em360tech image

Data breaches and cyber-attacks occur daily, so it is vital that organisations develop robust security practices. In the contact centre, for example, protecting customer data is absolutely key to avoiding financial and reputational damage.

Why is the contact centre so vulnerable?

The contact centre is a particularly attractive target for fraudsters and cyber criminals. Indeed, personally identifiable information, including credit and debit card numbers, sensitive authentication data, and social security numbers regularly flow through their IT environments. In order to gain insight into the state of data security in the contact centre, Semafone conducted an anonymous global survey of contact centre agents. Overall, the survey gathered over 500 responses from across multiple industries.

The state of the contact centre

Above all, the survey uncovered that a large number of contact centres continue to rely on outdated, risky practices. Indeed, over 70% of agents still require customers to read payment information aloud over the phone. This is despite the fact that available technologies allow for more secure data transmission. Moreover, a disconcerting number of agents admitted that company insiders and/or outsiders had approached them to obtain customer information. 30% of agents also admitted that they have access to customers' payment card information on file, even when they are not on the phone with the customer. Meanwhile, 9% said that they knew someone who had unlawfully accessed or shared customers' payment card information.

Employing workplace restrictions

79% of agents said that their organisation prohibited the use of mobile phones at work stations in order to protect customer data. 38% banned agents from having writing materials, while 31% barred personal items such as bags. However, just 28% required agents to pass through a security scanner or checkpoint when entering or leaving. Moreover, a mere 26% of agents worked in "clean rooms", which forbid personal items and recording devices of any kind. With a turnover rate of over 20% for agents in the UK, retaining employees is already a huge challenge for contact centres. Indeed, the aforementioned Draconian methods might control the actions of employees but they can also negatively impact morale. In fact, Semafone observes that these techniques can raise operational costs and lead to increased staff turnover. Regardless of workplace restrictions, sensitive customer data still enters various CRM systems and desktop applications.

Protecting customer data

While it is impossible to predict and prevent every breach, Semafone insists that there are a number of steps contact centres can take to reduce risk. This includes treating all data as toxic, properly educating and vetting employees, and implementing an incident management policy. In addition to this, it is integral to fight social engineering with tokenisation, which replaces data with meaningless equivalent. In effect, if a breach is successful, the available data will be of zero value to the cybercriminal. It is also important to enforce the principle of least privilege on computer systems, providing employees with the minimum required level of access. Finally, it is important to authenticate the user to authenticate the agent — until the agent identifies the caller, access to detailed PII is denied.

De-scope the contact centre

Although incident management plans and employee training sessions are useful, they only go so far. When it comes to protecting customer data, it is thus necessary to remove sensitive data from the contact centre environment completely. Using dual-tone multi-frequency (DTMF) masking technology is one of the most effective ways for contact centres to de-scope their environment. In fact, these technologies allow customers to enter payment card information and other PII directly into the telephone keypad. DTMF tones are also masked with flat tones, so third parties are unable to decipher the numbers. The agent can also remain in full conversation with the customer throughout the call, assisting with any issues and completing wrap-up tasks. This therefore enhances the customer experience, improves the first contact resolution, and reduces the average handling time. By implementing these techniques, customer data remains absolutely secure.