from the issuing bank.
From a information security point-of-view I wouldn't have any problem using the providers I reviewed (although, even as a frequent traveller, I've never had an occasion where it seemed like it would be useful), but I'd stop short of giving them my credit card number.
In my review, the providers had little familiarity with the data security controls of the credit card industry (aka PCI). One was PCI certified, one was not but 'working on it'. The one that had been certified had somehow convinced their QSA (the PCI auditor) to not review the systems their agents used, only the core infrastructure.
The provider with home-based agents let their agents use their own computers to service callers, and it was quiet possible that the agent had never met anyone from the hiring company face-to-face.
Now, as a matter of course, probably only 1-3% of the calls actually required the agent take a credit card number (to order something for the customer). Most of the time the agents were just answering questions. Most of the agents would never see the caller's credit card number from the issuing bank.
From a information security point-of-view I wouldn't have any problem using the providers I reviewed (although, even as a frequent traveller, I've never had an occasion where it seemed like it would be useful), but I'd stop short of giving them my credit card number.