Recent research by AKJ Associates found that of 500 UK adults, 76 per cent were concerned about the security of data in a call centre.
Of those surveyed, 35.8 per cent said that they were ‘very concerned’ about how personal and credit card information might be protected at call centres from hackers and rogue staff.
The research apparently came in the wake of warnings from security researchers that fraudsters are preying on contact centres, using social engineering techniques to convince call centre staff into handing over information that could lead to account hijacking and illegal access to funds.
I recently had the pleasure to meet Nick Hills, vice president of technology at Cognia, who talked about how PCI data security standards had been enabled by call centres to achieve compliance. He said that there was a determination by the centres to better search meta data while securing the data.
He said: “Customers ask what we can provide, as one key problem is that they have a challenge in delivery as they take information down on the phone. It is forbidden to read the security CVV code on a credit card, but the more ‘switched on’ call centre will have a voice detection switch on/off function, but we find agents who know the input pattern and are several steps ahead.
“These centres have an issue either with not meeting compliance objectives, or they were not meeting PCI standards.”
So what is the solution? Hills said that now, in some instances rather than reading the credit card number out, the caller uses their phone keypad so the agent is not party to it, and this helped reduce the number of controls from 350 to 20.
“Call centre have a high staff turnover and some may take down numbers and sell it, with our solution this removes this threat. The PCI standard is on following best practise and getting controls in place and the three digit number is not permitted to be stored at all, while the 16 digit number is held on a secure server.”
Hills said that analytics do play a part, as they can look for key phrases and words, but as a lot of call centres employ compliance offers whose job is to enforce that there is no mis-selling or “rudeness”, he wondered if their time could be applied to the security of the data too. “The better experience there is, the better the users are treated,” he said.
“Any business in the UK has data protection requirements, and the move is to be more relevant about data protection and about being responsible, and steering that to credit card and personal information. People are becoming aware about what they disclose to others and the banks are now doing better at spotting instances and people are educated on hacking, but at the same time the attacker is getting clever on this too.”
Moving on to version three of the PCI data security standard, he said that call centres are aware of the changes as they do their assessments year on year, while version three insists that monitoring is done continually.
“Our solution allows businesses to get away without a central store of data, and we are now at a stage where customers want to integrate our solution into their own offering and with an interest in Big Data, it can be delivered as management reports to provide better insight into what is going on”, he said.
I am sure security is a concern for call centres, especially with high staff turnover and the ease of bribing workers to turn over data to those with malicious intent. Technology can help prevent this, and Cognia’s cloud-hosted solution does offer some promise, but surely there is a capability wi
th monitoring and education here?