Seven ways call centre managers can fraud-proof their business
In 2015, AT&T was forced to pay a fine of 25 million dollars because of lax security in overseas call centres. US regulators charged the company after it was found that employees at the contact centres provided and sold personal data to stolen mobile phone traffickers, who used the information to satisfy “unlock” request requirements, allowing them to sell the devices in secondary markets. The breach potentially exposed around 280,000 AT&T customers to identity theft.
This is just one instance, but it shows the importance of keeping information in call centres secure. While malware used to be the go-to tactic to steal from people online, scammers and criminals have learned to use low-tech means by targeting call centres. Even honest call centre agents are vulnerable, as they are trained to make transactions easy, and therefore can be tricked into providing sensitive data to people who shouldn’t have it.
For effective fraud prevention, call centre heads must find and maintain the balance between customer-friendly transactions and data-protection policies. Here are seven suggestions that you can do to protect your call centre operation.
1. Bolster your site security
The first thing people usually do to get in touch with a firm is to find their website. Once they find the website, they then proceed to do their transactions there. If it’s an online banking portal, they log in using their username and password. If it’s a customer support portal, they can send emails to customer service or use chat support to talk to a customer service agent, and may have to provide their email, contact number or home address. Either way, at some point, they will probably provide sensitive information about themselves.
But if the site is compromised in some way - maybe someone somehow penetrated it and accessed the databank where all the information is stored - or if a duplicate fake site is put up to hoard people’s information, it’s a huge problem. That’s why if you have a customer portal, it’s best to make sure your page has an SSL certificate. It ensures an encrypted internet connection between the browser and the site, and it gives visitors additional confidence in the site’s authenticity.
2. Never skip background checks
Checking the resume of call centre agents is just the first step. Competence and trustworthiness can only be accurately assessed from multiple angles. Call centre agents must be able to engage customers, but they must also be able to enforce security checks during the transaction, and that’s not easy to do with irate callers. That’s why you want to find people who can do the job well and can be trusted with information. This will take good selection. If the account you need to service requires handling of especially sensitive information, you’ll want to conduct a call centre interview, online background checks, and reference checks to determine if the candidate has good experience and character. Maybe you urgently need manpower, so you’d want to make the hiring process faster by skipping the background and competence checks. But if your anti-fraud strategy depends on hiring trustworthy talents, you’ve got to resist the temptation to compromise stringency in favor of increased manpower fulfillment.
3. Consider voice print analysis
One of the biggest problems with call centre transactions is the security questions that agents ask. Prior to processing a transaction, an agent will typically ask a caller for details such as their home address or their telephone number to confirm their identity. However, information like that can potentially be searched online, so it’s possible for a lot of criminals to overcome this security barrier. If your company holds personal information that could be used to quickly access customers’ assets, consider getting voiceprint authentication technology.
These are software packages and services that allow voiceprints to be analysed in real-time. A caller whose voice is linked to past fraud incidents will be tagged as suspicious. This can alert the receiving agent to ask more stringent security questions and, most probably, deny imposters the access they want. Voice ID technology can also theoretically identify legitimate customers’ voices based on pitch, dialect, and speaking style. But since this technology can be expensive, it’s an investment that usually requires careful deliberation.
4. Separate transaction processing from record updating
The case with AT&T demonstrates that fraud can happen because of temptation. The call centre agents who colluded with the criminals were able to sell the information because they had access to it. Power corrupts, and in this case, power came from access. So to prevent your call centre employees from being tempted, you may consider separating their transaction processing function from their record maintenance function. Technology can help in this case: you can contract an IT security team to set up a system wherein callers can be directed to a record-update portal where they can be in charge of updating their own account. That way, call centre agents will not have any knowledge of customer information, preventing the possibility of agent-aided or agent-committed fraud.
5. Go out-of-band
Another layer of security you can add is out-of-band authentication. Basically, that means using other channels aside from the call centre voice channel to verify whether a transaction is legitimate. When a call centre agent encounters a caller who wants to make a transaction on a certain account, the owner of the account is notified of this transaction through his mobile phone. A customer needs to enter a code sent to his or her mobile to proceed with the desired transaction. This kind of authentication is prevalent among ecommerce service providers, banks, and even social media sites like Facebook. It’s effective because few fraudsters have the know how to defeat it, and doing that usually requires considerable time and resources, meaning they usually give up when faced with this challenge.
6. Guide and inform your agents
Having competent and trustworthy employees is one thing, but making sure they have the right tools in hand to work for you is another. It’s been found that employees who fall for fraud tactics such as social engineering, wherein imposters manipulate an agent into changing or sharing account access details, are vulnerable because of insufficient training. Therefore, it’s not enough for your top management to know the latest trends in call centre fraud, you’ve got to cascade that down to the customer-facing agents too. The rationale behind security policies must be made clear, especially if the policies necessarily make your processing agents’ work harder. The more they understand the importance of security policies, the more they’ll comply. Reinforcement of positive norms like these policies will help encourage a strong company culture against fraud.
7. Do regular (and surprise) audits
Another important aspect of security in a call centre company is auditing. Plenty of companies don’t know how to spot an employee committing fraud or compromising customer information because they never look. They tend to get so concerned with performance measures like call handle times, agent schedule adherence, call resolution rates, and so on, that they forget to look at measures related to customer information security. If you don’t want to be one of those outfits, consider looking at your agents’ calls through the lens of customer security.
Did they execute security challenges properly? Did they transmit account information through unsecure channels? Did they copy any data on a personal device or databank? You have to make sure all your agents know the company’s ethical standards and information security policies, so that in case someone is found to deviate from them, whether through negligence or malicious intent, you’ll have grounds to issue a sanction.
The incidence and impact of call centre fraud is too serious to ignore. In a recent report, anti-call centre fraud company Pindrop stated that in 2015, enterprises lost an average of $0.65 per call, which translates to possible losses from $17 million to $27 million for a company that handles 40 million calls annually. Credit unions and life insurance companies risked losing around $30 million each because of call centre fraud. The problem isn’t isolated to the US, but is occurring globally. Call centres must quickly realise that access to someone’s information is as good as access to his money. To prevent fraud in contact centres, you’ve got to ensure security on both ends of the line.