It’s a conundrum. How can businesses improve customer experience by providing a fast and effortless customer journey, while maintaining security at every contact point?
In this digital world, it’s important that businesses and organisations make it easy for customers to purchase or pay accounts. Yet with the increasing incidence of fraud, customers are understandably wary of handing over credit card details or other forms of identification over the phone, or online.
With the amount of sensitive data held, like credit card numbers, driver’s licence numbers, logins, passport numbers and other personally identifiable information (PII); contact centres are being increasingly targeted by hackers and fraudsters looking for information they can use or sell.
The dark web has become a place for sensitive data to be traded, with an online payment services login (like Paypal) fetching between USD$20-$200, while a credit card number with a CVV can sell for as much as USD$110.
How is Contact Centre security breached?
There are numerous reasons for security breaches. Here are four common ones.
Outdated operational procedures
The most common breach reason lies within the contact centre itself, as many still use outdated, risky practices for capturing, processing and storing sensitive data. A large percentage of contact centres still require customers to read their information aloud – exposing sensitive data to the customer service representative (CSR), call recordings, and even nearby eavesdroppers.
Although most people are well aware of the dangers that can lurk within emails, and have security software in place to scan and remove susceptible attachments, fraudsters are constantly inventing new ways to avoid detection. Even the most cautious employee could accidentally expose sensitive customer data, especially if the PII resides within the contact centre environment. If the CSR clicks on a link or opens an email attachment thinking it is from a legitimate source, they could unwittingly unleash a virus that spreads across the IT network, stealing customer data and potentially landing the company with fines and reputation damage for a major breach.
It is possible for anyone with the knowledge or access to a company’s computers to discreetly install a Remote Access Trojan, or “RAT”, into a computer and provide access to a remotely located hacker.
An ICMI post discusses a “cleaning crew” fraud operation experienced in contact centres. Cleaning staff or contractors plug tiny USB sticks containing key logging software and a Wi-Fi transmitter into several computers. The software captures detailed information on customer transactions, including card numbers, and becomes available to the cleaner when he/she collects the unnoticed USBs the following week.
The instance of unscrupulous people using stolen cards or PII to purchase goods or services fraudulently is on the rise. They call contact centres to make payments, or to receive services or payments they’re not legally entitled to. This could be travel, health or utility services, insurance payouts, credit card activations, bank account transfers and government benefits. An analysis of half a billion calls revealed that call centre fraud increased 113% from 2015 to 2016.
Three ways to reduce contact centre fraud
Here are three ways to increase security and reduce fraud, without compromising on the quality of customer experience you deliver.
1. Stop asking customers to share sensitive data with your team
There is no need for customers to read out their card information to a contact centre staff member when you use dual-tone multi-frequency (DTMF) masking technology. This allows customers to enter their card information directly into their phone keypad. The technology replaces DTMF tones with flat tones, shielding the data from CSRs and call recording systems.
The CSR remains on the line in communication with the caller to assist them with the payment, as the credit card data is sent straight to a PCI DSS-compliant payment gateway like MerchantSuite. Our integrated MerchantSuite and Premier Contact Point solution helps contact centres to process card payments in a PCI DSS Level 1-compliant manner.
As a Level 1 PCI DSS provider, Premier Technologies provides a suite of receivables solutions and payment processing services for a diverse range of organisations including retail, financial institutions, government agencies and utilities around the world.
2. Provide the ability to make payments via smartphone
In our article 6 Ways Contact Centres Can Create WOW Customer Experiences, we provided a case study on the use of Premier Contact Point to make it easy for callers to make payments on their smartphone while connected to your CSR.
While the customer is talking to your CSR, the CSR sends a link to a secure payment portal via text message or email to their phone, where the customer simply taps the link and makes a secure payment. All your team member sees is a notification on their computer when the payment has been completed successfully.
3. Use voice biometrics
Financial institutions and contact centres are increasingly using voice biometrics to beef up authentication and eliminate customer fraud. Our voiceprints are unique based on nasal passage, vocal track and the speed and pitch with which we speak. Read our article Voice Biometrics Makes Authentication a Whole Lot Easier to see how voice biometrics is being utilised by financial institutions.
Secure contact centre payments is crucial for every size business, not just the big ones
It doesn’t matter whether you have a customer service team of five answering the phones, or a contact centre of 200 CSRs. You need to actively eliminate all possibility for internal and external fraud by using technologies that keep PII out of your contact centre and IT environments.
Receiving sensitive data over the phone and storing it within your IT system, is putting your customers and your business at risk.
Our integrated Premier Contact Point and MerchantSuite PCI DSS-compliant solutions eliminate that risk.