May 22, 2023
Contact centers handle a large volume of sensitive customer data making them a prime target for criminals. To prevent risks of data breaches and identity theft, it is important to assess the strength of the security measures and constantly upgrade them with time.
Just as businesses prioritize customer appreciation ideas to acknowledge loyal customers, they should also emphasize the safety of confidential customer data to retain their existing customer base. If customers feel their data is not safe with a brand, they will avoid doing business with it. Therefore, they must invest in training agents and place strict security protocols to minimize the risk.
Contact centre security – A rising concern
The recent decline in the popularity of walk-in stores due to the great pandemic has led to an increased contact centre security risk. Although it is possible to protect websites and social media platforms with enhanced security measures like two-factor authentication, it is not the same with contact centres. For this reason, fraudsters are constantly targeting this channel to impersonate victims and gain access to their accounts.
Account takeover (ATO) is rising at an alarming rate. The main reason is the technological innovations that are making it simpler for cyber criminals to overpower and steal data. Even though they can hack important customer accounts through websites, they find it much easier to fool contact centre agents. They rely on psychological manipulation to dodge security measures put in place by humans. Therefore, there is an urgent need to upgrade contact centre security to outsmart them.
Security questions for contact centres
The Data Protection Act compels businesses to take the necessary actions to verify callers before proceeding. They must have proper strategies to protect themselves from fraudsters pretending to be customers. Moreover, organizations are also bound by this act to manage customers’ information with utmost care.
The exact questions asked during security checks vary across businesses and industries. However, the basic questions are the same. Usually, a three-question check verifies a caller. Let us have a look at these three fundamental security questions to ensure no confidential information is at stake.
The first question is usually a complaint reference number, account number, contract number, or telephone number depending on the type of business the contact centre is managing.
The second question is always the full name of the caller.
The third question also varies according to the business of the contact centre. The most common ones are the date of birth, last payment date, alternative contact number, the address associated with the account, postcode, and many others.
Useful tips to strengthen security protocols
Here are some tips to strengthen security measures at contact centres.
Ask unique questions
Avoid questions that have their answers printed on documents that criminals can easily get their hands on like utility bills, social security cards, and driver’s licenses. Use questions that only the real customer can answer. For instance, “How old is your account?” “When did you sign up for the service?” and so on.
Most contact centres identify the callers but do not authenticate them. They only ask for general information on a call like an email, phone number, or home address. When businesses do not let people log into a website with this basic information then why do they allow it over the phone? This needs to stop. Businesses must use upgraded systems to protect sensitive information like one-time passcode (OTP) through email or text, pin codes, callback methods, and service codes.
Enforce strong passwords
Weak passwords are one of the main causes of security breaches. Not only customers, but agents also need to use strong passwords for self-service portals, internal systems, and even individual accounts. Managers must educate them on the risks associated with passwords that criminals can easily guess. To make sure that passwords meet high-security standards, here is what contact centres must do.
- Encrypt all passwords
- Change them after every 90 days
- Make it compulsory to set up complex passwords for servers, computers, firewalls, routers, and all other devices
- Immediately change the password when an agent leaves to prevent unauthorized access
Staying resilient for accelerated growth
There is no use of security questions if a caller is unable to give the correct answers, but the agent continues to ask more. Giving them the benefit of the doubt can harm the business. There should be a limit to the number of questions. Agents must be trained to refuse a caller who is not able to give the right information. For example, if a customer calls a shipping company to change the shipping address, and they tell him/her to do it online, it is not such a big issue. Similarly, if a caller contacts a bank’s helpline and does not answer the questions correctly, it is okay to ask him to visit the branch for proper verification.