In today's world, data breaches are all too common. With all the valuable customer information contact centers collect on a daily basis, it is no surprise that a medium-sized call center can get hit with over 1000 fraudulent calls a month.
According to Matt Lautz, President and CIO at CorvisaCloud:"Identity theft is something all contact centers need to be cognizant of, and it's absolutely essential to take the right steps to verify who they are talking to."
Considering how much the contact center environment has evolved over the past few years and the rise of the omnichannel, it's more important than ever to assess the strength of our security measures and protect our customer's information from any security risks.
If you’re wondering how to go about ensuring data security and privacy, here are three ways your call center can secure sensitive customer information.
1. Strengthen your Q&A security protocols
In recent years, global call center fraud has increased by more than 45 percent. This spike in attacks can be attributed to social engineering - the use of deception to manipulate individuals into divulging confidential information.
With that in mind, it's more important than ever to equip your agents with security questions that only the authorized customers can answer. Here are some tips you can implement in your call center improve your Q&A protocols.
Ask open-ended questions
Safeguard your customer's information by asking open-ended questions. For example, asking a caller "Do you have a savings or checking account?" narrows the chances of the caller guessing the right answer to 50 percent. Asking an open-ended question like "What type of account do you have with us?" leaves room for other possibilities without giving anything away.
Ask questions with answers that aren't on documents
Avoid information that fraudsters can discover. It's all too easy these days for sensitive information to fall into the wrong hands. Handbags can be stolen, documents can fall into the wrong hands, or household bills are thrown into the trash intact.
To safeguard against such events, implement questions that only the genuine customer can answer and something that doesn't appear on documents.
For example, "How long have you had this account?" is not something a fraudster would be able to glean from stolen documents or credit cards.
Upgrade your security levels with voice biometrics
Voice biometrics is another identity validation technique that looks promising. It is based on using the caller's unique voice print and claims to offer high levels of security. For the customer, it makes the identification process easier and reduces the time spent going through the verification process.
2. Use multiple layers of protection
With the sheer wealth of information housed in contact centers, it is easy to understand why they have become such lucrative targets for data mining and cross-channel attacks. However, many of the preventative authentication methods fail because they do not provide a layered defense system.
"You have to assume that if criminals can get through one layer of authentication, that they can get through two, they can even get through three. But if you have multiple layers, up to five, and you're continuously authenticating that user and continuously looking at their activities against their profile, you should be in pretty good shape," says Avivah Litan, Vice President of Gartner.
Besides encrypting a customer's information, it's also important to encrypt information sent between agents or to clients via email. By having layered security on emails and other customer information you can safeguard against the following:
- Ensuring the email cannot be intercepted
- Unauthorized access if the email is sent to the wrong person
- Unauthorized access from someone within the contact center
- A compromised employee using stolen credentials
With no single authentication method sufficient enough to keep fraudsters out, it's important to make sure your call center has a layered defense system. This way, even if a hacker breaches one or two layers, it becomes increasingly more difficult for them to circumvent the entire security system.
3. Enforce a strong password policy
According to the 2015 Trustwave Global Security Report, 28% of security breaches were the result of weak passwords. Call center managers who want to know how to ensure data security and privacy should start with passwords for internal systems, self-service portals and passwords for individual documents.
Educate your agents and customers on the value of using strong passwords and the risks of having an easily cracked password.
As a rule of thumb implement the following changes to ensure your passwords meet high-security standards:
- All personal computers, servers, firewalls, routers and other network devices should follow password complexity requirements and be changed every 90 days.
- All passwords must be rendered unreadable using strong encryption.
- When an employee leaves a company, passwords should be immediately changed to prevent unauthorized access.
These are just a few of the ways on how to ensure data security and privacy in your call center. By continually reviewing your security processes and being aware of what you are looking for, you can ensure your call center mitigates internal and external threats.
By applying these three security methods, you can help prevent your call center from becoming the next big security breach that makes headlines and avoid breaking that delicate balance of trust with your customers.