Outdated Call Center Practices Increase Security Risks

Call centers are more outdated than one would expect, which often leaves customer data exposed and vulnerable to fraudulent activity due to outdated security practices create vulnerabilities. More thanr 500 agents worldwide were surveyed by Semafone, unfortunately showing a complete disregard for customers’ sensitive information.

Among the outdated practices still utilized by contact centers, is requiring customers to read SSN and credit card numbers aloud. Despite the availability of secure voice transaction and other secure data input methods, 72 percent still collect data verbally.

Adding to the security risk, 30 percent of call center agents reported having access to customer payment information and SSN post-phone call. With the private information always readily available, anyone would be able to access and abuse customer information. Agents are watching this happen, from insiders and outsiders, but admittedly do nothing to stop it, according to 42 percent of respondents.

Fortunately, the rate of internal abuse is relatively low. Seven percent of agents say an insider has asked for private card information, and nine percent know an agent who has illegally accessed or shared a customer’s card info. Despite low percentages, one successful breach could cost an individual organization roughly $3.62 million in damages, or more.

“Our survey confirmed many contact centers are still using inadequate practices when capturing, processing and storing payment card data and other personally identifiable information (PII). When a single data breach can cost a company millions of dollars, traditional security controls like clean rooms and check points are not enough. The only way to truly protect sensitive data is to remove it from the business infrastructure completely,” said Tim Critchley, Semafone CEO.

Semafone has some security advice for call centers to protect customer’s private data. First, companies need to remove contact center agents from the PCI (News - Alert) DSS compliance equation. By adopting dual-tone multi-frequency (DTMF) masking technologies, this is possible. It will allow customers to enter private information via telephone keypads and cannot be captured on recording or deciphered.

While still retaining the value of live agent interactions, increased security measures ensure the customer experience is enhanced along with safety and privacy. Data is immediately sent to the proper channel for processing, cutting out the call center’s infrastructure. Safety check=yes.

Do your call center agents have access to customer data?

Edited by Erik Linask